diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..b9238c3
--- /dev/null
+++ b/.envrc
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+use flake
diff --git a/.gitignore b/.gitignore
index b2be92b..c7ca227 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+/.direnv
 result
diff --git a/flake.nix b/flake.nix
index e4f400e..8ee4773 100644
--- a/flake.nix
+++ b/flake.nix
@@ -86,5 +86,13 @@
           inherit (tapir) pkgs stateVersion;
         };
       };
+
+      devShells.${system}.default =
+        let
+          pkgs = stoat.pkgs;
+        in
+          pkgs.mkShell {
+            packages = with pkgs; [ ssh-to-age sops ];
+          };
     };
 }
diff --git a/hive/phobos/default.nix b/hive/phobos/default.nix
index 08f8fcc..df90536 100644
--- a/hive/phobos/default.nix
+++ b/hive/phobos/default.nix
@@ -1,7 +1,7 @@
 { system, stateVersion, sops-nix, pkgs, lib, ... }:
 let
   boardwise = builtins.getFlake
-    "github:boardwise-gg/website/c605a09c56234b2c2c0e4593da8f3b798723a5d7";
+    "github:boardwise-gg/website/0c7d2b5932f06912034d8da3d13008cc53c50245";
   coach-scraper = builtins.getFlake
     "github:boardwise-gg/coach-scraper/58815d3ae5a69cac12436a01e77019a5ac5d16a7";
 in
@@ -54,13 +54,19 @@ in
 
   environment.systemPackages = [
     coach-scraper.packages.${system}.app
+    pkgs.mullvad-vpn
   ];
 
-  sops.defaultSopsFile = ./secrets.yaml;
-  sops.secrets.SECRET_KEY_BASE = {};
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets.SECRET_KEY_BASE = {};
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "jrpotter2112@gmail.com";
+  };
 
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "jrpotter2112@gmail.com";
   services.nginx = {
     enable = true;
     virtualHosts = {
diff --git a/hive/phobos/secrets.yaml b/hive/phobos/secrets.yaml
index 2bc2137..45d6192 100644
--- a/hive/phobos/secrets.yaml
+++ b/hive/phobos/secrets.yaml
@@ -1,4 +1,5 @@
 SECRET_KEY_BASE: ENC[AES256_GCM,data:7momHRbT88d1hVkABk9altYurje6s/NQCuDRttBZm9JND1Gtdlf/xaPBHHBH/S0zYGZirzFsYHUYsCNeSNDao9Wa6zpb/ISt9gdMJ4kng3s=,iv:xcPtA1h1LapQpH2A2cyRIh22w5obrIibatE3b2EKpQ8=,tag:pxatJLQv2lBCFja6a/lSzQ==,type:str]
+MULLVAD_ACCOUNT: ENC[AES256_GCM,data:yQw480DOPJglLid/lRvfrw==,iv:mKoMNkRhxs6xgr1KSEvDCRJ85406eK51M2jIfAOfqkw=,tag:ceMRzeEkYz9XBJ+YMO5lJQ==,type:int]
 sops:
     kms: []
     gcp_kms: []
@@ -23,8 +24,8 @@ sops:
             eVRiNzAyRk9mUXpPZmRCcU5BVitjQW8KPFKtQSwOKtp5pLI2mlAXtkc8nJYoXjo0
             jdqxptc4a7uKywi8s1lffUSkV/ifMxVc9uH2M+0ry227aU+r2Lk0tA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-12T13:34:11Z"
-    mac: ENC[AES256_GCM,data:dfaKEgUVSUMKAs1gwwegunrDpjYCxVVfbXn36wODeDspNB9ub1j7d2aV11ayVh8TtVTmOY7+oV1Zo6t1SpWFV9cbkkeJ47bHHVget1eQkmvLuwpRywhIxXhkW7JOzXwQxGpnJLCB0U7M3XlGUdJXbq38VHuL/DEbSpS3YY6x9NQ=,iv:vlfb0DX4UiKv5oQ+gW+h/E7E/lvmCGSfdxV/nAZg15o=,tag:VGoHePRK6abeXgnEDWvpHQ==,type:str]
+    lastmodified: "2023-12-12T16:06:07Z"
+    mac: ENC[AES256_GCM,data:3hMr2D3CM1b5PGNc/j+x4f/FNV4SnNdpHODHZFGhD+3Vd1vw3X8IGa7x9G94PyFpPHLTqbyfxw67Qkl2B1ZMyalQwisaFLS4T3N0caAn9ARyVDHoQbRwdliT46uuKUp+vLHlHcmIK/ujbTj3nt34ZK5u9YHw0vpbx+vXaWKFUBk=,iv:AHgv8SqqijK5I+4RLavAqYNAGefdOvbIlaFJJ74ivIs=,tag:nhujfPnfy/ooD/QPyoxGSg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3