diff --git a/hosts/nuc/modules/indexing/sonarr.nix b/hosts/nuc/modules/indexing/sonarr.nix
index 6c3f404..ebc3e5d 100644
--- a/hosts/nuc/modules/indexing/sonarr.nix
+++ b/hosts/nuc/modules/indexing/sonarr.nix
@@ -7,17 +7,6 @@ in
     enable = true;
   };
   services.caddy.virtualHosts."${domain}".extraConfig = ''
-    # for some reason this only works with http and not with https so we send every request through our wireguard tunnel
-    reverse_proxy /outpost.goauthentik.io/* http://nuc.vpn.rfive.de:9000 
-
-    # forward authentication to authentik
-    @NoAccess not path /api*
-    forward_auth @NoAccess http://nuc.vpn.rfive.de:9000 {
-      uri /outpost.goauthentik.io/auth/caddy
-
-      # capitalization of the headers is important, otherwise they will be empty
-      copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version
-    }
     reverse_proxy 127.0.0.1:${toString config.services.sonarr.settings.server.port}
   '';
 }
diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix
index a34a0f3..8985361 100644
--- a/hosts/nuc/modules/networks/default.nix
+++ b/hosts/nuc/modules/networks/default.nix
@@ -15,7 +15,6 @@
     enableIPv6 = true;
     nftables.enable = true;
     firewall = {
-      trustedInterfaces = [ "podman0" ];
       extraInputRules = ''
         ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
       '';