diff --git a/common/wg_pubkey_proton b/common/wg_pubkey_proton
new file mode 100644
index 0000000..a161d5a
--- /dev/null
+++ b/common/wg_pubkey_proton
@@ -0,0 +1 @@
+g6DkXWKI/68RsLjROIwCEcyB/ZhyK5Q7OWcz1TtqER0=
diff --git a/nixy/configuration.nix b/nixy/configuration.nix
index fc3ea04..dd758c8 100644
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@@ -31,6 +31,10 @@
         sopsFile = ../common/secrets/wg_preshared.yaml;
       };
 
+      "wg_privkey_proton" = {
+        sopsFile = ./secrets/wg_privkey_proton.yaml;
+      };
+
       "borgbase_enc_key" = {
         sopsFile = ./secrets/borgbase_enc_key.yaml;
         owner = config.users.users.akill.name;
@@ -144,6 +148,19 @@
           }
         ];
       };
+
+      proton = {
+        ips = [ "10.2.0.2/32" ];
+        privateKeyFile = config.sops.secrets."wg_privkey_proton".path;
+        peers = [
+          {
+            publicKey = builtins.readFile ../common/wg_pubkey_proton;
+            allowedIPs = [ "10.2.0.0/24" ];
+            endpoint = "109.236.81.166:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
     };
   };
 
diff --git a/nixy/secrets/wg_privkey_proton.yaml b/nixy/secrets/wg_privkey_proton.yaml
new file mode 100644
index 0000000..aa143b7
--- /dev/null
+++ b/nixy/secrets/wg_privkey_proton.yaml
@@ -0,0 +1,21 @@
+wg_privkey_proton: ENC[AES256_GCM,data:qVVd+1s2T3sKDi03V+eMvgqW8LAVl/yEKwtG2EMn8NhBCN7RvlttC5SeIDM=,iv:/QcrtmMjCzZRulumIz5u9oxyaRt+HUq96ZiP8ecpvAo=,tag:1DCaJqVGfg3sfvKTQnmzZA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdXZpL1lrOEYyYVdFTzNJ
+            SHhXRVc5Y0o4ZzN2THRjM215UWczVjZOTXg4CjBJZ2VxN0t0ZFgzTmJMeXo5SWZk
+            UjRlNmdRTVVPbHVEeXM3TWhoS0pSUTQKLS0tIEtkTURBc1A3d2lTalhmeEoxUkZj
+            K3BHZnUzN3ZrL1dFQk8rWFpZR05pbFUKObrnIpY3NR1o3/lKhTfVpQU+eQRTi7wF
+            SAjGZ5BRdCi5x1VWRxiT1Fvjqkm7kBEQFvdSvbqW2UK6lVHtWgt2Vg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-05T21:10:36Z"
+    mac: ENC[AES256_GCM,data:uqZkMFXU1u38jWh0sAaiCmqUqXLNy2FnVBK2YiMpJ8qsWCp0iyDpZ6Jsx3S15Pk7O2km8ZdbInjyo5xS85VKV+E3syJ+ERKAVLRiiioEKc6/GRG/23Qiv+hg8fbgipsuKeTsmiz7bizqqIruX/bP0zhdMRfC/d7Q11t4UBSLeZ8=,iv:UtsPL1loFXGNpteUujEagQuQ3lWwqFbvCbCVGTwQhaY=,tag:lqlrpOuAg8xb0msF1Gb0Kg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1