diff --git a/.secrets-baseline b/.secrets-baseline
index 555a136..fc5e209 100644
--- a/.secrets-baseline
+++ b/.secrets-baseline
@@ -132,7 +132,7 @@
         "filename": "core/authelia.yml",
         "hashed_secret": "a32b08d97b1615dc27f58b6b17f67624c04e2c4f",
         "is_verified": false,
-        "line_number": 185,
+        "line_number": 191,
         "is_secret": false
       }
     ],
@@ -187,5 +187,5 @@
       }
     ]
   },
-  "generated_at": "2023-08-24T20:00:24Z"
+  "generated_at": "2024-01-08T22:56:56Z"
 }
diff --git a/core/authelia.yml b/core/authelia.yml
index aacb45e..4e693aa 100644
--- a/core/authelia.yml
+++ b/core/authelia.yml
@@ -151,6 +151,12 @@ access_control:
       networks: 192.168.5.0/24
 
   rules:
+    # Bypass auth for Sonarr API since that has it's own authentication
+    - domain: 'sonarr.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
+      policy: bypass
+      resources:
+        - '^/api([/?].*)?$'
+
     ## Rules applied to everyone
     - domain: '*.{{ with nomadVar "nomad/jobs" }}{{ .base_hostname }}{{ end }}'
       networks:
diff --git a/services/sonarr.tf b/services/sonarr.tf
index 0c21215..5363f0b 100644
--- a/services/sonarr.tf
+++ b/services/sonarr.tf
@@ -7,6 +7,9 @@ module "sonarr" {
   ingress      = true
   service_port = 8989
   use_wesher   = var.use_wesher
+  ingress_middlewares = [
+    "authelia@nomad"
+  ]
 
   env = {
     PGID = 100