diff --git a/config/services/chir.rs/auth.nix b/config/services/chir.rs/auth.nix
index 9a6b8617..533d10eb 100644
--- a/config/services/chir.rs/auth.nix
+++ b/config/services/chir.rs/auth.nix
@@ -18,9 +18,9 @@
           }
 
     in  BaseConfig::{
-        , database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs",
+        , database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs"
         , listen_addr = "[::1]:7954"
-        , redis_url = "redis://localhost:53538/0"
+        , redis_url = "redis://${d}{password}@nixos-8gb-fsn1-1.int.chir.rs:53538/0"
         }
   '';
 in {
@@ -60,8 +60,11 @@ in {
     }
   ];
   services.redis.servers."auth_chir_rs" = {
-    enable = true;
+    enable = config.networking.hostName == "nixos-8gb-fsn1-1";
     port = 53538;
     save = [];
+    requirePassFile = config.sops.secrets."services/chir-rs/auth/password".path;
+    user = "auth_chir_rs";
   };
+  networking.firewall.interfaces."wg0".allowedTCPPorts = [53538];
 }
diff --git a/flake.lock b/flake.lock
index 6b6870e7..ac05e469 100644
--- a/flake.lock
+++ b/flake.lock
@@ -56,11 +56,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1673620617,
-        "narHash": "sha256-O52S5V1/T2DYeVS3+oWohpX45p1Cosd2azXkigZ9jP8=",
+        "lastModified": 1673690903,
+        "narHash": "sha256-tBeEIbm7XK2ce4/H6zwSo5dasussj6yraaQ7c3jp7DY=",
         "owner": "DarkKirb",
         "repo": "chir.rs",
-        "rev": "f921629e7dc7299788a3f99943e069ffa545e529",
+        "rev": "e3a2e5779044e18cc67707bac3b2d91de912e187",
         "type": "github"
       },
       "original": {