diff --git a/flake.nix b/flake.nix
index 85d9954..7b0a1fc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -100,9 +100,10 @@
         extraArgs = {inherit inputs;};
         system = "aarch64-linux";
         modules = [
-          nixos-hardware.nixosModules.raspberry-pi-4
-          "${nixpkgs}/nixos/modules/profiles/minimal.nix"
           ./hosts/pi4
+          "${nixpkgs}/nixos/modules/profiles/minimal.nix"
+          nixos-hardware.nixosModules.raspberry-pi-4
+          sops-nix.nixosModules.sops
         ];
       };
     };
diff --git a/secrets/pi4/default.yaml b/secrets/pi4/default.yaml
new file mode 100644
index 0000000..db51543
--- /dev/null
+++ b/secrets/pi4/default.yaml
@@ -0,0 +1,31 @@
+wireguard:
+    private_key: ENC[AES256_GCM,data:L6FD+kBF7AoIrm3pMM6/pmWtX2FP5dUrJ9hUCuW9n4SlJ/JhpxI9m/1owIg=,iv:ok4pyUUv80kPY9n4WQmBGYHmMsPJnG0tnF+vbNhqc3s=,tag:OPribO7RoVCkFkTrYrHw7w==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMFBDWjhzWXcvOTVVaVll
+            eURGUnc3VFBrNlBqSFBuR2ZuaXQ3SWhwaFdvCjd5Z0N2enFmQkNQN0ZUUGV2OFJP
+            U21DNWN4TFp2bERoT0U0SzVsTGNHeG8KLS0tIGpPQ2dOMUdmVG9DbS9nS3EwblQ1
+            MGZhZFFmUGpZbzlFS2JrakNTMm52aTAKeIHvB+cDdMsyj7BIRKbpNg58BIcIKJJl
+            BJCwqLxTGJe5gD7tvt9WzEwdSKO0VocXLth+AUCz6UuNLDfEugtBoQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUXpiekJ5Unc2L3pCTlNy
+            amxhUWxjQmZRZmlxcUZJakl2bEF0OEVnVXhFCm1GaHFxaTQ1eFllV2h6K1pwMUVU
+            cXdCSHNheEkvMGtIMkVBMXBOQlUwZ1kKLS0tIHNaQ3BIM2Z3WUVTSTM2bFE3L2lL
+            bTV0N1FRcFYvZDFvTDVHSUl5U3pNeEkKdhAgD33dvKnW0ssNJH+U0iBCYbEd7Dcw
+            9HwcOeSbHL91b6a1C2dzKqeeoynTBvg4B7uCAUsZZen3SGu7ON5gCg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-11-05T22:30:48Z"
+    mac: ENC[AES256_GCM,data:GI5Hb8zvafTdWhpm+D6qp9iefMD9NwYPRBKcxrIL9M1wTMzMzD4QsrbMDKQELfTYK3QhLZ0G4KTmLfoSB1zYO/GtslRDAAHmFzLuNNVJ9/8gIrd/Gb12JLnUDjJrxYEeF15NKnyqRMKUVQiJgYd8ggLGzT9pRqaMNTKCYutqsaE=,iv:XB/Ddi7mU9SdRD7nHkyAZR+gTZ9ZY2ZrvHlb0kFK/4Q=,tag:OgEw78w4o44CamP/4C6Y7g==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1