diff --git a/nixos/mirai/services.nix b/nixos/mirai/services.nix
index 5625f183..b658c4cf 100644
--- a/nixos/mirai/services.nix
+++ b/nixos/mirai/services.nix
@@ -69,6 +69,18 @@
                 domain = "darksailor.dev";
                 policy = "one_factor";
               }
+              {
+                domain = "music.darksailor.dev";
+                policy = "one_factor";
+              }
+              {
+                domain = "music.darksailor.dev";
+                policy = "bypass";
+                resources = [
+                  "^/rest([/?].*)?$"
+                  "^/share([/?].*)?$"
+                ];
+              }
             ];
           };
           storage = {
@@ -125,6 +137,8 @@
       enable = true;
       settings = {
         MusicFolder = "/media/music";
+        ReverseProxyUserHeader = "Remote-User";
+        ReverseProxyWhitelist = "127.0.0.1/32";
       };
     };
     atuin = {
@@ -168,6 +182,10 @@
     caddy = {
       enable = true;
       virtualHosts."music.darksailor.dev".extraConfig = ''
+        forward_auth localhost:5555 {
+            uri /api/authz/forward-auth
+            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+        }
         reverse_proxy localhost:4533
       '';
       virtualHosts."atuin.darksailor.dev".extraConfig = ''