diff --git a/nix-config/host/oldie/configuration.nix b/nix-config/host/oldie/configuration.nix
index 8ceb445..8a16a24 100644
--- a/nix-config/host/oldie/configuration.nix
+++ b/nix-config/host/oldie/configuration.nix
@@ -7,6 +7,7 @@
   lib,
   pkgs,
   materusArgs,
+  mkk,
   ...
 }:
 
@@ -325,6 +326,43 @@
   hardware.uinput.enable = true;
   hardware.steam-hardware.enable = true;
 
+
+  sops.templates."networkmanager.env".content = ''
+    WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
+  '';
+  networking.networkmanager.ensureProfiles.environmentFiles = [
+    config.sops.templates."networkmanager.env".path
+  ];
+  networking.networkmanager.ensureProfiles.profiles = {
+    wg0 = {
+      connection = {
+        id = "PodKos";
+        type = "wireguard";
+        interface-name = "wg-podkos";
+      };
+      wireguard = {
+        private-key = "$WIREGUARD_PRIVATEKEY";
+      };
+      "wireguard-peer.${mkk.wireguard.peers.valkyrie.pubKey}" = {
+        endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
+        allowed-ips = "${mkk.wireguard.ip-masks.main};${mkk.wireguard.ip-masks.guest};${mkk.wireguard.ip-masks.asia};${mkk.wireguard.peers.valkyrie.ip}/32;";
+        persistent-keepalive = "20";
+      };
+      ipv4 = {
+        address1 = "${mkk.wireguard.peers.oldie.ip}/32";
+        dns = "${mkk.wireguard.peers.valkyrie.ip};";
+        method = "manual";
+        never-default = "true";
+      };
+      ipv6 = {
+        addr-gen-mode = "stable-privacy";
+        method = "disabled";
+      };
+      proxy = { };
+    };
+  };
+
+
   # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
   system.stateVersion = "26.05"; # Did you read the comment?
 
diff --git a/nix-config/host/oldie/default.nix b/nix-config/host/oldie/default.nix
index 0167962..56b837a 100644
--- a/nix-config/host/oldie/default.nix
+++ b/nix-config/host/oldie/default.nix
@@ -2,5 +2,7 @@
 {
   imports = [
     ./configuration.nix
+
+    ./private
   ];
 }
diff --git a/nix-config/host/oldie/private/default.nix b/nix-config/host/oldie/private/default.nix
new file mode 100644
index 0000000..db88914
Binary files /dev/null and b/nix-config/host/oldie/private/default.nix differ
diff --git a/nix-config/host/oldie/private/secrets.yaml b/nix-config/host/oldie/private/secrets.yaml
new file mode 100644
index 0000000..3aa042c
Binary files /dev/null and b/nix-config/host/oldie/private/secrets.yaml differ
diff --git a/nix-config/shared/private/variables.nix b/nix-config/shared/private/variables.nix
index 00584c2..4a51939 100644
Binary files a/nix-config/shared/private/variables.nix and b/nix-config/shared/private/variables.nix differ