diff --git a/modules/nixos/services/caddy/default.nix b/modules/nixos/services/caddy/default.nix
index de11575..2cc7ad2 100644
--- a/modules/nixos/services/caddy/default.nix
+++ b/modules/nixos/services/caddy/default.nix
@@ -35,6 +35,10 @@ let
           http_port 80
           https_port 443
           default_bind 0.0.0.0
+
+          servers {
+            trusted_proxies 10.0.1.0/8 10.1.1.0/12
+          }
         '';
         virtualHosts = {
           "*.mjallen.dev" = {
@@ -47,6 +51,27 @@ let
               handle @hass {
                 reverse_proxy http://nuc-nixos.local:8123
               }
+              
+              handle {
+                respond "Forbidden" 403
+              }
+            '';
+          };
+
+          "sonarr.mjallen.dev" = {
+            extraConfig = ''
+                @sonarr {
+                  remote_ip 10.0.1.0/24 10.1.1.0/16
+                  host sonarr.mjallen.dev
+                }
+
+                handle @sonarr {
+                  reverse_proxy 10.0.1.3:8989
+                }
+
+                handle {
+                  respond "Forbidden" 403
+                }
             '';
           };
         };