diff --git a/hosts/sentinel/firezone.nix b/hosts/sentinel/firezone.nix
index 94dbb4d..7591cf9 100644
--- a/hosts/sentinel/firezone.nix
+++ b/hosts/sentinel/firezone.nix
@@ -18,6 +18,7 @@ let
     "cast.photos.${globals.domains.me}"
     "photos.${globals.domains.me}"
     "s3.photos.${globals.domains.me}"
+    globals.services.mealie.domain
     globals.services.immich.domain
     globals.services.influxdb.domain
     globals.services.loki.domain
diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix
index 518ee23..0a08a1f 100644
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@@ -20,6 +20,7 @@ let
     "cast.photos.${globals.domains.me}"
     "photos.${globals.domains.me}"
     "s3.photos.${globals.domains.me}"
+    globals.services.mealie.domain
     globals.services.immich.domain
     globals.services.influxdb.domain
     globals.services.loki.domain
@@ -142,6 +143,7 @@ in
       // mkMicrovm "adguardhome"
       // mkMicrovm "forgejo"
       // mkMicrovm "kanidm"
+      // mkMicrovm "mealie"
       // mkMicrovm "radicale"
       // mkMicrovm "vaultwarden"
       // mkMicrovm "web-proxy"
diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix
index 626859d..1e2e2fc 100644
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@@ -118,6 +118,7 @@ in
               "cast.photos.${globals.domains.me}"
               "photos.${globals.domains.me}"
               "s3.photos.${globals.domains.me}"
+              globals.services.mealie.domain
               globals.services.immich.domain
               globals.services.influxdb.domain
               globals.services.loki.domain
diff --git a/hosts/ward/guests/kanidm.nix b/hosts/ward/guests/kanidm.nix
index 010bfa2..595c847 100644
--- a/hosts/ward/guests/kanidm.nix
+++ b/hosts/ward/guests/kanidm.nix
@@ -39,6 +39,7 @@ in
   age.secrets.kanidm-oauth2-grafana = mkRandomSecret;
   age.secrets.kanidm-oauth2-immich = mkRandomSecret;
   age.secrets.kanidm-oauth2-firezone = mkRandomSecret;
+  age.secrets.kanidm-oauth2-mealie = mkRandomSecret;
   age.secrets.kanidm-oauth2-paperless = mkRandomSecret;
   age.secrets.kanidm-oauth2-web-sentinel = mkRandomSecret;
 
@@ -155,6 +156,29 @@ in
         ];
       };
 
+      # Mealie
+      groups."mealie.access" = { };
+      groups."mealie.admins" = { };
+      systems.oauth2.mealie = {
+        displayName = "Mealie";
+        originUrl = "https://${globals.services.mealie.domain}/login";
+        originLanding = "https://${globals.services.mealie.domain}/";
+        basicSecretFile = config.age.secrets.kanidm-oauth2-mealie.path;
+        preferShortUsername = true;
+        scopeMaps."mealie.access" = [
+          "openid"
+          "email"
+          "profile"
+        ];
+        claimMaps.groups = {
+          joinType = "array";
+          valuesByGroup = {
+            "mealie.access" = [ "user" ];
+            "mealie.admins" = [ "admin" ];
+          };
+        };
+      };
+
       # Paperless
       groups."paperless.access" = { };
       systems.oauth2.paperless = {
diff --git a/hosts/ward/guests/mealie.nix b/hosts/ward/guests/mealie.nix
new file mode 100644
index 0000000..6731ac1
--- /dev/null
+++ b/hosts/ward/guests/mealie.nix
@@ -0,0 +1,79 @@
+{
+  config,
+  globals,
+  nodes,
+  ...
+}:
+let
+  mealieDomain = "mealie.${globals.domains.personal}";
+in
+{
+  wireguard.proxy-home = {
+    client.via = "ward";
+    firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ config.services.mealie.port ];
+  };
+
+  # Mirror the original oauth2 secret
+  age.secrets.mealie-oauth2-client-secret = {
+    inherit (nodes.ward-kanidm.config.age.secrets.kanidm-oauth2-mealie) rekeyFile;
+    mode = "440";
+  };
+
+  globals.services.mealie.domain = mealieDomain;
+  globals.monitoring.http.mealie = {
+    url = "https://${mealieDomain}";
+    # FIXME: todooooooooooo
+    expectedBodyRegex = "TODO";
+    network = "internet";
+  };
+
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/private/mealie";
+      mode = "0700";
+    }
+  ];
+
+  services.mealie = {
+    enable = true;
+    settings = rec {
+      ALLOW_SIGNUP = "false";
+      BASE_URL = "https://${mealieDomain}";
+      TZ = config.time.timeZone;
+
+      TOKEN_TIME = 87600; # 10 years session time - this is only internal so who cares
+      OIDC_AUTH_ENABLED = "true";
+      OIDC_AUTO_REDIRECT = "true";
+      OIDC_CLIENT_ID = "mealie";
+      OIDC_CONFIGURATION_URL = "https://${globals.services.kanidm.domain}/oauth2/openid/${OIDC_CLIENT_ID}/.well-known/openid-configuration";
+      OIDC_SIGNUP_ENABLED = "true";
+      OIDC_USER_GROUP = "user";
+      OIDC_ADMIN_GROUP = "admin";
+    };
+  };
+
+  nodes.ward-web-proxy = {
+    services.nginx = {
+      upstreams.mealie = {
+        servers."${config.wireguard.proxy-home.ipv4}:${config.services.mealie.port}" = { };
+        extraConfig = ''
+          zone mealie 64k;
+          keepalive 2;
+        '';
+        monitoring = {
+          enable = true;
+          # FIXME: todooooooooooo
+          expectedBodyRegex = "TODO";
+        };
+      };
+      virtualHosts.${mealieDomain} = {
+        forceSSL = true;
+        useACMEWildcardHost = true;
+        extraConfig = ''
+          client_max_body_size 128M;
+        '';
+        locations."/".proxyPass = "http://mealie";
+      };
+    };
+  };
+}
diff --git a/hosts/ward/secrets/mealie/host.pub b/hosts/ward/secrets/mealie/host.pub
new file mode 100644
index 0000000..d78cb5f
--- /dev/null
+++ b/hosts/ward/secrets/mealie/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHmfHyKfCoAUflxiWZF4IBLMxLtTZexaAfwVwzFJIlqH
diff --git a/secrets/generated/sentinel/loki-basic-auth-hashes.age b/secrets/generated/sentinel/loki-basic-auth-hashes.age
index 858f27a..6a398a1 100644
Binary files a/secrets/generated/sentinel/loki-basic-auth-hashes.age and b/secrets/generated/sentinel/loki-basic-auth-hashes.age differ
diff --git a/secrets/generated/ward-kanidm/kanidm-oauth2-mealie.age b/secrets/generated/ward-kanidm/kanidm-oauth2-mealie.age
new file mode 100644
index 0000000..dd01542
--- /dev/null
+++ b/secrets/generated/ward-kanidm/kanidm-oauth2-mealie.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 cJsUAs5kab+tag5KhjwJ+ZsCdnyDmXkQR89R9Yg9wlU
+h5hbA32BsvgNHm9N2Z3MNeBaSh62jMZZXadwQ67p6TM
+-> piv-p256 xqSe8Q A+J9DUC4CyzTSM8AeSrXggvg+iEG+EeVLZ6y2vZoFxdp
+kr6Te/2pBpsQ67/veC2zmFLoFo8az8UG20KVLrNjg1c
+-> '58-grease
+gd23myuHckOq82KNxQJ8wLupxTIEi3VQ2KdJEfKGay3EQQziBFFNeLwpXOOr1UzZ
+PnBY8e3gER+J0XKrFBVgvukbLfPxO0U6oa3uJStKpqIS0M+0CxTm6SYX752+dA
+--- zG8eAxMs4mHvZXAHGko6cWwiCbocn/QkCOz91D8a6Yw
+¥hS™}ÊÞöúd¥NbñŒUŽkÕÙ—TQ³.ôý ŠU™B€ˆ;Ž%Ó½
+,n>f ?xÆ8âº¹²ôFÌi,yç—$ÍÉÃ8£ß
\ No newline at end of file
diff --git a/secrets/generated/ward-mealie/promtail-loki-basic-auth-password.age b/secrets/generated/ward-mealie/promtail-loki-basic-auth-password.age
new file mode 100644
index 0000000..502e10c
Binary files /dev/null and b/secrets/generated/ward-mealie/promtail-loki-basic-auth-password.age differ
diff --git a/secrets/generated/ward-mealie/telegraf-influxdb-token.age b/secrets/generated/ward-mealie/telegraf-influxdb-token.age
new file mode 100644
index 0000000..774f09b
--- /dev/null
+++ b/secrets/generated/ward-mealie/telegraf-influxdb-token.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 N9dmnsf18HnbTxhRcEH/xtfpPAJSWfCnhqf+zXxuAXo
+x5s33yPRTyR8/dObTK93N6TqQVxM5mq00eb8ELmHt2M
+-> piv-p256 xqSe8Q A8iifEpFK/miSnKIeTMtanK1xqwBsLrWlCA8REv9+WgI
+am4/Lch1SEVBfDm91jYqJdeGdcQyWl9XWEjLP/mDHFw
+-> k-grease Kc$ G/
+jO05FKqhHg
+--- LhH0UM9+rOqKAvfRt4SQ8zOSPgXPUs7sGIY1O9qvZDQ
+rP›P'€6q—¶¥ŠUKÏ@ØždøF\ó/DÓøA•æ\1D…°xD’jèã·÷´ðŽ`!ëkq¦òüìFø×ñÉ°ÐJêyìi8
\ No newline at end of file
diff --git a/secrets/global.nix.age b/secrets/global.nix.age
index 38567d8..9016b6a 100644
Binary files a/secrets/global.nix.age and b/secrets/global.nix.age differ
diff --git a/secrets/rekeyed/sentinel/0eaa4bb18cbfcecdc7f5b14bf1f05cdf-loki-basic-auth-hashes.age b/secrets/rekeyed/sentinel/0eaa4bb18cbfcecdc7f5b14bf1f05cdf-loki-basic-auth-hashes.age
deleted file mode 100644
index c7cb0c0..0000000
Binary files a/secrets/rekeyed/sentinel/0eaa4bb18cbfcecdc7f5b14bf1f05cdf-loki-basic-auth-hashes.age and /dev/null differ
diff --git a/secrets/rekeyed/sentinel/754829daef824cd4d3b0deaad3d35a85-loki-basic-auth-hashes.age b/secrets/rekeyed/sentinel/754829daef824cd4d3b0deaad3d35a85-loki-basic-auth-hashes.age
new file mode 100644
index 0000000..dd613e3
Binary files /dev/null and b/secrets/rekeyed/sentinel/754829daef824cd4d3b0deaad3d35a85-loki-basic-auth-hashes.age differ
diff --git a/secrets/rekeyed/sire-influxdb/549767bc6a22e6cb8bee4ca26ce4db3b-telegraf-influxdb-token-ward-mealie.age b/secrets/rekeyed/sire-influxdb/549767bc6a22e6cb8bee4ca26ce4db3b-telegraf-influxdb-token-ward-mealie.age
new file mode 100644
index 0000000..191bffe
--- /dev/null
+++ b/secrets/rekeyed/sire-influxdb/549767bc6a22e6cb8bee4ca26ce4db3b-telegraf-influxdb-token-ward-mealie.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 1tdZKQ MN56T24f/dSVI6afWn7jc/lkOVJZtf02XCtxyWStSG0
+gUT9Wx23QhRVLvAR9p2XzIH7ssu56We1XhtEIN4t30s
+-> gwO<i-grease 1 1,V `fi%x
+R9yRyHD2DrNdqX8cBHBy6ipUv5WgzunD09E6Qo3PBZoCESgp/G3d1qBR7+PCtIJd
+6GbTl/rnPwkMJ9oQOdQFu/2Peg
+--- /vpQXk7HmKsvhJ1fhh9SimoGHKbjJyRJYEGer7t/DpY
+.mÅ ã_ÛŽB49å<.T@bü0f=F³íMmíyìÆ9¿q¥bì/þZpõèõRßüfÑó>1¼‰ÁˆØ™ù´»9“(Ë¶ø](
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-kanidm/b2f37c3b6f744289f78131fe5bcf2a07-kanidm-oauth2-mealie.age b/secrets/rekeyed/ward-kanidm/b2f37c3b6f744289f78131fe5bcf2a07-kanidm-oauth2-mealie.age
new file mode 100644
index 0000000..4df698e
--- /dev/null
+++ b/secrets/rekeyed/ward-kanidm/b2f37c3b6f744289f78131fe5bcf2a07-kanidm-oauth2-mealie.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 QciEZQ Mb7FWnZMyUpEI72QX/92B+l2E756oTlZwrGpR6htERQ
+txqIzt+oJiHjsE6xDUlWSLaEyu2BNpPAMpzDFGIIeBI
+-> jV-grease
+pt4Kb7YOgGqbqug5THlDQgE2dEC7OTfwkz3wi5B5K5jFFwWUOB/2b5FP72flL0IO
+prmEssYGvxfptw
+--- RhK7j5bP4w7SrnHNYWffHBQA3yq1/Btv1v8GnV7WKgk
++ºo¹·\ÅU€¤áši5rîu.€n‹ëjv<ˆ÷ñŽ±Húnõr*TÇ—LßÓëž£û-FðSXŒsì	+({Ü„NÉ˜•fó7nëk •r"n
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-mealie/0e26f79cf1faf0b8aed1fda123df3d8d-telegraf-influxdb-token.age b/secrets/rekeyed/ward-mealie/0e26f79cf1faf0b8aed1fda123df3d8d-telegraf-influxdb-token.age
new file mode 100644
index 0000000..3a37818
--- /dev/null
+++ b/secrets/rekeyed/ward-mealie/0e26f79cf1faf0b8aed1fda123df3d8d-telegraf-influxdb-token.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 lvVD1Q YXn9WHQpMzpHXr8+kFMIdSyQ/rk3NwEukoV+qciYTTY
+yoAXvZkuiHE0KW3weO2oX51TFLY1f2ANh9pNBG6o1Rc
+-> Wf6oihH1-grease
+1JCd3EhtX+OYjlmSt17OWxet/+bHlRtfDHIhMFRbTvdjt8saIRffxRYASWkg+HCR
+3cUlOR/aCG22BsI
+--- /ObukYBUdzN3bdi0YFdBch219+aRwQpzoNPGcnM6oeI
+Ão‡úoF6FŠ^š§ðXÊôcNË£-ßÑ~ŽÆûŸ¶ŽpY¾UZ8ÎZé"ªá‡YUÞ:1bYp^U´Í”×Î¥ß„†ŽŒi?OÌ
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-mealie/0e775e81155a16c48a693985ef87ce87-wireguard-proxy-home-priv-ward-mealie.age b/secrets/rekeyed/ward-mealie/0e775e81155a16c48a693985ef87ce87-wireguard-proxy-home-priv-ward-mealie.age
new file mode 100644
index 0000000..b8e2cf6
--- /dev/null
+++ b/secrets/rekeyed/ward-mealie/0e775e81155a16c48a693985ef87ce87-wireguard-proxy-home-priv-ward-mealie.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 lvVD1Q XH+1hvyyrVDswacwgSVP6jSIcailJbsCdRarwlMnrzs
++e+R58+qCvCxy64/v3c7ljVL41MIqqUIlkyi/QNmyOY
+-> u}-grease y vy?+:1
+B05VV7/MovZh2CbxdJotf+f40O9c97r4XU3KV4Ke1yqqrBjapMhNl/6z/WZakK/l
+WEzGOxhRn8lXQc6Gaxa3VkQzIrPFD2ZOSxFTjscPVwFL9hunJ3+104Px
+--- 3K6Z/4SOPvxVVHpHpCDlkujxGLR6empVqF/DcFcYJn8
+¯ì“ÞHÇJ5c½p(+ŒûšêiKŠ{å¡+À&ølµéI†âÀÈ98WÎÓyu¶Ñ4‰Â„Ò”KéTQ÷iET£Hµþ7Õ‚
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-mealie/40eee60695582040333e4fab6b3e99ab-wireguard-proxy-home-psks-ward+ward-mealie.age b/secrets/rekeyed/ward-mealie/40eee60695582040333e4fab6b3e99ab-wireguard-proxy-home-psks-ward+ward-mealie.age
new file mode 100644
index 0000000..d315631
--- /dev/null
+++ b/secrets/rekeyed/ward-mealie/40eee60695582040333e4fab6b3e99ab-wireguard-proxy-home-psks-ward+ward-mealie.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 lvVD1Q iShb88vIuWOY66+uWNmMQtezGJJSfmMwNmT0ddPQ8Fs
+zC7Lk8BgMap9E1/T2DkMLeYNSzv49qxT/lAXsOgHT/M
+-> $LQ9%qm-grease ?F' B:CTB(
+l/BZ/6lu6OFFEtKQO4/i6W8W+YMg0opJSJ903Yk
+--- 1nUvsKXuR/xpxmAY2WGKpk162DSm1kulcWc6YT2+SPc
+FÆ\ž«£cçbÆb(áº9[tš3föÜ*QõogcgsÏ,º§;ál´	@@óƒ¬–¢lÃQ]ƒ‚ˆn	‡‘•ùÞ-z!®?Kà
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-mealie/78d5e2eb2bb8a805e8d94c21fd1f2022-mealie-oauth2-client-secret.age b/secrets/rekeyed/ward-mealie/78d5e2eb2bb8a805e8d94c21fd1f2022-mealie-oauth2-client-secret.age
new file mode 100644
index 0000000..bcb68ad
--- /dev/null
+++ b/secrets/rekeyed/ward-mealie/78d5e2eb2bb8a805e8d94c21fd1f2022-mealie-oauth2-client-secret.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 lvVD1Q 1ftd4N+uIcmtSGYOerFKVH6fQavXooDt0f7BgCgzCmk
+DjCtfR88tAJQUSSQt9vTlOG5nhQ1iCnbiGcbDw/crOY
+-> #fyuI5Mu-grease
+SnraD1nrsAszqx7zmuLw3i8vC+epOSHg6DIsHRY
+--- /OdJQCUMgxTacJEAubG8PysIiI2yc6ECnu/3Xxn28xA
+žùf4¢¿bŠ@PO­ˆt±ÐSYasáe;ôº¸¢V¹hŽÉõ„¹CÕàW¹¤ßø=`“È€zrýþý9Ù‘…t°]“(K-‹`fÞ¾ö
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-mealie/dc45f32dc1bb8bf998a5743315023e84-promtail-loki-basic-auth-password.age b/secrets/rekeyed/ward-mealie/dc45f32dc1bb8bf998a5743315023e84-promtail-loki-basic-auth-password.age
new file mode 100644
index 0000000..a29b870
--- /dev/null
+++ b/secrets/rekeyed/ward-mealie/dc45f32dc1bb8bf998a5743315023e84-promtail-loki-basic-auth-password.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 lvVD1Q ilziysyxRUkLfYFbS5Q0pruB+dUmuOtmd6fGjsITRS0
+n086Qtr6zcm0Ozkon6BGUggP8a1qm8XouAg31YrO12I
+-> ei0^-grease 6G|p@_
+JEm5VZ+YV1hAtz++5XikLeeSySYaeuBI1glv4Np75mkYQftRRsoJczNM5FWMnBjx
+87w/3gNwFeKlpxsP0j4RavIm2XqCOvzIQb7tIJuP3EM9nrA6GgAb
+--- +zULhUPkWO/20iwtnz4Y3Jf89pw4w3UiTLgRtaGnFgs
+t®:…1»uR	œ"2]ïŸÚ«"~ö,‚©q˜Þ?¾l ”8¸|õ6Þ<ž·ÐŠHæ$)®GcìÃM0fy„ð"änPö§ï¿ÒÛ¡5¡
\ No newline at end of file
diff --git a/secrets/rekeyed/ward-web-proxy/06b01e2633342abd576d676cc0a97b4b-loki-basic-auth-hashes.age b/secrets/rekeyed/ward-web-proxy/06b01e2633342abd576d676cc0a97b4b-loki-basic-auth-hashes.age
new file mode 100644
index 0000000..00099c6
Binary files /dev/null and b/secrets/rekeyed/ward-web-proxy/06b01e2633342abd576d676cc0a97b4b-loki-basic-auth-hashes.age differ
diff --git a/secrets/rekeyed/ward-web-proxy/09683ecb6ba69322f3aa1c34b6ed6dfd-loki-basic-auth-hashes.age b/secrets/rekeyed/ward-web-proxy/09683ecb6ba69322f3aa1c34b6ed6dfd-loki-basic-auth-hashes.age
deleted file mode 100644
index c1b183c..0000000
Binary files a/secrets/rekeyed/ward-web-proxy/09683ecb6ba69322f3aa1c34b6ed6dfd-loki-basic-auth-hashes.age and /dev/null differ
diff --git a/secrets/rekeyed/ward/0c369898cbf97acc545fd1502c22a698-wireguard-proxy-home-psks-ward+ward-mealie.age b/secrets/rekeyed/ward/0c369898cbf97acc545fd1502c22a698-wireguard-proxy-home-psks-ward+ward-mealie.age
new file mode 100644
index 0000000..3d3dd8f
--- /dev/null
+++ b/secrets/rekeyed/ward/0c369898cbf97acc545fd1502c22a698-wireguard-proxy-home-psks-ward+ward-mealie.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 iNceIg E2ZHUBua1uN2jqFcGZRadRQQ6MbSdqp6eX4kNzjwaXk
+lvjp5twZimfTkbWx7KG4y0Ifg7CVvyeHCINYkgjo7q8
+-> xOBGCH-grease .fe[Q3 Dzm=`! ggW
+DsoXiHXKTej5cYbRdR+IAjlHGBGY1wBujsyeHBL+ZYWMBsK1AvJeUivTjGQAXw
+--- NLQ3LLLx8SOcGJxG+bUYnPJ0xiBRTuT1IJG5DxdWjv8
+^£ÆŽVÖuouù°þÔœ ð}s!³Œ-ìYÌa«7YH³¹_æÚÀšÂ9ù¬AÄ²8c·^T<G·EeÇë5VÁ…Jï}L
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-home/keys/ward-mealie.age b/secrets/wireguard/proxy-home/keys/ward-mealie.age
new file mode 100644
index 0000000..4572b0c
--- /dev/null
+++ b/secrets/wireguard/proxy-home/keys/ward-mealie.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 IGuSeVYlhS4zQIPtGjEdfz0aRlWwW9p7v1dnZE+0Y1s
+Va/LZJGX6lcWIJO88z6VOXy/nj/71CknrE6vfhqYLx4
+-> piv-p256 xqSe8Q A9v78VaWAYGK0qcnH9628aP26j86H5Lv37snchHbrqO2
+1QEZrG2VFBogG/3GrYmKREA97+srQJnYebgYqitBQ1w
+-> R-/_~K-grease
+sXTbRG1LknmW4uaybnfCc7wRhkE0LR6lIF7BfXJfh+NqyUZqiobiySS61RWGRp2x
+6Mg8FuOwz4XVYPVLEZ/+170XqvNHTU5il1xP579N7ovN2Q
+--- jcRvGpWSesVfxcd/PeUl/VnA52jkliI30rC55RgZiwc
+&$úq\;˜¢£RØ¸îA©,Ø¬¹-ÚwyL–Ç²›€¼CxU3	¶¹ß/¸étòýÂvhÇ-hÄ>£Ìzï„Qö$IÌÓ
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-home/keys/ward-mealie.pub b/secrets/wireguard/proxy-home/keys/ward-mealie.pub
new file mode 100644
index 0000000..7987e45
--- /dev/null
+++ b/secrets/wireguard/proxy-home/keys/ward-mealie.pub
@@ -0,0 +1 @@
+2N/eyBW8vTKV7Q5CKAr6+37AH0DdB7RRHpvbXaWwOx4=
diff --git a/secrets/wireguard/proxy-home/psks/ward+ward-mealie.age b/secrets/wireguard/proxy-home/psks/ward+ward-mealie.age
new file mode 100644
index 0000000..0017a3a
--- /dev/null
+++ b/secrets/wireguard/proxy-home/psks/ward+ward-mealie.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 WghdrFO5I3jJ32m9Z/LoSsbmA3KFSji4XwvejaR+mG8
+1EISuNRcxxldcjPRNFUupQ4KldvIbsBfwq3OrIRO3XM
+-> piv-p256 xqSe8Q A38ktdHkbuqywFR1vLYmjZ/4bwwCsMtpiYw+JeBZ8hJI
+7rd7W2o43+ic0akAqDZz3pP+iAE1I+nt38CVLylY2qg
+-> tssi"-grease /c?&9>,} P5}~<: eE~$p\C
+V7OSW0OxjRENAvsYvwHiHRQHDIFBbn8zElLW9BNntLDNMjhjNl8KEgbciRBKYCkU
+t7I
+--- eY9b9CPUwHCuj97O8Io5epNsxGdlVR4v48BFg+v/Lp0
+Æ
+Õ!^KêýÆ£­?Ï°è	||ˆLà–m¥…¹òmJFèÆ¢)IÃ^Ì´)O'p¾ŽF‰…ÃœÇ.«p"IpÚæª½|s[E°ÔŒ«‚
\ No newline at end of file