diff --git a/Makefile b/Makefile
index 1531e82..4ceeb0f 100644
--- a/Makefile
+++ b/Makefile
@@ -31,4 +31,7 @@ vscodium:
 zsh:
 	ansible-playbook playbooks/zsh.yml -i inventory/hosts.yml -K
 
+wireguard:
+	ansible-playbook playbooks/wireguard.yml -i inventory/hosts.yml -K --ask-vault-pass
+
 .PHONY: run
diff --git a/README.md b/README.md
index 4e12acc..2712fa0 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,6 @@ My current setup is [Regolith OS](https://regolith-desktop.com/) which is basica
 - i3 app shortcuts
 - terminal font
 - default git branch master
-- wireguard configuration to home
 - Configuration for desktop at uni. It should be really similar, except syncthing should have a new keypair. Also some applications are not necessary, e.g. nicotine+ and virtualbox.
 
 Would like Ansible Vault to check in keypair for syncthing.
diff --git a/playbooks/all.yml b/playbooks/all.yml
index 4668c94..799ac42 100644
--- a/playbooks/all.yml
+++ b/playbooks/all.yml
@@ -6,6 +6,7 @@
     my_roles:
       - zsh
       - asdf
+      - wireguard
       - neovim
       - signal
       - virtualbox
diff --git a/playbooks/wireguard.yml b/playbooks/wireguard.yml
new file mode 100644
index 0000000..4a5222d
--- /dev/null
+++ b/playbooks/wireguard.yml
@@ -0,0 +1,4 @@
+- name: Install wireguard
+  hosts: self
+  roles:
+    - wireguard
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
new file mode 100644
index 0000000..7767f48
--- /dev/null
+++ b/roles/wireguard/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: Install wireguard
+  become: true
+  apt:
+    name: wireguard
+    state: present
+- name: Install home.conf
+  become: true
+  template:
+    src: "{{ role_path }}/templates/home.conf.j2"
+    dest: /etc/wireguard/home.conf
diff --git a/roles/wireguard/templates/home.conf.j2 b/roles/wireguard/templates/home.conf.j2
new file mode 100644
index 0000000..b6a4f4a
--- /dev/null
+++ b/roles/wireguard/templates/home.conf.j2
@@ -0,0 +1,10 @@
+[Interface]
+Privatekey={{ private_key }}
+Address=192.168.40.3/24
+DNS=192.168.10.1
+
+[Peer]
+Publickey=URG3OY/ow/vY+Ou2z/9V0xHmc6kQ0SmV24F5105b5yI=
+PresharedKey={{ preshared_key }}
+Endpoint=wg.geokunis2.nl:47239
+AllowedIPs=0.0.0.0/0
diff --git a/roles/wireguard/vars/main.yml b/roles/wireguard/vars/main.yml
new file mode 100644
index 0000000..326be0a
--- /dev/null
+++ b/roles/wireguard/vars/main.yml
@@ -0,0 +1,16 @@
+private_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          34373762323462386235343934613038633764663961633635343439373033656662313731313736
+          6166326637393162663035653830333832633034386335630a343438613561626162393336306438
+          33633937626535356337366234306366383864346332396539376162666431343636383739353831
+          3735373033346634650a343937653565353063326335373764616262663339363764316261626438
+          34373663643165303837613132313231396266636136303333363361613733343564393531366631
+          6238343964613130623764333165333961366538333433626137
+preshared_key: !vault |
+          $ANSIBLE_VAULT;1.1;AES256
+          62336462356637633962336335383565666562613961653664316330373163326437623535336463
+          3861346562346639353339386135633935626361633131360a386130333266393333656130656264
+          31666631623262336261356261353932633763303235316437373139336334343764643936646632
+          3366393362376334370a333835623033343030333937636539336362653838643937616164613139
+          33343565333733643738656631346433356164386561306537626336343332613961613430633238
+          3237333865633231646162303532303461656463343137393037