diff --git a/home-manager/home.nix b/home-manager/home.nix
index 3a1e5c0..bcf129b 100644
--- a/home-manager/home.nix
+++ b/home-manager/home.nix
@@ -66,6 +66,7 @@
     cmake 
     pkg-config 
     fontconfig
+    jetbrains.datagrip
   ];
 
   services.owncloud-client = {
diff --git a/nixos/machines/pc-mans/network.nix b/nixos/machines/pc-mans/network.nix
index 10205dd..4a44a65 100644
--- a/nixos/machines/pc-mans/network.nix
+++ b/nixos/machines/pc-mans/network.nix
@@ -11,10 +11,44 @@
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [ 22 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedUDPPorts = [ 51820 ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = true;
 
+  # Enable WireGuard
+  networking.wireguard.interfaces = {
+    # "wg0" is the network interface name. You can name the interface arbitrarily.
+    wg0 = {
+      # Determines the IP address and subnet of the client's end of the tunnel interface.
+      ips = [ "10.100.0.2/24" ];
+      listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
+
+      # Path to the private key file.
+      #
+      # Note: The private key can also be included inline via the privateKey option,
+      # but this makes the private key world-readable; thus, using privateKeyFile is
+      # recommended.
+      privateKeyFile = "/etc/wireguard/private";
+
+      peers = [
+        {
+          # Public key of the server (not a file path).
+          publicKey = "Q6kxhwGhqOyaGyyO4lum83WpJqjsj71Ab4gvUau2zCI=";
+
+          # Forward all the traffic via VPN.
+          allowedIPs = [ "0.0.0.0/0" ];
+          # Or forward only particular subnets
+          #allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ];
+
+          # Set this to the server IP and port.
+          endpoint = "192.168.2.11:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
+
+          # Send keepalives every 25 seconds. Important to keep NAT tables alive.
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
 
   # Set the hostname
   networking.hostName = "pc-mans";