diff --git a/modules/users/overseer/services/bar-assistant.nix b/modules/users/overseer/services/bar-assistant.nix
index 1ca298d..7a37c34 100644
--- a/modules/users/overseer/services/bar-assistant.nix
+++ b/modules/users/overseer/services/bar-assistant.nix
@@ -37,6 +37,11 @@ in
         enable = true;
         recommendedProxySettings = true;
         virtualHosts = {
+          extraConfig = ''
+            allow 192.168.0.0/16;
+            allow 10.8.0.0/24;
+            deny all;
+          '';
           "bar.wanderingcrow.net" = {
             forceSSL = true;
             useACMEHost = "bar.wanderingcrow.net";
diff --git a/modules/users/overseer/services/bookstack.nix b/modules/users/overseer/services/bookstack.nix
index c18fb3c..a0097df 100644
--- a/modules/users/overseer/services/bookstack.nix
+++ b/modules/users/overseer/services/bookstack.nix
@@ -35,6 +35,11 @@ in
         appKeyFile = config.sops.secrets."bookstack/key".path;
         nginx = {
           forceSSL = true;
+          extraConfig = ''
+            allow 192.168.0.0/16;
+            allow 10.8.0.0/24;
+            deny all;
+          '';
           useACMEHost = "bookstack.wanderingcrow.net";
         };
       };
diff --git a/modules/users/overseer/services/grocy.nix b/modules/users/overseer/services/grocy.nix
index 5f416ac..b283a88 100644
--- a/modules/users/overseer/services/grocy.nix
+++ b/modules/users/overseer/services/grocy.nix
@@ -7,6 +7,11 @@ lib.mkIf config.user.overseer.enable {
   services.nginx.virtualHosts."grocy.wanderingcrow.net" = {
     forceSSL = true;
     useACMEHost = "grocy.wanderingcrow.net";
+    extraConfig = ''
+      allow 192.168.0.0/16;
+      allow 10.8.0.0/24;
+      deny all;
+    '';
   };
 
   services.grocy = {
diff --git a/modules/users/overseer/services/homebox.nix b/modules/users/overseer/services/homebox.nix
index b3f7834..ee61ab1 100644
--- a/modules/users/overseer/services/homebox.nix
+++ b/modules/users/overseer/services/homebox.nix
@@ -26,6 +26,11 @@ lib.mkIf config.user.overseer.enable {
           forceSSL = true;
           useACMEHost = "homebox.wanderingcrow.net";
           locations."/" = {
+            extraConfig = ''
+              allow 192.168.0.0/16;
+              allow 10.8.0.0/24;
+              deny all;
+            '';
             proxyPass = "http://localhost:7745";
             proxyWebsockets = true;
           };
diff --git a/modules/users/overseer/services/homepage.nix b/modules/users/overseer/services/homepage.nix
index 74cadac..c0da599 100644
--- a/modules/users/overseer/services/homepage.nix
+++ b/modules/users/overseer/services/homepage.nix
@@ -24,6 +24,7 @@ lib.mkIf config.user.overseer.enable {
         locations."/" = {
           extraConfig = ''
             allow 192.168.0.0/16;
+            allow 10.8.0.0/24;
             deny all;
           '';
           proxyPass = "http://localhost:8082";