diff --git a/host_vars/gw1.pyrocufflink.blue/squid.yml b/host_vars/gw1.pyrocufflink.blue/squid.yml
index 90d36f6..f754cc3 100644
--- a/host_vars/gw1.pyrocufflink.blue/squid.yml
+++ b/host_vars/gw1.pyrocufflink.blue/squid.yml
@@ -1,3 +1,8 @@
+squid_auth_param:
+  basic:
+    program: /usr/lib64/squid/basic_ncsa_auth /etc/squid/squid.htpasswd
+    children: 1
+
 squid_acl:
   localnet:
     - 'src 10.0.0.0/8		# RFC 1918 local private network (LAN)'
@@ -20,6 +25,10 @@ squid_acl:
   - 'port 443		# https'
   CONNECT:
   - method CONNECT
+  frigate:
+  - proxy_auth frigate
+  github_api:
+  - dstdomain api.github.com
   kickstart:
   - url_regex rosalina.pyrocufflink.blue/~dustin/kickstart/.*\.ks$
   fcos_updates:
@@ -72,6 +81,7 @@ squid_http_access:
 - allow unifi_controller dockerhub
 - allow unifi_controller ghcr
 - allow unifi_controller linuxserverio
+- allow trusted frigate github_api
 - deny all
 
 squid_cache_dir: