diff --git a/services/haproxy-acme.nix b/services/haproxy-acme.nix
index c7dc7d4..8cfa574 100644
--- a/services/haproxy-acme.nix
+++ b/services/haproxy-acme.nix
@@ -27,6 +27,8 @@ in
         port = mkOption { type = int; description = "Port number"; };
         socket = mkOption { type = str; description = "Emplacement du socket"; default = ""; };
         auth = mkOption { type = bool; description = "Enable authentification"; default = false; };
+        extraAcls = mkOption { type = str; description = "ACL HaProxy suplémentaires"; default = ""; };
+        aclBool = mkOption { type = str; description = "Logique d'authentification"; default = "!AUTH_OK"; };
       }; });
       example = ''
         haproxy_backends = {
@@ -102,8 +104,11 @@ in
                 ''
             )}
             ${(if value.auth then (
-              "\n  acl AuthOK_LOUTRE http_auth(LOUTRE)\n"
-            + "  http-request auth realm LOUTRE if !AuthOK_LOUTRE\n"
+            value.extraAcls
+            + ''
+                acl AUTH_OK http_auth(LOUTRE)
+                http-request auth realm LOUTRE if ${value.aclBool}
+              ''
             ) else "")}
           ''
         ) cfg.services)}
diff --git a/systems/LoutreOS/services.nix b/systems/LoutreOS/services.nix
index 91ab413..cd981dd 100644
--- a/systems/LoutreOS/services.nix
+++ b/systems/LoutreOS/services.nix
@@ -30,9 +30,9 @@ in
   services.haproxy-acme.services = {
     "grafana.${domaine}" = { ip = "127.0.0.1"; port = 3000; auth = false; };
     "emby.${domaine}" = { ip = "127.0.0.1"; port = 8096; auth = false; };
-    "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = false; };
-    "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = false; };
-    "lidarr.${domaine}" = { ip = "127.0.0.1"; port = 8686; auth = false; };
+    "radarr.${domaine}" = { ip = "127.0.0.1"; port = 7878; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
+    "sonarr.${domaine}" = { ip = "127.0.0.1"; port = 8989; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
+    "lidarr.${domaine}" = { ip = "127.0.0.1"; port = 8686; auth = true; extraAcls = "acl API url_beg /api\n"; aclBool = "!AUTH_OK !API"; };
     "transmission.${domaine}" = { ip = "127.0.0.1"; port = 9091; auth = true; };
     "syncthing.${domaine}" = { ip = "127.0.0.1"; port = 8384; auth = true; };
     "jackett.${domaine}" = { ip = "127.0.0.1"; port = 9117; auth = true; };