diff --git a/thinkpad/configuration.nix b/thinkpad/configuration.nix
index c0a38f7..e89c0b4 100644
--- a/thinkpad/configuration.nix
+++ b/thinkpad/configuration.nix
@@ -52,6 +52,28 @@
       allowedUDPPorts = [
         21027   # syncthing discovery
         22000   # syncthing sync
+        51820   # wireguard
+      ];
+    };
+
+    wireguard.interfaces.wg0 = {
+      ips = [ "10.100.0.2/32" ];
+      listenPort = 51820;
+
+      privateKeyFile = "/home/sijmen/wireguard-keys/private";
+
+      peers = [{
+          publicKey = "zu9vXxxg4wm0R4yWQ2HPaAwJbizuccGYbBB/StwSsm4=";
+
+          # Forward all the traffic via VPN.
+          #allowedIPs = [ "0.0.0.0/0" ];
+          # Or forward only particular subnets
+          allowedIPs = [ "10.100.0.0/24" ];
+
+          # Set this to the server IP and port.
+          endpoint = "143.178.219.107:51820";
+          persistentKeepalive = 25;
+        }
       ];
     };
   };