diff --git a/.sops.yaml b/.sops.yaml
index 16ec762..15634fd 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,7 +1,12 @@
 keys:
   - &hippocampus age1crymppz88etsdjpckmtdhr397x5xg5wv8jt6tcj23gt2snq73pzs04fuve
+  - &desktop age1p3958zac2e5t35dpdeysqxtc9q76zd6dyswg9y7uqt3688yphp9q6r2hdp
 creation_rules:
   - path_regex: machines/hippocampus/secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - age:
       - *hippocampus
+  - path_regex: machines/universedesktop/secrets/[^/]+\.(yaml|json|env|ini)$
+    key_groups:
+    - age:
+      - *desktop
diff --git a/flake.nix b/flake.nix
index c65ea9e..1eae8d4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -57,6 +57,7 @@
             nixpkgs.overlays = [ me-emacs-overlay ];
           })
           ./machines/universedesktop/configuration.nix
+          sops-nix.nixosModules.sops
         ];
     };
     darwinConfigurations."Universe-Air" = nix-darwin.lib.darwinSystem {
diff --git a/machines/universedesktop/configuration.nix b/machines/universedesktop/configuration.nix
index 7dae083..6c177cf 100644
--- a/machines/universedesktop/configuration.nix
+++ b/machines/universedesktop/configuration.nix
@@ -13,6 +13,9 @@
       [ # Include the results of the hardware scan.
         ./hardware-configuration.nix
 
+        # Secrets specified via:
+        ./secrets.nix
+
         ./programs/art.nix
         ./programs/audio.nix
         ./programs/cad.nix
@@ -43,21 +46,14 @@
     ## Bridged Network Config
 
     networking.hostName = "universedesktop";
-    networking.useDHCP  = false;
-    networking.bridges = {
-      "br0" = {
-        interfaces = [ "enp9s0" ];
-      };
+
+    sops.secrets.wireless = { };
+    networking.wireless.environmentFile = config.sops.secrets.wireless.path;
+
+    networking.wireless.enable = true;
+    networking.wireless.networks = {
+      "@SSID_HOME@".psk = "@PSK_HOME@";
     };
-    networking.interfaces.br0.ipv4.addresses = [
-      {
-        address = "192.168.1.21";
-        prefixLength = 24;
-      }
-    ];
-    networking.defaultGateway = "192.168.1.1";
-    networking.nameservers = [ "192.168.1.1" ];
-    networking.interfaces.tap0.virtual = true;
 
     hardware.bluetooth.enable = true;
 
diff --git a/machines/universedesktop/secrets.nix b/machines/universedesktop/secrets.nix
new file mode 100644
index 0000000..4a642bd
--- /dev/null
+++ b/machines/universedesktop/secrets.nix
@@ -0,0 +1,8 @@
+{config, pkgs, ...}: let
+in {
+  sops = {
+    age.keyFile = "/root/.config/sops/age/keys.txt";
+    defaultSopsFile = "/etc/nixos/machines/universedesktop/secrets/secrets.yaml";
+    validateSopsFiles = false;
+  };
+}