diff --git a/docker-compose/munin/docker-compose.yml.j2 b/docker-compose/munin/docker-compose.yml.j2
index 530bc705..41fc33e7 100644
--- a/docker-compose/munin/docker-compose.yml.j2
+++ b/docker-compose/munin/docker-compose.yml.j2
@@ -36,6 +36,18 @@ services:
     labels:
       - com.centurylinklabs.watchtower.enable=true
 
+      - traefik.http.middlewares.authelia.forwardauth.address=http://authelia-app:9091/api/authz/forward-auth?authelia-url=http://auth.mgrote.net
+      - traefik.http.middlewares.authelia.forwardauth.trustForwardHeader=true
+      - traefik.http.middlewares.authelia.forwardauth.authResponseHeaders=Remote-User,Remote-Groups,Remote-Name,Remote-Email
+
+      - traefik.enable=true
+      - traefik.http.routers.authelia.rule=Host(`auth.mgrote.net`)
+      - traefik.http.routers.authelia.tls=true
+      - traefik.http.routers.authelia.tls.certresolver=resolver_letsencrypt
+      - traefik.http.routers.authelia.entrypoints=entry_https
+      - traefik.http.services.authelia.loadbalancer.server.port=9091
+
+
 volumes:
   db:
   logs:
diff --git a/host_vars/docker10.grote.lan.yml b/host_vars/docker10.grote.lan.yml
index 4a96386a..50d07df8 100644
--- a/host_vars/docker10.grote.lan.yml
+++ b/host_vars/docker10.grote.lan.yml
@@ -78,10 +78,10 @@
     - name: blocky
       state: present
     - name: lldap
-      state: present
+      state: absent
       network: traefik
     - name: authelia
-      state: present
+      state: absent
       network: nw_aaa
   #### mgrote.set_permissions
   dir_permissions:
diff --git a/keepass_db.kdbx b/keepass_db.kdbx
index 1d652f7f..b7c2aac7 100644
Binary files a/keepass_db.kdbx and b/keepass_db.kdbx differ