diff --git a/bxl-rpi/apps/docker-compose.mediaserver.yaml b/bxl-rpi/apps/docker-compose.mediaserver.yaml
index ffb5895..0047cc2 100644
--- a/bxl-rpi/apps/docker-compose.mediaserver.yaml
+++ b/bxl-rpi/apps/docker-compose.mediaserver.yaml
@@ -20,6 +20,7 @@ services:
     - "traefik.http.routers.jellyfin.tls=true"
     - "traefik.http.routers.jellyfin.tls.certresolver=http"
     networks:
+    - auth
     - external
 
   radarr:
diff --git a/bxl-rpi/apps/docker-compose.yourls.yaml b/bxl-rpi/apps/docker-compose.yourls.yaml
new file mode 100644
index 0000000..4880d8e
--- /dev/null
+++ b/bxl-rpi/apps/docker-compose.yourls.yaml
@@ -0,0 +1,47 @@
+services:
+  shlink:
+    container_name: shlink
+    image: shlinkio/shlink:latest
+    environment:
+    - DEFAULT_DOMAIN=s.bhasher.com
+    - IS_HTTPS_ENABLED=true
+    #- GEOLITE_LICENSE_KEY=${GEOLITE_LICENSE_KEY}
+    - DB_DRIVER=postgres
+    - DB_NAME=shlink
+    - DB_USER=postgres
+    - DB_PASSWORD=${POSTGRES_PASSWORD}
+    - DB_HOST=postgres
+    - DB_PORT=5432
+    #- REDIS_SERVERS=redis
+    - DEFAULT_QR_CODE_MARGIN=20
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.shlink.rule=Host(`s.bhasher.com`)"
+    - "traefik.http.services.shlink.loadbalancer.server.port=8080"
+    - "traefik.http.routers.shlink.tls=true"
+    - "traefik.http.routers.shlink.tls.certresolver=http"
+    - "traefik.http.routers.shlink.entrypoints=internalsecure,externalsecure"
+    networks:
+    - external
+    - storage
+
+  shlink_ui:
+    container_name: shlink_ui
+    image: shlinkio/shlink-web-client
+    labels:
+    - "traefik.enable=true"
+    - "traefik.http.routers.shlinkui.rule=Host(`shlink.bhasher.com`)"
+    - "traefik.http.services.shlinkui.loadbalancer.server.port=80"
+    - "traefik.http.routers.shlinkui.tls=true"
+    - "traefik.http.routers.shlinkui.tls.certresolver=http"
+    - "traefik.http.routers.shlinkui.entrypoints=internalsecure,externalsecure"
+    volumes:
+    - $DATA/shlink/servers.json:/usr/share/nginx/html/servers.json
+    networks:
+    - external
+
+networks:
+  external:
+    external: true
+  storage:
+    external: true
diff --git a/bxl-rpi/config/idp/authelia.configuration.yaml b/bxl-rpi/config/idp/authelia.configuration.yaml
index 127c2e6..f32b03a 100644
--- a/bxl-rpi/config/idp/authelia.configuration.yaml
+++ b/bxl-rpi/config/idp/authelia.configuration.yaml
@@ -41,10 +41,6 @@ authentication_backend:
 access_control:
   default_policy: deny
   rules:
-  - domain: '*.bhasher.com'
-    policy: two_factor
-    subject:
-    - "group:admin"
   - domain: 'radarr.bhasher.com'
     policy: one_factor
     subject:
@@ -57,6 +53,14 @@ access_control:
     policy: one_factor
     subject:
     - "group:mediaserver"
+  - domain: 'lum.bhasher.com'
+    policy: two_factor
+    subject:
+    - "group:admin"
+  - domain: '*.bhasher.com'
+    policy: one_factor
+    subject:
+    - "group:admin"
 
 session:
   name: auth_session
@@ -100,6 +104,19 @@ password_policy:
     require_number: false
     require_special: false
 
+telemetry:
+  metrics:
+    enabled: true
+    address: "tcp://0.0.0.0:9959"
+    buffers:
+      read: 4096
+      write: 4096
+    timeouts:
+      read: 6s
+      write: 6s
+      idle: 30s
+
+
 identity_providers:
   oidc:
     enforce_pkce: public_clients_only
diff --git a/bxl-rpi/config/monitoring/prometheus.yaml b/bxl-rpi/config/monitoring/prometheus.yaml
index b53c8f5..1ad847e 100644
--- a/bxl-rpi/config/monitoring/prometheus.yaml
+++ b/bxl-rpi/config/monitoring/prometheus.yaml
@@ -34,3 +34,7 @@ scrape_configs:
     static_configs:
           - targets: ['traefik:8080']
 
+  - job_name: 'authelia'
+    scrape_interval: 15s
+    static_configs:
+          - targets: ['authelia:9959']
diff --git a/bxl-rpi/system/docker-compose.monitoring.yaml b/bxl-rpi/system/docker-compose.monitoring.yaml
index cd05fc1..bc70391 100644
--- a/bxl-rpi/system/docker-compose.monitoring.yaml
+++ b/bxl-rpi/system/docker-compose.monitoring.yaml
@@ -1,6 +1,6 @@
 services:
-  prom_monitoring:
-    container_name: prom_monitoring
+  prometheus:
+    container_name: prometheus
     image:  prom/prometheus:latest
     restart: unless-stopped
     labels:
@@ -68,10 +68,10 @@ services:
     container_name: cadvisor
     image: gcr.io/cadvisor/cadvisor:v0.47.1
     volumes:
-      - /:/rootfs:ro
-      - /var/run:/var/run:rw
-      - /sys:/sys:ro
-      - /var/lib/docker/:/var/lib/docker:ro
+    - /:/rootfs:ro
+    - /var/run:/var/run:rw
+    - /sys:/sys:ro
+    - /var/lib/docker/:/var/lib/docker:ro
     restart: always
     networks:
     - monitoring
@@ -80,21 +80,20 @@ services:
     container_name: node-exporter
     image: quay.io/prometheus/node-exporter:latest
     volumes:
-      - /proc:/host/proc:ro
-      - /sys:/host/sys:ro
-      - /:/rootfs:ro
-      - /:/host:ro,rslave
+    - /proc:/host/proc:ro
+    - /sys:/host/sys:ro
+    - /:/rootfs:ro
+    - /:/host:ro,rslave
     command:
-      - '--path.rootfs=/host'
-      - '--path.procfs=/host/proc'
-      - '--path.sysfs=/host/sys'
-      - --collector.filesystem.ignored-mount-points
-      - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
+    - '--path.rootfs=/host'
+    - '--path.procfs=/host/proc'
+    - '--path.sysfs=/host/sys'
+    - --collector.filesystem.ignored-mount-points
+    - "^/(sys|proc|dev|host|etc|rootfs/var/lib/docker/containers|rootfs/var/lib/docker/overlay2|rootfs/run/docker/netns|rootfs/var/lib/docker/aufs)($$|/)"
     restart: always
     networks:
     - monitoring
 
-
 networks:
   monitoring:
   external: