diff --git a/.sops.yaml b/.sops.yaml
index 2a90c25..dfef99e 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -15,7 +15,7 @@ creation_rules:
           - *stefan_ellmauthaler
           - *nucturne
 
-  - path_regex: machines/metis/secrets/wireguard\.yaml
+  - path_regex: machines/metis/secrets/[^/]+\.yaml
     key_groups:
       - pgp:
         - *stefan_ellmauthaler
diff --git a/README.md b/README.md
index 35e72eb..dfac52c 100644
--- a/README.md
+++ b/README.md
@@ -18,4 +18,4 @@
 * Rekey the secrets with either 
 	* a master key
 	* or after a git push on another machine with enough permissions to rekey
-* the flakes dev-shell (`nix devshell`) allows to use `sops <sops-file>` as well as `sops-rekey <sops-file>` to manage the keys on the system
+* the flakes dev-shell (`nix develop`) allows to use `sops <sops-file>` as well as `sops-rekey <sops-file>` to manage the keys on the system
diff --git a/modules/base.nix b/modules/base.nix
index bf65a6f..8d8d934 100644
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -24,6 +24,10 @@ with lib; {
       dev.enable = true;
     };
 
+    networking = {
+      firewall.enable = true;
+    };
+
     environment.systemPackages = with pkgs; [
       alacritty.terminfo
       bintools
diff --git a/secrets/shell.nix b/secrets/shell.nix
index 5d01992..3922b5b 100644
--- a/secrets/shell.nix
+++ b/secrets/shell.nix
@@ -11,5 +11,10 @@ in
 pkgs.mkShell {
   sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ];
 
-  nativeBuildInputs = [ sops-nix.sops-import-keys-hook sops-nix.ssh-to-pgp sops-rekey ];
+  nativeBuildInputs = [
+    sops-nix.sops-import-keys-hook
+    sops-nix.ssh-to-pgp
+    sops-rekey
+    pkgs.wireguard-tools
+  ];
 }