diff --git a/modules/nixos/services/authentik/default.nix b/modules/nixos/services/authentik/default.nix
index ec0770b..e6e9ef5 100644
--- a/modules/nixos/services/authentik/default.nix
+++ b/modules/nixos/services/authentik/default.nix
@@ -43,5 +43,31 @@ in
       enable = mkDefault true;
       port = mkDefault 6379;
     };
+
+    virtualisation.oci-containers.containers.authentik_rac = {
+      autoStart = true;
+      image = "ghcr.io/goauthentik/rac";
+      ports = [ "4822:4822" ];
+      volumes = [
+        "/media/nas/main/nix-app-data/authenic-rac:/media"
+      ];
+      # environmentFiles = [
+      #   "/media/nas/main/nix-app-data/lubelogger/lubelogger.env"
+      # ];
+      environment = {
+        AUTHENTIK_HOST = "https://authentik.mjallen.dev";
+        AUTHENTIK_TOKEN =  "0XGkB2pXoOTqcCMAjucAtfamvlsIZCPmy1Zri54Ozjj3zzMCvcLwkQPrukfx";
+        AUTHENTIK_INSECURE = "false";  # Set to true for self-signed certs
+        PUID = toString config.users.users.nix-apps.uid;
+        PGID = toString config.users.groups.jallen-nas.gid;
+        TZ = "America/Chicago";
+      };
+    };
+
+    # Open firewall for lubelogger if enabled
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ 4822 ];
+      allowedUDPPorts = [ 4822 ];
+    };
   };
 }