diff --git a/flake.lock b/flake.lock
index d7305c9..8665c4a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -219,11 +219,11 @@
     },
     "nix-secrets": {
       "locked": {
-        "lastModified": 1737825569,
-        "narHash": "sha256-5VkFZ00n/qDyrGZRNAbpDrLtUYuVpIAB33C2kY8otCA=",
+        "lastModified": 1738161184,
+        "narHash": "sha256-8ma/3Ynp2AzRm9ER5IqFm3pV05WVf0MtVDKHkxZSftA=",
         "ref": "refs/heads/master",
-        "rev": "63cac5afb18c5fcb9e11b560b20e4941d9b4caf4",
-        "revCount": 24,
+        "rev": "300319bbe2c60b201e451fc74a49465a2f1c2681",
+        "revCount": 28,
         "type": "git",
         "url": "ssh://git@github.com/TheWanderingCrow/nix-secrets"
       },
diff --git a/flake.nix b/flake.nix
index 42a33c1..77d0bba 100644
--- a/flake.nix
+++ b/flake.nix
@@ -118,6 +118,7 @@
           "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix"
           {
             networking.hostName = "WCE-Lighthouse1";
+            defaultSopsFile = inputs.nix-secrets.secrets.lighthouse1;
           }
           home-manager.nixosModules.home-manager
           sops-nix.nixosModules.sops
diff --git a/modules/users/lighthouse/setup.nix b/modules/users/lighthouse/setup.nix
index 9a37e05..4df9967 100644
--- a/modules/users/lighthouse/setup.nix
+++ b/modules/users/lighthouse/setup.nix
@@ -7,10 +7,27 @@
 }:
 lib.mkIf config.user.lighthouse.enable {
 
+    
+      sops = {
+        age.keyFile = "/var/lib/sops-nix/key.txt";
+        age.generateKey = true;
+      };
+
+      sops.secrets.cert = {};
+      sops.secrets.key = {};
 
     services.nebula.networks.test = {
         enable = true;
         isLighthouse = true;
+        ca = inputs.nix-secrets.nebula.ca;
+        cert = config.sops.secrets.cert.path;
+        key = config.sops.secrets.key.path;
+        settings = {
+            listen = {
+                host = "0.0.0.0";
+                port = 4242;
+            };
+        };
     };
         
 }