diff --git a/nixos/viridian/services/traefik/middleware.nix b/nixos/viridian/services/traefik/middleware.nix
index 99c2010..62479e0 100644
--- a/nixos/viridian/services/traefik/middleware.nix
+++ b/nixos/viridian/services/traefik/middleware.nix
@@ -3,10 +3,17 @@
 {
   # Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service
   services.traefik.dynamicConfigOptions.http.middlewares = {
+    # Restrict access to admin devices only
+    admin.ipwhitelist.sourcerange = [
+      "127.0.0.1/32"    # localhost
+      "192.168.1.101"   # fuchsia
+      "10.100.0.2"      # Pixel 6 Pro
+    ];
     # Restrict access to internal networks
     internal.ipwhitelist.sourcerange = [
       "127.0.0.1/32"    # localhost
       "192.168.1.1/24"  # lan
+      "10.100.0.0/24"   # wireguard clients
     ];
     # Restrict access based on geo-location
     geoblock.plugin.geoblock = {
diff --git a/nixos/viridian/services/traefik/routers.nix b/nixos/viridian/services/traefik/routers.nix
index 44242ac..9848607 100644
--- a/nixos/viridian/services/traefik/routers.nix
+++ b/nixos/viridian/services/traefik/routers.nix
@@ -14,12 +14,12 @@
     };
 
     microbin = {
-      rule = "Host(`bin.sajenim.dev`)";
+      rule = "Host(`bin.kanto.dev`)";
       entryPoints = [
         "websecure"
       ];
       middlewares = [
-        "geoblock"
+        "internal"
       ];
       service = "microbin";
     };
@@ -30,7 +30,7 @@
         "websecure"
       ];
       middlewares = [ 
-        "internal"
+        "admin"
       ];
       service = "homarr";
     };
@@ -41,7 +41,7 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "api@internal";
     };
@@ -52,7 +52,7 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "adguard-home";
     };
@@ -63,7 +63,7 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "home-assistant";
     };
@@ -85,7 +85,7 @@
         "websecure"
       ];
       middlewares = [
-        "geoblock"
+        "internal"
       ];
       service = "jellyfin";
     };
@@ -96,7 +96,7 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "sonarr";
     };
@@ -107,7 +107,7 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "radarr";
     };
@@ -118,7 +118,7 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "lidarr";
     };
@@ -129,7 +129,7 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "prowlarr";
     };
@@ -140,13 +140,13 @@
         "websecure"
       ];
       middlewares = [
-        "internal"
+        "admin"
       ];
       service = "qbittorrent";
     };
 
     jellyseerr = {
-      rule ="Host(`jellyseerr.kanto.dev`)";
+      rule ="Host(`js.kanto.dev`)";
       entryPoints = [
         "websecure"
       ];