diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix
index 4f56245..399f537 100644
--- a/hosts/thinkpad/modules/networks/default.nix
+++ b/hosts/thinkpad/modules/networks/default.nix
@@ -2,12 +2,15 @@
 {
   imports = [ ./uni.nix ];
 
-  sops.secrets."wireless-env" = { };
+  sops.secrets = {
+    "wireless-env" = { };
+    "wireguard/dorm/private" = { };
+    "wireguard/dorm/preshared" = { };
+  };
   networking = {
     hostName = "thinkpad";
     firewall = {
-      allowedUDPPorts = [ 51820 ]; # used for wireguard
-      checkReversePath = false;
+      #allowedUDPPorts = [ 51820 ]; # used for wireguard
     };
     wireless = {
       enable = true;
@@ -27,5 +30,22 @@
         };
       };
     };
+    wg-quick.interfaces = {
+      Dorm = {
+        address = [ "10.10.10.3/32" ];
+        privateKeyFile = config.sops.secrets."wireguard/dorm/private".path; 
+        listenPort = 51820;
+        dns = [ "192.168.10.1" ];
+        autostart = false;
+        peers = [
+          {
+            publicKey = "vUmworuJFHjB4KUdkucQ+nzqO2ysARLomq4UuK1n430=";
+            presharedKeyFile = config.sops.secrets."wireguard/dorm/preshared".path; 
+            allowedIPs = [ "0.0.0.0/0" ];
+            endpoint = "dorm.vpn.rfive.de:51820";
+          }
+        ];
+      };
+    };
   };
 }
diff --git a/secrets/thinkpad.yaml b/secrets/thinkpad.yaml
index ebc4cc7..ac8ac92 100644
--- a/secrets/thinkpad.yaml
+++ b/secrets/thinkpad.yaml
@@ -1,6 +1,10 @@
 wireless-env: ENC[AES256_GCM,data:ammPuyKddupz2q4zYLNzAH3W0uarrUnD4vu6ta3cboYN5egTrDrKWrgInSFNcebHUJknaS8WV8uqxFISMvi0+6KDXgf1CFpaF2xIaRhDUNr2Cd7eSCS9sbmy4tJ7Vinwt8prgElMm0heAjEgsP/ob9dAPrkFBkWXIk9pRtOZsAngqZ2CBXyPH2EciLCdJBaE+2SiQCvZfcNvsmKM2b9oTpQcP4Yp8HuWkUJthy+qyOHBq2LStiBAIjjXPqRR/PFKofPrXojs7+by,iv:63dNbgQq3fDGitfsHAxtwPzhiSyb4818a6iuc0s+zzo=,tag:edV7fPU5h8N362vonltt9g==,type:str]
 uni:
     zih: ENC[AES256_GCM,data:irxq42t4H+7E3YJjqbmyccw=,iv:f0E84HMBQN9TtR1BN56LTU4FLOkVWPFTUysQvu99nzs=,tag:BkNyAJAj+3tPF3Us4Vqg3w==,type:str]
+wireguard:
+    dorm:
+        private: ENC[AES256_GCM,data:ISK2FjZsBx60Sgag8tJs+SyXSvdIQeIHeqB1V/m3g8RxkgIFBkCBnEjB8/g=,iv:CbDXnT3ERB+OYSa0+Xc4nN8joNj3dtSPTQa0SU5S5xg=,tag:Eap30fSv0MtBzaZvBLWAYA==,type:str]
+        preshared: ENC[AES256_GCM,data:5Kc/CMoEVpqJO0vyDOKmw5A19P68jJe5N025+kIvdvoOoNs2Knl127EuSAA=,iv:5lX9Kj5hz1GNh3a6Ig701cocuZ1CYr4Ze++wJzu7AAU=,tag:1rVx8EA5N++SgXpv0aMGNg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,8 +20,8 @@ sops:
             S0NwYWFQcmFtTm5zTEZLVXRtMi91Zk0K3ylHH4OXduJlJxepPz9GxBzVmKGpv9LL
             ApkEQxfPL4Bxrb2XOFLOYqJGv2SwxBv1QNYT7eTXRLTEsIXUHR0MGA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2022-12-29T19:11:37Z"
-    mac: ENC[AES256_GCM,data:Y+f5llPf+i6KcsH3bkvr9joSguIXRjsEIEp+KmqSFf86P5HAj90uROKFyvpkjiOf0P9/1Z1qeuDKxWG3WTAvMG+eWOVigou3rOLSDzUBnl1q+HT5G8EmPAVZ39aGssFi8Vy+dVHRrSnXmJ2D4oA2514xqjwZLcParqfi5LM61mI=,iv:e58rnR6BfdSBpYhJyNI1aWq51NMILhySEFKHGNaEk4o=,tag:Av3Y+fmoOhr6ddDvPNpK3Q==,type:str]
+    lastmodified: "2022-12-30T10:00:06Z"
+    mac: ENC[AES256_GCM,data:sbnck/gYg9FnWkqGjNqOvtc853VNQCRwdDjuZ+WX7aOrO7cKcmLqMz7kKqV5qVUoygEQERy2hnT0hWSUdAI3sUehCrteYQe+iQSz7Q05IOGmnrcH1ilUwMpD23tZsRUsC4MewVusUaRLnK7Ryu0wS2fSL0wdrluex1eUsvfs+Wo=,iv:F0j9rh4bmHKNzPKRcBBNm26GiTQysGAahpQlRMmfhkM=,tag:UgPKc1abo8kjm3ZrgFos/g==,type:str]
     pgp:
         - created_at: "2022-12-27T16:39:15Z"
           enc: |-