diff --git a/modules/services/auth-provider/default.nix b/modules/services/auth-provider/default.nix
index 4a9648b..523108a 100644
--- a/modules/services/auth-provider/default.nix
+++ b/modules/services/auth-provider/default.nix
@@ -1,49 +1,34 @@
-{ inputs, config, ... }:
+{
+  pkgs,
+  inputs,
+  config,
+  ...
+}:
 let
   sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
 in
 {
+  disabledModules = [
+    "${inputs.nixpkgs}/nixos/modules/services/security/pocket-id.nix"
+  ];
+  imports = [
+    "${inputs.nixpkgs-unstable}/nixos/modules/services/security/pocket-id.nix"
+  ];
+
   services.caddy = {
     enable = true;
     virtualHosts."auth.wanderingcrow.net".extraConfig = ''
-      reverse_proxy http://localhost:5555
+      reverse_proxy http://localhost:1411
     '';
   };
 
-  sops.secrets = {
-    "authentik/secret-key" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/host" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/port" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/user" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/pass" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-  };
-
-  sops.templates.authentik-env.content = ''
-    AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret-key"}
-    AUTHENTIK_LISTEN__HTTP=127.0.0.1:5555
-    AUTHENTIK_LISTEN__HTTPS=127.0.0.1:5443
-    AUTHENTIK_EMAIL__HOST=${config.sops.placeholder."authentik/smtp/host"}
-    AUTHENTIK_EMAIL__PORT=${config.sops.placeholder."authentik/smtp/port"}
-    AUTHENTIK_EMAIL__USERNAME=${config.sops.placeholder."authentik/smtp/user"}
-    AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/smtp/pass"}
-    AUTHENTIK_EMAIL__FROM=${config.sops.placeholder."authentik/smtp/user"}
-  '';
-  services.authentik = {
+  services.pocket-id = {
     enable = true;
-    environmentFile = config.sops.templates.authentik-env.path;
-    settings.email = {
-      use_tls = true;
-      use_ssl = true;
+    package = pkgs.unstable.pocket-id;
+    settings = {
+      ANALYTICS_DISABLED = true;
+      APP_URL = "https://auth.wanderingcrow.net";
+      TRUST_PROXY = true;
     };
   };
 }