diff --git a/nixy/configuration.nix b/nixy/configuration.nix
index c308d00..260eb74 100644
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@@ -22,6 +22,10 @@
     group = config.users.users.nobody.group;
   };
 
+  sops.secrets."wg_privkey" = {
+    sopsFile = ./secrets/wg_privkey.yaml;
+  };
+
   nix = {
     optimise.automatic = true;
     gc.automatic = true;
@@ -76,7 +80,7 @@
   networking = {
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443];
+      allowedTCPPorts = [80 443 51820];
     };
 
     hostName = "nixy";
@@ -108,6 +112,22 @@
         };
       };
     };
+
+    wireguard.interfaces = {
+      wg0 = {
+        ips = ["10.100.0.6/24"];
+        listenPort = 51820;
+        privateKeyFile = config.sops.secrets."wg_privkey".path;
+        peers = [
+          {
+            publicKey = builtins.readFile ../magpie/wg_pubkey;
+            allowedIPs = ["10.100.0.1"];
+            endpoint = "5.75.229.224:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
   };
 
   time.timeZone = "Europe/Sarajevo";
@@ -191,15 +211,15 @@
     udev = {
       packages = [pkgs.rtl-sdr pkgs.openhantek6022 pkgs.openocd];
       extraRules = ''
-	#Xilinx FTDI
-	ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
+        #Xilinx FTDI
+        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
 
-	#Xilinx Digilent
-	ATTR{idVendor}=="1443", MODE:="666"
-	ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
+        #Xilinx Digilent
+        ATTR{idVendor}=="1443", MODE:="666"
+        ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
 
-	#Arduino UNO r4
-	SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", MODE:="0666"
+        #Arduino UNO r4
+        SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", MODE:="0666"
       '';
     };