diff --git a/machines/howl/default.nix b/machines/howl/default.nix
index eae09fa..70b4d1a 100644
--- a/machines/howl/default.nix
+++ b/machines/howl/default.nix
@@ -9,4 +9,20 @@
   nix.distributedBuilds = lib.mkForce false;
 
   nix.gc.automatic = lib.mkForce false;
+
+  services.resolved.enable = true;
+
+  # services.firezone.headless-client = {
+  #   enable = true;
+  #   name = config.networking.hostName;
+  #   apiUrl = "wss://api.firezone.dev/";
+  #   tokenFile = "/run/agenix/firezone-token";
+  # };
+  # age.secrets.firezone-token.file = ../../secrets/firezone-token.age;
+
+  # services.firezone.gui-client = {
+  #   enable = true;
+  #   name = config.networking.hostName;
+  #   allowedUsers = [ "googlebot" ];
+  # };
 }
diff --git a/machines/howl/properties.nix b/machines/howl/properties.nix
index 536e0c3..b8301bb 100644
--- a/machines/howl/properties.nix
+++ b/machines/howl/properties.nix
@@ -7,6 +7,7 @@
 
   systemRoles = [
     "personal"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQi3q8jU6vRruExAL60J7GFO1gS8HsmXVJuKRT4ljrG";
diff --git a/machines/ponyo/properties.nix b/machines/ponyo/properties.nix
index 1695957..4c2c4fa 100644
--- a/machines/ponyo/properties.nix
+++ b/machines/ponyo/properties.nix
@@ -16,6 +16,7 @@
     "dailybot"
     "gitea"
     "librechat"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBBlTAIp38RhErU1wNNV5MBeb+WGH0mhF/dxh5RsAXN";
diff --git a/machines/storage/s0/properties.nix b/machines/storage/s0/properties.nix
index 4b77af6..8c5bb6c 100644
--- a/machines/storage/s0/properties.nix
+++ b/machines/storage/s0/properties.nix
@@ -14,6 +14,7 @@
     "gitea-actions-runner"
     "frigate"
     "zigbee"
+    "firezone"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";
diff --git a/secrets/firezone-token.age b/secrets/firezone-token.age
new file mode 100644
index 0000000..caa33cb
Binary files /dev/null and b/secrets/firezone-token.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e4de178..bcce79e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -60,4 +60,7 @@ with roles;
 
   # zigbee2mqtt secrets
   "zigbee2mqtt.yaml.age".publicKeys = zigbee;
+
+  # Firezone Token
+  "firezone-token.age".publicKeys = firezone;
 }