diff --git a/machines/oracle/configuration.nix b/machines/oracle/configuration.nix
index db3a2ba..bd029fe 100644
--- a/machines/oracle/configuration.nix
+++ b/machines/oracle/configuration.nix
@@ -15,6 +15,25 @@
     PasswordAuthentication = false;
   };
 
+  environment.systemPackages = with pkgs; [ wireguard-tools ];
+
+  # Wireguard tunnel
+  age.secrets.wireguardOracle.file = "../../secrets/wireguard-oracle.age";
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      address = [ "10.0.10.1/24" ];
+      listenPort = 51820;
+      privateKeyFile = config.age.secrets.wireguardOracle.path;
+
+      peers = [
+        {
+          publicKey = "iKJO9Q8LsdCdApapTX9CJmrtAKn1TYhg4YUiBUBPzmo=";
+          allowedIPs = "10.0.10.2/32";
+        };
+      ];
+    };
+  };
+
   programs.zsh.enable = true;
   environment.variables.EDITOR = "nvim";
 
diff --git a/machines/thinkcentre/configuration.nix b/machines/thinkcentre/configuration.nix
index 04459d7..ae0f246 100644
--- a/machines/thinkcentre/configuration.nix
+++ b/machines/thinkcentre/configuration.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+{pkgs, config, ...}: {
   imports = [
     # Include the results of the hardware scan.
     ./hardware-configuration.nix
@@ -6,6 +6,24 @@
 
   networking.hostName = "venus"; # Define your hostname.
 
+  # Wireguard tunnel to oracle
+  age.secrets.wireguardThinkcentre.file = "../../secrets/wireguard-thinkcentre.age";
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      address = [ "10.0.10.2/32" ];
+      listenPort = 51820;
+      privateKeyFile = config.age.secrets.wireguardThinkcentre.path;
+
+      peers = [
+        {
+          publicKey = "sdqT2l1HRe9rDYejJ+luQK8zdC+/KqDuQ1rpvZq/KlQ=";
+          endpoint = "150.136.162.107:51820";
+          allowedIPs = "10.0.10.1/24";
+        };
+      ];
+    };
+  };
+
   # Set your time zone.
   time.timeZone = "America/New_York";
 
diff --git a/secrets/wireguard-oracle.age b/secrets/wireguard-oracle.age
index e69de29..9e52161 100644
--- a/secrets/wireguard-oracle.age
+++ b/secrets/wireguard-oracle.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 XlaGxQ 64T+sKc6cuLGJpF2mjdRoLupmh4r4xDJYWnz2XtW5yw
+Fn2imf2lLbjRLQOG7FP844OfmLm2uX3zz+mEy4k4PbM
+--- hVrfmKh1csvwWIvzvdcOiJVM9+KzG1xLr5eYj9qZ3oE
+*°˜Þý³nñ¤ý»zkXI `{#.=×,ÀÃî`WghÇüc.”Õ[´w³JÔÐdÑØV,ëß–&iz¯¥˜ÎLÚ9Bì"u}ºÍŸ
\ No newline at end of file