diff --git a/framework/configuration.nix b/framework/configuration.nix
index 7e04e64..f1018c0 100644
--- a/framework/configuration.nix
+++ b/framework/configuration.nix
@@ -65,26 +65,17 @@
       ];
     };
 
-#    wireguard.interfaces.wg0 = {
-#      ips = [ "10.100.0.4/32" ];
-#      listenPort = 51820;
-#
-#      privateKeyFile = "/home/sijmen/wireguard-keys/private";
-#
-#      peers = [{
-#          publicKey = "zu9vXxxg4wm0R4yWQ2HPaAwJbizuccGYbBB/StwSsm4=";
-#
-#          # Forward all the traffic via VPN.
-#          #allowedIPs = [ "0.0.0.0/0" ];
-#          # Or forward only particular subnets
-#          allowedIPs = [ "10.100.0.0/24" ];
-#
-#          # Set this to the server IP and port.
-#          endpoint = "143.178.219.107:51820";
-#          persistentKeepalive = 25;
-#        }
-#      ];
-#    };
+    wireguard.interfaces.wg0 = {
+      ips = [ "10.100.0.4/32" ];
+      listenPort = 51820;
+      privateKeyFile = "/home/sijmen/wireguard-keys/private";
+      peers = [{
+        publicKey = "zu9vXxxg4wm0R4yWQ2HPaAwJbizuccGYbBB/StwSsm4=";
+        allowedIPs = [ "10.100.0.0/24" ];
+        endpoint = "143.178.219.107:51820";
+        persistentKeepalive = 25;
+      }];
+    };
   };
 
   services = {
diff --git a/nas/configuration.nix b/nas/configuration.nix
index 1aef7b2..26a0345 100644
--- a/nas/configuration.nix
+++ b/nas/configuration.nix
@@ -108,6 +108,12 @@
           publicKey = "Y2X8mT+LCXkjLjzRBcdglIKLYu68kvf5K0nKTEOWdGE=";
           allowedIPs = [ "10.100.0.2/32" ];
         }
+
+        {
+          # framework
+          publicKey = "csvOi6DK6b9zh0JCGIe8z25ePmayY7Hihm5Ur2/aIyo=";
+          allowedIPs = [ "10.100.0.4/32" ];
+        }
       ];
     };
   };