diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix
index 14d13f6..dc6edda 100644
--- a/machines/dragonwell/default.nix
+++ b/machines/dragonwell/default.nix
@@ -2,7 +2,7 @@ let
   username = "jolheiser";
   key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser'';
 in {
-  imports = [./caddy.nix ./golink.nix ./gotosocial.nix ./restic.nix ./ugit.nix ./hardware.nix];
+  imports = [./caddy.nix ./dex.nix ./golink.nix ./gotosocial.nix ./restic.nix ./ugit.nix ./hardware.nix];
 
   boot.tmp.cleanOnBoot = true;
   zramSwap.enable = true;
diff --git a/machines/dragonwell/dex.nix b/machines/dragonwell/dex.nix
new file mode 100644
index 0000000..fa89dc6
--- /dev/null
+++ b/machines/dragonwell/dex.nix
@@ -0,0 +1,24 @@
+{config, ...}: {
+  age.secrets.dex.file = ../../secrets/personal/dex.age;
+  services.dex = {
+    enable = true;
+    settings = {
+      issuer = "https://auth.jolheiser.com";
+      storage = {
+        type = "sqlite3";
+        config.file = "/var/lib/dex/dex.db";
+      };
+      web.http = "localhost:2884";
+      enablePasswordDB = true;
+      staticPasswords = [
+        {
+          email = "john@jolheiser.com";
+          hash = "$DEX_JOLHEISER_HASH";
+          username = "jolheiser";
+          userID = "$DEX_JOLHEISER_UID";
+        }
+      ];
+    };
+    environmentFile = config.age.secrets.dex.path;
+  };
+}
diff --git a/secrets/personal/dex.age b/secrets/personal/dex.age
new file mode 100644
index 0000000..8fa15a4
Binary files /dev/null and b/secrets/personal/dex.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a38e355..cdffc0f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,4 +21,5 @@ in {
   "personal/restic-env.age".publicKeys = [jolheiser dragonwell];
   "personal/restic-pass.age".publicKeys = [jolheiser dragonwell];
   "personal/restic-repo.age".publicKeys = [jolheiser dragonwell];
+  "personal/dex.age".publicKeys = [jolheiser dragonwell];
 }