diff --git a/flake.nix b/flake.nix
index 3e1c73b..96724c1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -12,13 +12,13 @@
 
   };
 
-  outputs = { self, nixpkgs, ... }: {
+  outputs = { self, nixpkgs, agenix,  ... }: {
     # https://github.com/zhaofengli/colmena
     colmena = {
       meta = {
         nixpkgs = import nixpkgs {
           system = "x86_64-linux";
-          overlays = [];
+          overlays = [ agenix.overlay ];
         };
       };
 
@@ -26,9 +26,9 @@
       defaults = import ./machines/_base.nix;
 
       # firewall machiene
-      #agentjones = import ./machines/agentjones.nix;
+      agentjones = import ./machines/agentjones.nix;
 
-      test02 = import ./machines/test02.nix;
+      #test02 = import ./machines/test02.nix;
 
     };
   };
diff --git a/machines/_base.nix b/machines/_base.nix
index 1f13ccc..7540f71 100644
--- a/machines/_base.nix
+++ b/machines/_base.nix
@@ -28,6 +28,8 @@
   environment.systemPackages = [
     # for flakes
     pkgs.git
+    # for secrets
+    pkgs.agenix
     # useful tools
     pkgs.ncdu_2
     pkgs.htop
diff --git a/machines/agentjones.nix b/machines/agentjones.nix
index 017a9e2..c663def 100644
--- a/machines/agentjones.nix
+++ b/machines/agentjones.nix
@@ -7,7 +7,8 @@
   deployment = {
     #targetHost = "agentjones.skynet.ie";
     # wont have dns to start with
-    targetHost = "193.1.99.72";
+    #targetHost = "193.1.99.72";
+    targetHost = "192.168.1.157";
     targetPort = 22;
     targetUser = "root";
   };
@@ -15,12 +16,16 @@
   # this server is teh firewall
   skynet_firewall = {
     # always good to know oneself
-    own_ip = "193.1.99.72";
+    #own_ip = "193.1.99.72";
+    own_ip = "192.168.1.157";
 
-    # 443 is an ssh port now (heh)
     own_ports = [
+      # ssh
       22
-      443
+      # dns
+      53
+      # wireguard
+      51820
     ];
 
     enable = true;