diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix
index 5ed0631..be881ef 100644
--- a/nixos/pruflas/configuration.nix
+++ b/nixos/pruflas/configuration.nix
@@ -3,7 +3,13 @@
 , lib
 , ...
 }:
-with lib; {
+with lib;
+let
+  secretsPath = config.dadada.secrets.path;
+  wg0PrivKey = "${config.networking.hostName}-wg0-key";
+  wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key";
+in
+{
   imports = [ ./hardware-configuration.nix ];
 
   networking.hostName = "pruflas";
@@ -46,6 +52,27 @@ with lib; {
     bs.enable = true;
   };
 
+  age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age";
+  age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age";
+
+  networking.wireguard = {
+    enable = true;
+    interfaces.uwupn = {
+      allowedIPsAsRoutes = true;
+      privateKeyFile = config.age.secrets.${wg0PrivKey}.path;
+      ips = [ "10.11.0.39/32" "fc00:1337:dead:beef::10.11.0.39/128" ];
+      peers = [
+        {
+          publicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
+          allowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ];
+          endpoint = "53c70r.de:51820";
+          persistentKeepalive = 25;
+          presharedKeyFile = config.age.secrets.${wg0PresharedKey}.path;
+        }
+      ];
+    };
+  };
+
   networking.useDHCP = false;
   networking.interfaces."enp0s25".useDHCP = true;
 
@@ -105,6 +132,8 @@ with lib; {
   users.mutableUsers = true;
 
   dadada.networking.localResolver.enable = true;
+  dadada.networking.localResolver.uwu = true;
+  dadada.networking.localResolver.s0 = true;
 
   dadada.autoUpgrade.enable = mkDefault true;
 
diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age
new file mode 100644
index 0000000..fdefc94
--- /dev/null
+++ b/secrets/pruflas-wg0-key.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 IXCPDQ yZsU7q89HVxP6Ldup2noEaGy5+SzFzuMtA4/+4mQfUU
+w1cM4NXL+M9RjRjuYswEWYhtiWPgjlJEdwm9wQ9GF5Q
+-> ssh-ed25519 Otklkw O8jQnBDmaBnKLHU4nAIeRwkXE3ovdw7Y6vmZcmwqpUc
+rM5wbfCSQhA0wxfRPVLB7dVl8L8aiB9eWhTX/ARV1YE
+-> pJ-grease ~4C{og l_
+pXTBa1xB/KJU5w
+--- +w4Zc/+fVRky0Nzu0R9cc1MKAOgig1swtCLDrb6M4WM
+³_Í LJ´îŽîÕïú²pÆB„´ûÓ$Ÿ£fÓ’xw}îAÕÎ6Þ¤6°P²Æ-{+öE±þÜ[FßÖaýWœ,ØÂ…Žl¶­Ž&
\ No newline at end of file
diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age
new file mode 100644
index 0000000..2756e64
--- /dev/null
+++ b/secrets/pruflas-wg0-preshared-key.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 IXCPDQ Q0ETN6DFshfo+YouSf/YWX7u8otnnAqZr/Y7qxCRiTI
+5LVB4bzpysObZJkmJJw2kgE57lZKs2XA8BVSwS7y/VM
+-> ssh-ed25519 Otklkw Lgo+x/ODCP6e3SHg2rZVNNLZkHCCT7YMC7MT0Fa4dHc
+bX+Bja0SeGBzNQS3vUGj+GVDAYVTgyGQtPw5I0DWPdU
+-> 7&'U\;\-grease ot 7f'PU3CA
+O2UHtKXSTN5TrfVh7ROQ8x9YLynOFvrxK+1kSW42hGbTstOdhBAlNfKMdiIM4Itn
+k7Jshx6UTqa8dF8QIw2cme0jFkF8JUioj7uQuusGBG/WZg
+--- Wau438nNnP4srJ16gRGC/9jUdCB6TjBgxc2kZVRsvn0
+´fÛð¯m7¬ºöÛã\ûÐVÚÚhðê¥ëMeöm¾^õ?EkfPû7ÔÄh¥ôäu]ÝnÅ+n.>†É<dOñ¡|Çn_k&»ÄÊo
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7af9e91..92f7025 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -12,7 +12,10 @@ let
     "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ];
   };
 in
-{ } //
+{
+  "pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ];
+  "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ];
+} //
 backupSecrets "gorgon" //
 backupSecrets "ifrit" //
 backupSecrets "pruflas" //