diff --git a/nixos/pruflas/configuration.nix b/nixos/pruflas/configuration.nix
index f0e2878..6bfbb8d 100644
--- a/nixos/pruflas/configuration.nix
+++ b/nixos/pruflas/configuration.nix
@@ -7,6 +7,7 @@ with lib;
 let
   secretsPath = config.dadada.secrets.path;
   wg0PrivKey = "${config.networking.hostName}-wg0-key";
+  wgHydraPrivKey = "${config.networking.hostName}-wg-hydra-key";
   wg0PresharedKey = "${config.networking.hostName}-wg0-preshared-key";
 in
 {
@@ -67,6 +68,8 @@ in
   age.secrets.${wg0PrivKey}.file = "${secretsPath}/${wg0PrivKey}.age";
   age.secrets.${wg0PresharedKey}.file = "${secretsPath}/${wg0PresharedKey}.age";
 
+  age.secrets.${wgHydraPrivKey}.file = "${secretsPath}/${wgHydraPrivKey}.age";
+
   networking.wireguard = {
     enable = true;
     interfaces.uwupn = {
@@ -83,6 +86,19 @@ in
         }
       ];
     };
+    interfaces.hydra = {
+      allowedIPsAsRoutes = true;
+      privateKeyFile = config.age.secrets.${wgHydraPrivKey}.path;
+      ips = [ "10.3.3.3/32" ];
+      peers = [
+        {
+          publicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY=";
+          allowedIPs = [ "10.3.3.1/32" ];
+          endpoint = "hydra.dadada.li:51235";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
   };
 
   networking.useDHCP = false;
diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix
index f6cdf3e..02a7fe8 100644
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@@ -110,7 +110,7 @@ in
 
     peers = [
       {
-        publicKey = "CTKwL6+SJIqKXr1DIHejMDgjoxlWPaT78Pz3+JqcNlw=";
+        publicKey = "MEFz5bbCtUX/v6pMwRf/H3q3Wo8dG1XwcKzJKXi4VGU=";
         allowedIPs = [ "10.3.3.3/32" ];
         persistentKeepalive = 25;
       }
diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age
new file mode 100644
index 0000000..ca95e6c
--- /dev/null
+++ b/secrets/pruflas-wg-hydra-key.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 IXCPDQ 6+CrklvnvWtZDN5Z4rHu8tgyB2+TJtZqu2TbA4TuzBE
+XmCvEAgEEL3z1gFqQ8r6pUuQTYWjhQK+ZsSWWMUZ6n4
+-> ssh-ed25519 Otklkw B61xlgJCn+y0KsFH0wLTsD2L/sVBocuW2+hXfm+iAng
+0aDLbZysdaynxHDVEAas9aUQqTN2nYCzM4Wm60YRda8
+-> ]duY0-grease ZVwc .o`(
+itvofJfdMKtJwMY8RclR6vNkAZgLUIS56Oi2Yvp+fgGzOhK2doc/MeX05HuU36kh
+O6icXsIueao
+--- 7IihWX7WhSQG5LSVdt/nq3JnKpiojHTKpNOgm+WVU4o
+©?æüCƒ@Ã8haöL¢u1'6TN[4É- Å~*¢ð4ØÏÿ²þKG—Ú«X´Ô'73²` k“r­HWÕ%P~ ¹–
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 92f7025..b13b73d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,6 +15,7 @@ in
 {
   "pruflas-wg0-key.age".publicKeys = [ systems.pruflas dadada ];
   "pruflas-wg0-preshared-key.age".publicKeys = [ systems.pruflas dadada ];
+  "pruflas-wg-hydra-key.age".publicKeys = [ systems.pruflas dadada ];
 } //
 backupSecrets "gorgon" //
 backupSecrets "ifrit" //