diff --git a/configuration.nix b/configuration.nix
index b842f08..252adb5 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -174,6 +174,19 @@
   };
   
 
+  # WireGuard VPN
+  networking.wg-quick.interfaces.wg0 = {
+    address = [ "10.0.1.66/28" ];
+    privateKeyFile = "/etc/wireguard/private.key";
+
+    peers = [{
+      publicKey = "VEpzr/CeGdS6Wsy0NDDfmlB/bCYxS55A155HWGCIIzc=";
+      endpoint = "vpn.leeworks.dev:51820";
+      allowedIPs = [ "10.0.1.64/28" ];
+      persistentKeepalive = 25;
+    }];
+  };
+
   services.tailscale = {
     enable = true;
     useRoutingFeatures = "client";  # or "both" for subnet routing