diff --git a/modules/networking.nix b/modules/networking.nix
index 991c387..65f1cce 100644
--- a/modules/networking.nix
+++ b/modules/networking.nix
@@ -39,11 +39,46 @@
       80
       443
     ];
+    allowedUDPPorts = [
+      51820 # Wireguard
+    ];
     autoLoadConntrackHelpers = true;
     connectionTrackingModules = [ "sane" ];
+    extraCommands = ''
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
+        '';
   };
 
   # Disable IPv6
   networking.enableIPv6 = false;
+
+  # Enable NAT for wireguard
+  networking.nat = {
+    enable = true;
+    externalInterface = "eth0";
+    internalInterfaces = [ "wg0" ];
+  };
+
+  # Wireguard setup
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.8.0.1/24" ];
+      listenPort = 51820;
+      privateKeyFile = "/home/coolneng/.wg/keys/privatekey";
+      peers = [
+        # Monolith
+        {
+          publicKey = "ka9a/VB49XMtrMw/ZJmZHThfk2Y5D/8wErLPtN+KvHE=";
+          allowedIPs = [ "10.8.0.2/32" ];
+        }
+        # Roamer
+        #{
+          #publicKey = "{john doe's public key}";
+          #allowedIPs = [ "10.8.0.3/32" ];
+        #}
+      ];
+    };
+  };
+
 }