diff --git a/nixos/viridian/containers/lidarr.nix b/nixos/viridian/containers/lidarr.nix
index 2528d5b..f38b396 100644
--- a/nixos/viridian/containers/lidarr.nix
+++ b/nixos/viridian/containers/lidarr.nix
@@ -34,7 +34,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "lidarr";
     };
diff --git a/nixos/viridian/containers/prowlarr.nix b/nixos/viridian/containers/prowlarr.nix
index 3f70ab3..25474ec 100644
--- a/nixos/viridian/containers/prowlarr.nix
+++ b/nixos/viridian/containers/prowlarr.nix
@@ -31,7 +31,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "prowlarr";
     };
diff --git a/nixos/viridian/containers/qbittorrent.nix b/nixos/viridian/containers/qbittorrent.nix
index 432a565..39b439b 100644
--- a/nixos/viridian/containers/qbittorrent.nix
+++ b/nixos/viridian/containers/qbittorrent.nix
@@ -34,7 +34,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "qbittorrent";
     };
diff --git a/nixos/viridian/containers/radarr.nix b/nixos/viridian/containers/radarr.nix
index c4a6a49..62dbf84 100644
--- a/nixos/viridian/containers/radarr.nix
+++ b/nixos/viridian/containers/radarr.nix
@@ -33,7 +33,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "radarr";
     };
diff --git a/nixos/viridian/containers/sonarr.nix b/nixos/viridian/containers/sonarr.nix
index d6109b8..1ae52a7 100644
--- a/nixos/viridian/containers/sonarr.nix
+++ b/nixos/viridian/containers/sonarr.nix
@@ -34,7 +34,7 @@ in
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "sonarr";
     };
diff --git a/nixos/viridian/services/grafana.nix b/nixos/viridian/services/grafana.nix
index 44a8030..2e74e7e 100644
--- a/nixos/viridian/services/grafana.nix
+++ b/nixos/viridian/services/grafana.nix
@@ -41,7 +41,7 @@
         "websecure"
       ];
       middlewares = [
-        "admin"
+        "internal"
       ];
       service = "grafana";
     };
diff --git a/nixos/viridian/services/traefik/middlewares.nix b/nixos/viridian/services/traefik/middlewares.nix
index bc8fdd4..d523f42 100644
--- a/nixos/viridian/services/traefik/middlewares.nix
+++ b/nixos/viridian/services/traefik/middlewares.nix
@@ -10,18 +10,10 @@
 
   # Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service
   services.traefik.dynamicConfigOptions.http.middlewares = {
-    # Restrict access to admin devices only
-    admin.ipwhitelist.sourcerange = [
-      "127.0.0.1/32"    # localhost
-      "192.168.1.101"   # fuchsia
-      "10.100.0.2"      # Pixel 6 Pro
-    ];
-
     # Restrict access to internal networks
     internal.ipwhitelist.sourcerange = [
       "127.0.0.1/32"    # localhost
-      "192.168.1.1/24"  # lan
-      "10.100.0.0/24"   # wireguard clients
+      "192.168.20.1/24" # lan
     ];
 
     # Restrict access based on geo-location