diff --git a/lotus-land-story/paperless-ngx.yml b/lotus-land-story/paperless-ngx.yml
index a85dbd0..41491e0 100644
--- a/lotus-land-story/paperless-ngx.yml
+++ b/lotus-land-story/paperless-ngx.yml
@@ -43,7 +43,7 @@
           PAPERLESS_TASK_WORKERS: "1"
           PAPERLESS_THREADS_PER_WORKER: "1"
           PAPERLESS_TIME_ZONE: America/Los_Angeles
-          PAPERLESS_URL: https://docs.{{ domain }}
+          PAPERLESS_URL: https://docs.chislan.family
           PAPERLESS_WEBSERVER_WORKERS: "1"
         volumes:
           - /mnt/lotus-land-story/paperless-ngx/data:/usr/src/paperless/data
diff --git a/lotus-land-story/templates/Caddyfile b/lotus-land-story/templates/Caddyfile
index 936882a..566c70e 100644
--- a/lotus-land-story/templates/Caddyfile
+++ b/lotus-land-story/templates/Caddyfile
@@ -35,6 +35,12 @@ auth.{{ domain }} {
 	}
 }
 
+auth.chislan.family {
+	reverse_proxy authelia:9091 {
+		import trusted_proxy_list
+	}
+}
+
 search.{{ domain }} {
 	log
 
@@ -93,6 +99,25 @@ books.{{ domain }} {
 	}
 }
 
+docs.chislan.family
+	forward_auth authelia:9091 {
+		uri /api/verify?rd=https://auth.chislan.family
+		copy_headers Remote-User
+
+		# This import needs to be included if you're relying on a trusted proxies configuration.
+		import trusted_proxy_list
+	}
+
+	reverse_proxy paperless-ngx:8000 {
+		import trusted_proxy_list
+	}
+
+	redir /flower /flower/
+	handle /flower/* {
+		reverse_proxy paperless-ngx:5555
+	}
+}
+
 docs.{{ domain }} {
 	forward_auth authelia:9091 {
 		uri /api/verify?rd=https://auth.{{ domain }}
diff --git a/lotus-land-story/templates/authelia_configuration.yml b/lotus-land-story/templates/authelia_configuration.yml
index 22955a0..d62203d 100644
--- a/lotus-land-story/templates/authelia_configuration.yml
+++ b/lotus-land-story/templates/authelia_configuration.yml
@@ -17,9 +17,14 @@ authentication_backend:
 access_control:
   default_policy: deny
   rules:
-    - domain: "*.{{ domain }}"
-      # policy: one_factor
+    - domain: "*.chislan.family"
       policy: two_factor
+      subject:
+        - group:family
+    - domain: "*.kejadlen.dev"
+      policy: two_factor
+      subject:
+        - user:alpha
 
 identity_validation:
   reset_password:
@@ -31,6 +36,8 @@ session:
     - domain: {{ domain }}
       authelia_url: https://auth.{{ domain }}
       # default_redirection_url: https://www.{{ domain }}
+    - domain: chislan.family
+      authelia_url: https://auth.chislan.family
 
 storage:
   encryption_key: {{ authelia.storage_encryption_key }}
@@ -49,8 +56,8 @@ identity_providers:
     jwks:
       - key: |
           {{ authelia.oidc_private_key | indent(10) }}
-    clients:
 
+    clients:
       - client_id: grafana
         client_name: Grafana
         client_secret: $argon2id$v=19$m=65536,t=3,p=4$bHcAAorVdHuZzuz53WfAQA$x+pIDTo6SsGyY9JD4OZ7dT6pkEcPf8Yh6Yb7DXco8aQ
diff --git a/lotus-land-story/templates/authelia_users_database.yml b/lotus-land-story/templates/authelia_users_database.yml
index 7f11dfc..c45394b 100644
--- a/lotus-land-story/templates/authelia_users_database.yml
+++ b/lotus-land-story/templates/authelia_users_database.yml
@@ -6,8 +6,11 @@ users:
     email: alpha@kejadlen.dev
     groups:
       - admins
+      - family
   lydia:
     disabled: false
     displayname: "Lydia"
     password: "$argon2id$v=19$m=65536,t=3,p=4$ALAevUUnRK1hcwf5jp1OkA$aSwuYjEMrbtcAGfhsclL901QKF5S+6u42NQFG7S8DkI" # yamllint disable-line rule:line-length
     email: lydia.islan@gmail.com
+    groups:
+      - family