diff --git a/modules/networking.nix b/modules/networking.nix
index edb5767..374a88f 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -43,4 +43,28 @@
     enable = true;
     nssmdns = true;
   };
+
+  # VPN setup
+  systemd.network.netdevs."wg0" = {
+    netdevConfig = {
+      Kind = "wireguard";
+      Name = "wg0";
+    };
+    wireguardConfig.PrivateKeyFile = config.age.secrets.wireguard.path;
+    wireguardPeers = [{
+      wireguardPeerConfig = {
+        PublicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU=";
+        AllowedIPs = [ "0.0.0.0/0" ];
+        Endpoint = "coolneng.duckdns.org:443";
+      };
+    }];
+  };
+  systemd.network.networks."wg0" = {
+    matchConfig.Name = "wg0";
+    networkConfig = {
+      Address = "10.8.0.2/32";
+      DNS = "10.8.0.1";
+    };
+    routes = [{ routeConfig.Destination = "10.8.0.1"; }];
+  };
 }