diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix
index c7fddc4..31aa0e1 100644
--- a/nixos/hosts/wheatley/configuration.nix
+++ b/nixos/hosts/wheatley/configuration.nix
@@ -139,39 +139,39 @@
   sops.secrets."protonvpn-priv-key".mode = "0440";
   sops.secrets."protonvpn-priv-key".owner = config.users.users.root.name;
 
-  # networking.wireguard.enable = true;
+  networking.wireguard.enable = true;
 
-  # networking.wg-quick.interfaces = {
-  #   # "wg0" is the network interface name. You can name the interface arbitrarily.
-  #   wg0 = {
-  #     autostart = true;
-  #     # Determines the IP address and subnet of the server's end of the tunnel interface.
-  #     address = ["10.2.0.2/32"];
+  networking.wg-quick.interfaces = {
+    # "wg0" is the network interface name. You can name the interface arbitrarily.
+    wg0 = {
+      autostart = true;
+      # Determines the IP address and subnet of the server's end of the tunnel interface.
+      address = ["10.2.0.2/32"];
 
-  #     # The port that WireGuard listens to. Must be accessible by the client.
-  #     listenPort = 51820;
+      # The port that WireGuard listens to. Must be accessible by the client.
+      listenPort = 51820;
 
-  #     dns = ["10.2.0.1"];
-  #     # Path to the private key file.
-  #     #
-  #     # Note: The private key can also be included inline via the privateKey option,
-  #     # but this makes the private key world-readable; thus, using privateKeyFile is
-  #     # recommended.
-  #     privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
+      dns = ["10.2.0.1"];
+      # Path to the private key file.
+      #
+      # Note: The private key can also be included inline via the privateKey option,
+      # but this makes the private key world-readable; thus, using privateKeyFile is
+      # recommended.
+      privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
 
-  #     peers = [
-  #       # List of allowed peers.
-  #       {
-  #         # Feel free to give a meaning full name
-  #         # Public key of the peer (not a file path).
-  #         publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
-  #         # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-  #         allowedIPs = ["0.0.0.0/0"];
-  #         endpoint = "146.70.86.114:51820";
-  #       }
-  #     ];
-  #   };
-  # };
+      peers = [
+        # List of allowed peers.
+        {
+          # Feel free to give a meaning full name
+          # Public key of the peer (not a file path).
+          publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
+          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
+          allowedIPs = ["0.0.0.0/0"];
+          endpoint = "146.70.86.114:51820";
+        }
+      ];
+    };
+  };
 
   networking.firewall = {
     enable = true;