diff --git a/hosts/rico2/network.nix b/hosts/rico2/network.nix
index 6767bbe..960ada2 100644
--- a/hosts/rico2/network.nix
+++ b/hosts/rico2/network.nix
@@ -1,4 +1,5 @@
 {lib, ...}: {
+  imports = [./wireguard.nix];
   networking = {
     hostName = "Rico2";
     useDHCP = lib.mkDefault false;
diff --git a/hosts/rico2/wireguard.nix b/hosts/rico2/wireguard.nix
new file mode 100644
index 0000000..d814da6
--- /dev/null
+++ b/hosts/rico2/wireguard.nix
@@ -0,0 +1,22 @@
+{
+  config,
+  secrets,
+  ...
+}: let
+  inherit (secrets.wireguard_config) peers Proxy Skipper;
+in {
+  networking.wireguard = {
+    enable = true;
+    interfaces = {
+      wg0 = {
+        inherit (peers."${config.networking.hostName}") ips;
+        privateKeyFile = "/etc/wireguard/private.key";
+        generatePrivateKeyFile = true;
+        peers = [
+          Proxy
+          Skipper
+        ];
+      };
+    };
+  };
+}