diff --git a/.gitsecret/paths/mapping.cfg b/.gitsecret/paths/mapping.cfg
index 71183a9..6deb9a6 100644
--- a/.gitsecret/paths/mapping.cfg
+++ b/.gitsecret/paths/mapping.cfg
@@ -1 +1 @@
-configs/secrets.nix:a83d724b6fe99623ff5a9e649a30227c3c199d302b10dce75db8ab3f3271d7f8
+configs/secrets.nix:165513a6eda74a9bca732e62cb1ba1863bcd230be4e9cf0809b7081fe6f29133
diff --git a/configs/secrets.nix.secret b/configs/secrets.nix.secret
index 13c2a7f..d07f33b 100644
Binary files a/configs/secrets.nix.secret and b/configs/secrets.nix.secret differ
diff --git a/machine/desktop.nix b/machine/desktop.nix
index 78b9796..bf0b23f 100644
--- a/machine/desktop.nix
+++ b/machine/desktop.nix
@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 
 let
-  unstable = import <nixos-unstable> { config.allowUnfree = true; };
+  secrets = import ../configs/secrets.nix;
 in
 {
   imports =
@@ -36,6 +36,22 @@ in
   boot.kernelModules = [ "it87" "v4l2loopback" ];
 
   networking.hostName = "desktop"; # Define your hostname.
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.2/24" ];
+      privateKey = secrets.wireguard-desktop-private;
+
+      peers = [
+        {
+          publicKey = secrets.wireguard-vps-public;
+          presharedKey = secrets.wireguard-preshared;
+          allowedIPs = [ "10.100.0.0/24" ];
+          endpoint = "szczepan.ski:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
 
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
diff --git a/machine/mini.nix b/machine/mini.nix
index 385afb7..68d3390 100644
--- a/machine/mini.nix
+++ b/machine/mini.nix
@@ -24,6 +24,22 @@
       # allowedTCPPorts = [ 6443 ];
     };
     networkmanager.enable = true;
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "10.100.0.3/24" ];
+        privateKey = secrets.wireguard-mini-private;
+
+        peers = [
+          {
+            publicKey = secrets.wireguard-vps-public;
+            presharedKey = secrets.wireguard-preshared;
+            allowedIPs = [ "10.100.0.0/24" ];
+            endpoint = "szczepan.ski:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
   };
 
   services.k3s.enable = true;
diff --git a/machine/vps.nix b/machine/vps.nix
index 0d80f90..5b1102b 100644
--- a/machine/vps.nix
+++ b/machine/vps.nix
@@ -38,6 +38,10 @@ in
           publicKey = secrets.wireguard-desktop-public;
           presharedKey = secrets.wireguard-preshared;
           allowedIPs = [ "10.100.0.2/32" ];
+        }{
+          publicKey = secrets.wireguard-mini-public;
+          presharedKey = secrets.wireguard-preshared;
+          allowedIPs = [ "10.100.0.3/32" ];
         }];
       };
     };