diff --git a/README.md b/README.md
index 8744da8..1506ae0 100644
--- a/README.md
+++ b/README.md
@@ -27,9 +27,11 @@ Global agent skills are installed declaratively using skills.sh and only resync
 Secrets live in Bitwarden and are rendered at activation time using cli
 Deployment is `just switch` for the laptop and `just switch-netty` for the server.
 
+All PRs auto-merge on creation if tests pass
+
 The VPS has a declarative service bundle: 
 - netty exposes 3 tcp ports (22:ssh, 80:http, 443:https)
 - services only listen on 127.0.0.1 (runs behind nginx with ACME)
 - Self hosts Forgejo mirroring to GitHub (git.harivan.sh)
-- Self hosts VaultWarden (vault.harivan.sh)
-- Runs sandbox agent behind a CORS proxy (netty.harivan.sh)
\ No newline at end of file
+- Self hosts VaultWarden
+- Runs sandbox agent behind a CORS proxy
diff --git a/hosts/netty/configuration.nix b/hosts/netty/configuration.nix
index 1fc21b4..399d19e 100644
--- a/hosts/netty/configuration.nix
+++ b/hosts/netty/configuration.nix
@@ -270,7 +270,10 @@ in
         HTTP_PORT = 19300;
         SSH_DOMAIN = forgejoDomain;
       };
-      service.DISABLE_REGISTRATION = true;
+      service = {
+        DISABLE_REGISTRATION = true;
+        REQUIRE_SIGNIN_VIEW = true;
+      };
       session.COOKIE_SECURE = true;
       mirror = {
         DEFAULT_INTERVAL = "1h";