diff --git a/machines/gerd/services/authelia/authelia.nix b/machines/gerd/services/authelia/authelia.nix
index 37790f0..90e3cdb 100644
--- a/machines/gerd/services/authelia/authelia.nix
+++ b/machines/gerd/services/authelia/authelia.nix
@@ -34,6 +34,10 @@ in {
         authelia_url = "https://${svc_domain}";
       } ];
 
+      # setup redis for sessions, otherwise it's in-memory, and everyone
+      # has to login again each time authelia is restarted
+      session.redis.host = "${config.services.redis.servers.authelia.unixSocket}";
+
       server.address = "tcp://127.0.0.1:${builtins.toString port}";
 
       # totp - disable for now, as it requires email server
@@ -89,6 +93,13 @@ in {
     };
   };
 
+  # setup redis for persisting session
+  # across reboots
+  services.redis.servers.authelia = {
+    enable = true;
+    user = authelia_user;
+  };
+
   # setup lldap user for authelia that can send emails
   services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
     authelia = llib.mkProvisionUserSystem "authelia" config.age.secrets.authelia-smtp-password.path;