diff --git a/agenix/hosts/mediaserver/config.nix b/agenix/hosts/mediaserver/config.nix
index cfc4bfc..2830661 100644
--- a/agenix/hosts/mediaserver/config.nix
+++ b/agenix/hosts/mediaserver/config.nix
@@ -8,12 +8,8 @@
       file = ./tailscale/authkey.age;
     };
 
-    openvpn-auth-pp = {
-      file = ./openvpn/authPP.age;
-    };
-
-    openvpn-pp-nbg = {
-      file = ./openvpn/pp-nbg.age;
+    wireguard-config = {
+      file = ./wireguard/config.age;
     };
   };
 }
diff --git a/agenix/hosts/mediaserver/openvpn/authPP.age b/agenix/hosts/mediaserver/openvpn/authPP.age
deleted file mode 100644
index 7bdeafc..0000000
--- a/agenix/hosts/mediaserver/openvpn/authPP.age
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBQcHVm
-c0FBNjlaaXk0NDlvRjB1NnExUFNaOWJEVTJXTlhoenpxK2YrdmowClEraklSSFpX
-T1NUb05uZ2FRUUdoL0VTalpLd054cW04UHl4Ykk1bWdlSlkKLT4gc3NoLWVkMjU1
-MTkgWTk0WWlnIENzNWRvdjduclpNMW1nY2ZvWlFTTlUrWFlGcXB5NmM1ZjZGbTRY
-ZitiRm8KM0lldTMyWVViNmlaaGwwK2EwMmoxU3g4dGJ4QXdxWDNycjRTTkFYZXhs
-awotPiArdCs8TkItZ3JlYXNlIFJJIHJZYWE+IEggR1U6ekwKak5QKzFRSno5M3pJ
-ZXVIWnBYYUQzWnBMQTF4bENDZ05MaEpmWUJwMG1iaUkzUmd2TC9sMnJxZGlBYzc3
-bzJJYgp3Z3VwdjA5dHBQdU4wZUYxCi0tLSAwdGZVVThaanpJQmVoVGRoYlkvT1hJ
-WlEvRnFpSDBnUDNGczU0bVdpVlZ3CgsallSkWhfgvsFl3ao/xNihPSHf6I4aJZsS
-rE5knFj6RAmjH8Kn+y+RR79UIFYon4SSRW5tXMA=
------END AGE ENCRYPTED FILE-----
diff --git a/agenix/hosts/mediaserver/openvpn/pp-nbg.age b/agenix/hosts/mediaserver/openvpn/pp-nbg.age
deleted file mode 100644
index 6fa1c38..0000000
--- a/agenix/hosts/mediaserver/openvpn/pp-nbg.age
+++ /dev/null
@@ -1,212 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBTdlpK
-eUpKb0t2WWVDVEhvWjFXaFY4VTBSamRnT00xT3lFSmNsanMzczNZCmpoSlg5cGdR
-OUFsZ1pzdGVLckJUUS9wZlk5Q2lQTzFKNTg2WXRHaGhSWjAKLT4gc3NoLWVkMjU1
-MTkgWTk0WWlnIC9nZFpWblF3YnF3bXhJd28yRndlTElVZlJDcTdyUHBqMlgxemt2
-ckFtVncKRVNkcEVGREQ0RVVEMWFyaUpSaEltMEdLK0UrNkMyZHNYSm9HcDllTUR2
-ZwotPiBAP2teJC1ncmVhc2UKNFQraStYT293cnBHdjRYSS9RMWlqNFdlNmJ2ZXhB
-dlFCc21tZnR3WThVTDM4NDRWY2NVUlZqTjVaSzdCTzRXMwprd1EwRFdKd0djSzBE
-SkFzT1piaExuQnZsTmh6clFuRXZYU3dvSUZPRUEKLS0tIEVhQ1lsWUtQWHRPbFdN
-VHNYdWhFdmZBcGp2SDNTRmhpWUFNT2FIOWRwVTAKnUMAjkjUrl9LDONiLUb4VZ38
-w+a1klDiiZceyP521DRZzysoYHzs92QL7RMktnPGggRXOOjs7o46rTmeOxPHHYhj
-RcPupTpZTD4RLOV1SFGWQ/yd5rn+kA6Rf3+Ex5G2M3umLFOtGVCUToQaS6ij+K9C
-hn4wCbk96rSrgMQDy7G7eBRJCU15LYG5vTr/RfyowUSZqvGFOz4vJOIZhP/g810K
-8MEXpSZa7yup60KLnygOMq+IRh4G2GJFV3FjPNwrTmjr+/6m32g6HOAyE/Wep/6X
-8N4eLWUvuIKC4KEjoigMWdvqWGlljNP7FimJWLnm28AIq7N+tvPST5eb4LKtLPVj
-4f3E7HaDcUM/jF1d2JRYBrZzfqPmYdjYh7xXekwWj7EEXsqHjITJgLTSEsQvl/Qz
-0+NIMc16VOhqdInEE4t+140OJ82yCibHuuff3z6gPUopzYSXKz+1T6+uHshrVZuX
-5Frzq6PrS45LML8GYg6s0zwusXjADMEX4K9PFNInsW7ubFmuUcTOaA+8hGpviDmx
-7g//CyP+hHnt07U/FjSUEudl33gFL249cM0MpSv6faptsGNp82+7rgiPmCXvlDu8
-rnHW+ftZq65IwboY4cAgym0B1umafMdtWQon3a+cQcFgBN3LX8Qcxx9v3LinLfFu
-1K2e9WzSF4KvgagzPnSLI005N5nwYw9XDfihn5Cpp9EipQKwYbseOOCqSSLoMH1j
-f1oeQ9VPkfXUtFs5pDwSpGqVduxyEa/No2GtXi3m8AN8E8WnF6XdDXJygLEhefzS
-1lrnIgOEF08RRMv1DToVEnEJAhVWhX5plHBlmgeVdV0prulwBBXsyTymBw6tgdj0
-7NDQxEyasX1+as2R+vk9PISiEszkcSQ2EKIQcl1ezAiYx4x2an6IZRl448rOeF3E
-nPzCfYSpKNZRMERW/lQvLIqQNjS4pGhZ3cdetcj2+NJIDPCYYqIJfHh8ybUHRaJl
-baHovMc+sGsipJGVL/710ivyadNuwSfdBfENBazxPnm17OeZou0q+QNyn1SadxdG
-EF/B6uDokRYm5uR8p/dAb914qPvjaTeQ9rZk08gg+rOGNvbEG92PeO0i5yo/inF/
-MsSjJcfpEfS+Al2bGXu2CN6N+807neO8vhuYL4N5gNcLZln84KfC0Yl4AfxsU6Uk
-QmmpuoZCB3Ylkqxx96jhsAnygpamwhu8H6eLxceNpDgbK8HGE8pDc7Wz5Wzg2e3/
-0K1YC6zJeyk1HOtzd58vkijjXejcgSdiqsgAdLZG1pcEFj3VA+990+UYRc+Uocoo
-X7kaqNoFSqJmPfEJ895ks99gWcx591rUTsNkGxzkNCZgy6a0aQuwMZxdmCwnJtaw
-vACQmOnCvW58ayv4pzAlz+upQqhHi6eLCpgwWIDsiBvANg04Yk+B7v1AT56PhyN8
-FZHVdLWVux3TNe28zWwxijqv7htZrZlqkxW6mec6TAWTOKZMxfgzM89ml/F0FF30
-CbsK8D8DmIW1bIFDVGbcQdfHhtvUALmG49Eyl1ZxqvG8bSarnKuMi3xS4Pq/uBK+
-fBc6hcCdIiq1k0sNj83dd54Rnly4eZZagRtDr+wT9k0/ThzeUqE59lLgRHmyL4wn
-bKiNXfcT3nVN/IgoP5vHbh0mvqoEL8cvGoUARh7aBuKzTwxTiYpQFECJrPEW9Nis
-reta4UURHWdZDVTzKuURJzn4yGqNoRoK4/vmn6Ul8UWNovI2uUaf7DJbi6FLUnBS
-WSQkRx8eVyb7ljYQMzWYGRFu0fIH9RMRqUEjPA/6O5pGugZm/3uh+/l6kUVS/6Re
-+TR7SpcHLbOSSFJW8DkSviL73rkadUGxig3wYjii2Ta5J2LGWqu13jXHOQ3VTyro
-hG7CHxeM7iE/h36tVwwqnccH4ARdHQToC2UD+yb6Rn1D5Z0mu9XJ3VRDUOVqRNlA
-VInnkWUfsYURlxPrGqNySoqT+S2gu75QcK1XGWhvwaOpzt6Z9IfTofeRQ08Oqk69
-v9cmAyhA3czd6ULfMSeY8M6w02INlt7BdcsZk7Gu6WpQMZZq83ARgcrIhsMlUlZZ
-f5VSxRTGfUKh+amkdzCSCJ2dpV2I+7Zl2amIQIMJWl6PwT2CUwW8nqf0hWUhLNNo
-iW4lMey/qOWfFdaAVSWIxzvMxf37KScTh/QQOi61nVYL+3gyu8b02IMR4dAM8AmN
-Fk2DVpTutN5p8G7fo+jA/8/P+WkEEAcifJaaR9LjhmE8CycdGjpuw8P5VD4LXXUI
-wsz4lFKZFm5vVhk9gZU6J6v110BmckmBQavpnyTThNMpLZXUcBuvEfx4CRx3IHIH
-4KT/MfBV8NXZAlIlaJd5ga5pq8mkB31JTFs+DBM0avEYvuISWTJpwkDbv8npveJC
-AE7VXp80x5NHQ/Ny7RT7tlJ/sVd+4RNiTcyrNKPwFmOD9yvMNMUJizB1nHuWD+OO
-TAAWJ8QLh57YRNEu3ba7PZfx+dSdG36X1WJuKl2/pCUUOTnIRWlM2zypr8NM7Nzv
-d5Gq09MMWCMl1DThM4XDT7jDwg3YdoboGnrPzWucXf2pUxey0sbEdvv8aWIQriU7
-V0A4/MVPCnIAyZsmlDCiKIdAeS0jssZdkv/mZF2ZPV6zcvqVygbvJ7fMjzR2EuYX
-89Ac/E0bcCWPPw8F1qU2/2SZEkW54d7ouoIz6XQMlCb4ejJfjtWrS+Hzkinn5IYN
-3vM7z2+WipFYxZObUUpx8E7zX48xovjUG8Q5Lzdje+6Swjh7Wffx/G263+cY5ST2
-ihUtG0Ir8I7mXUCAGEihitYeo3N20eykyG3dQNd0LDgPFLlPpC7iEFZqV80ReZhs
-Cq5wMMD222yC5ITw2lfMojRf201JxANdHA+h8h9T168NDlUh8ANBs+RF+jyIcmf7
-9PBhuJsyyPNbsk4Tqf9FzImAvaxblvmFME9zWxfvIQjtG/rBdpp9wUdPFIMuyI0n
-9xh6o5ZFbtZ5bxgtwYpeyY0bPZ8rXJLzOBGVrKsBjQes+Bvq9DEv0m5aVwbdMTKI
-lEh2BHNCZA3sNPPGRIja3gTjc/hLIXzdTNsVE9p3BQZB5O+cbUDvMriLVL0K7WPH
-5ig6r9JPPGjSD++biWxndhBcDGMWyd7FaulokWXaa177VQ881KyxH8XGxTdqYM2Y
-2kerHDqdw+G35qDHJVy4GIH93fY4DYmJU8fMJFKR7+TrzaexErzfTNR5xhFzJik8
-7QW7muU0aiN0P4bfqSwiRmuBTvtdkJ2OrGPz3T9ccUOPj5Rd3esczMV4MDgDmlV9
-0uKysl2jESH6r5uu0hmnWMXdLUDYZ6gAVwMGZBUyRQRWxtDMNGCOb8adOtx+MvBt
-XvfvrDAwAsx+w1P9tL17wD/BqMScCVas6CyjcKl+rsYLyXV418gMTA9V3cmNZUul
-FVn0IlxQZhIYbhhhFf+nqmZvTrtwH5oOqHtJ7Rzd/Ajc18bBIjGM+DYRNe18im4s
-lUEXp6aHzf6vBU2ltSbEB4yRQMd0dse/Fj3x5D2mc7Mt63XxmOs1lQioiZuu4LOP
-DPsoEZ3oIMh9BQ3Ox9NeBUX6fNI/4Ya19F5wh+I5AcE/9jyBtsCgml1nYlJSdE5h
-GLf2I1f+IbUjjp2qhdkAunl66P8aBxU+6Z9Czlik4bNIWonTjzOfBy1IcCDcgSrf
-7cSPR+bEWlBBtI8tLqkww8f9mvTVPfKqKwfHNo4nFu6YlpLA9N1efnKUKVnP2iSp
-18t5uiCvWfPZ54gctfQFtbJehXXntYZBmqNweOh8O1FjMr/AdxaYOY0r9iQPjKmo
-vWQ/6lgeIQ/1r8INenvAx7eNrhD4jHPge9hz+Xo+HDAY745LEOatB42s1j16DcCi
-GISCWiAc/2rKKsUA0ZBn8bhrgFlg6OwkMb1xExfASJidtdH9/bdvnNmC8/x8TNFa
-74RssDUPWtCQzAtqyvKmk1UZc6i3fgnIfwwlEtosnVTHvAtWdx2UfQ6fzZ9KGQPY
-DSIaEgO4gQVHcQPkFnBImbvPXeHD04LvAhrJuWJaCdxt8KoEvrsGTfw5I5Lu55YI
-5n4o4LAMROOtd3GPeALKOBNbxQyuqhNQnFG8uIg0JwUnBslECtS2X5FlJCmqvrk3
-u/u5+0hz1By5udULmcdJTPUlJAILCxcFTlDvNv5FhLMtNHXYKsdcUt+mTsCSQOek
-d0HdUbmrOk6VZe1fqcHoAmzrYyOXL+lNFwhworQB9IjK7RkLNpfjWAOX3nw+lMPu
-mTrVs2mU9GRUrL6Ck8Jzd3afHzO+up8LpQMRgXUxfPQ95T6GnrPJD692rquB+Dzn
-hr0oIwaKWM2M0VPYExcgzpqGd/Qxn9jRSAS4Q3OPQweCqlbJf3SH05SIpqi53B3x
-TdGW1ATW7rYs4mvUI2aI1fdZWr27bT2wk5WfD7Y3t0D5Tmzn+JfOYgswQsoL+Zle
-sLfSCFvVskVMTvQGYJwOus5S3JffYzcrSfbdgY54Js32X1OqMi4FPVl/Ngs/yFIM
-V1NIzmElD5h3VwDaaBZVfw48BvDoAaCCwkSrhtzrWb+puVakDtmQdK/gHbaA+tkM
-B7GrdX/Tx9VtC9rQgQOWTHUXcV1DAk87cK9SR7yiDCIyep6mx1rOqVYD/1Fxl7Tu
-Dlawuzs6i/74hrtXvV4fLxFeuzg8fNgA2giAH5dKWL+WGb+CsQmeMeRerfIHdiUX
-uAuMbZZKBxik1KSGLfYLHDQ9WIrxLLbSPSzoS1PgVRe56kYYSwWC9ASAbI6JHf4C
-Y9eyJuRpStDaWBRwLybxe0AJbTZ/StfPqHheuHJ0XgOPfgBLvshgEsv2P6VSWwTd
-NOseLI5MUQUBJY5qTg0CijHvXL0DlXoDXtYF6bhXCzgh6hUuz5i5NvF8Ip/ooo1f
-v3Z7i+dcJUnYgfn2NqSmGjgrQUB5P9L3Iy1KmPoo49s3emTrpUb1EvBEZXBcXFby
-w1VIKqOcL/fi6MoXkWA6VANwrBhL2spRTpb9QMQmvEYafhLeJyqv9IAdUR2K9Qqm
-k+in+CwiULqi1rVVOHf+0LcQnVaYRY+NEhf9+W67Mp+5ml/im+aBuIlmioB05f+m
-fKdPBNWFKenDnKdTUcIGKwRxyCm0kgatMQQiPC1fLnMhS0Od4X66+uOeQCiKAN2O
-6HtwbrwdDKKDsopKRq+1yBjqFTITUYbgAFpTxbJ8ekf5G7gtW2Q2OIppY2BR3Rld
-Qk+k0T54GpDM6Ei+ihl3Vu6f7w/szAs3sBiUAeDbVeM9pINcx8Uqrfg90ZzCwJyM
-33LiwEANKV8AVbCx3cTsFqjzmVEvNNTDT6mEH1hdVBCIqaXLp5r53PuL9GVZAkKn
-/IRpEkTPHLnb8tTbjwG/jQBcfLhpp/Dp2yKhUt+9TpEdDddot7iFmvB656RtZw+f
-zYN1Es2aa2HirfXAsAf6z7hZZYB1InmOEbkWomzuvoIPntVIpZ5YmltO+XuI9iMv
-D1kzrgxK2evErzWf9Fh2fgVaqH8GvubKrlEBZPDALiR3SGbkX7fgEXjDhRR0mQJB
-0TefQUPGPAWdmHibmIOecAtQn/Ya6H5pgkp3ybi7xdnCk1pBbFTRciFp/g66CZp8
-p2hypkjMx0QYGegDuMacl8TPV/WGmWvdnPxsXEFjk/FmdE+I1ej8r3CNYyx4pr+D
-6sGd5dfIjoUm9LW8lS01owv+ZIxSIDosw0jVQ5FS9xfhJoHw2qYU+gdBMw0+bjzl
-mRTSZdrfE6hX5HlwJ0TS2LnH92Mi8IZaR8q1NdWd73cNNUdDBo+pMWeQd1NmP5n9
-zscvvOLVk/66ksbai+vq7yZ7nTphWz8WrozOjNIwCX774Fj2X9yduMXc11aXz0Dw
-qhs12selaTZRbAPbrx5VpGmAW51tKK87QRwIuYWs4Q24gYMJ0uwUCIM0IEMolqqw
-W2Xv4awzzEJxu7fSpg+QBNi0xm3UL7ROpXWWa65Z72NfdCLN5SjA2fGqghoQ42Q5
-HVHlzlbc1hBn43JRUN2B1FaRBitYvKjrlUbkZ1bxfqz/emWOFVL/tqUwpC6LHxjN
-PmY1b1cFjatuBN5SFLhoNgTQzXv1dxuVjHoz4UjOAcuZbAH63kTvc2QYCdHbjkuh
-m6oD/j7+f3f+Y4tBxPCBIfGZlA6Gk+oZ0PVOHRFRp7dvQSgopz9jya59SsINqfEN
-ewGlnLsFrSUrB/7at7Irh5bZvLskdzSHGptog8ZfBVF1ov0erkg18HnkE9yFA0ME
-s49EBVIRg+wotBxlc0OHY668BGUb5J/qI8PtWWbM0/rLJW2Uqr1yWAPV0Rcd4Syh
-hhS5JmdLb60K6PPzesndhmLpj2OqeE6o/ivLPRcbbll+4Vnnb4gHtQnh54PTiJyD
-MuLV/ZqtcmifZEb1O1k8qu6KmTkgO1AO+haAWgp10IO1AidX6Gm2OXTb1JZsbvJG
-hPKA5C4sizL6usbE5xWQZKY1vdIwdo/JbrsKLSmyRes6OSro1anCtg0j+OFka90D
-QB4CVsGkmiJOYWxmeA+BVtPM/sf9yyDT8Pw+ooWaYMmhKdPOp6KbzNPvRytfPpPU
-XxXccSKvUwNdKAcft2rR9tR+yBAERbR8VQYAhIqXm2MpugQdXz0Rt11CVmOrM8mA
-J/C/Oldm0wj9dKBaEPtVbkXbF62jG2N+2Xkzk7r9QCiDPthfG8+g5VD2cqQYuOm5
-lA1Q/2BH+NB2GsDju5A6eu46MSLiBHiW3RJJg8S3flb1DFfVbETCtIH/KvIgjcyJ
-rexZQh7aWgsdgWLDAZsciPWYrGIO7y+br23ladboeCBwwI1UECMs6RjjVQ9z+vyn
-P8X8inruvaqFX5U9Rx0ymmx+4eEsRnXux/VRPtKi9cn5ZWu0dBuckv8kCs0GlMxH
-edxIZk5g80ibq+LwLIgRITKb+wd4HpMtYMf6Ewfl++h1iru61/oCQzuBaDcOr9W/
-NJY3OuYrBNKkJdNT2DZf4RLS3f6GpufhIWF4McPfz7HENJvffGC2Gcm1VsJ7qQmN
-lkZeMtaO8N5SFICs5PX0puAf5ZAmHWx+GgSIXhaW2W6UZFmuI7w98bU86MzvRg65
-mZS+WxsnPZNGj6Kw41G1n/MkUOG0Ad9+4I6vWlKZO3VZJ2J5t1Tdl+uZlBH02Lhr
-mEu50Mha+vU0hGh5wzDKyM6pN4rw8pt2BaMNLs+Ocf1VwW88LfDbbWd+3Oq9GUDI
-FhnyOTy/NX/IWwuMvnnpMvq7wF53SiSpBwXJmhp5Sqojq6XUwaC0n+ZgCbLpKcL1
-5dOQHpg/RRBvTN320tr3Q+PgESyHR0CQgxw1y1vevUmOWP0Kg+hsYWrMNEyfUkd7
-6i0WfgAinRyGA1DfzoIz0yU9NHNWueC3Wby9AbyOnLpPZP0/ROP6SO8psU0jnxvZ
-lU8mw4oLLRi6imzRUa+7coAafSa0HkzlEPVTn4bPQjUKk0iY7Qf92hpQAan66YGm
-QthvbY0CZawEVdjTZR+LI8W9ovqukIWQxb7Kx5S0ynTu6ohH7cqHQMqkaRfvAu/u
-aLK+HysFlc2RVSPuOz/AR2rTheS11nOyx7R1j4JdE3kCl/w3NuU2wSJDXdEF8uSl
-VOBjkwFP90fIFD2MYFE9O8LKthwS/3H87bqqel7E2uPXtcRQT/yIW/lww4O1aoV8
-ores18OqBqE2KGSPX+OKhlqjqKeOH8EGoWrQY8Tvy1uLqHXw+wTm/vnPvoKTJ+5o
-Q090E2nbPeKIZX06Znz9UAbQZN2b1weOAWc1xMIyiHYinvIUvUIlhbaBSvJVvhSm
-ZFBsUs1gOCu8KMr2IQpQeQRkYpqt4S7pwc8gRuO4DmQPbRiItxFi7U89jVUwPhJE
-TrkJPbRtwZusEU8D+dIU67d6mDClA/V4cauwDCJIjSodgCfNgLMhe6ij0IFzXlwh
-PGLy0j+Ix1qCJGEzlCGnYHJhnNrD30wDCrtBaT+aiAYsuZ8Yx6s8xLtd06rM0Ale
-E9ALWsTzgF2100OFM0KPB1fxf53NNwgi43O0SPMZJHqk4726/FDf5RxqnFTMgKka
-rAmbZqM8gkWIYgQIqf7u4exqsou3rj8zV0CRDOyiDjlwqj31xL4VKZ9v2jEbzhfq
-z+KI0S5gs5Silvg+wWBfkZHGgxc/ujWciQgkaPsbVR7XCNIdks2UdlsSWgV4XUZq
-Y3DPjrhMtBbnNsN27Zyundl2rgZ40q3RCUuJoXZgu2pQa6ybTQtT1prHMj+4gu49
-Ly470FMuoG7YCIGI6TgqIVW9Ku7fyx9TwYe1Lm7fWRnVe0GyQTqE+FrSwFe+tfD8
-ukt517WClgL6HmhrELahbJ56fmfS/4kk1UI7fWLeUGNfF/LC1aaIgKJlJ0chYZaU
-lzW6dmgHb99P1017nzTdIdpGMRf4ksWO1Z++hevi37nVPEnTbpQAYqmYNJvDX4RR
-T1SnRzbYwAg3jnERDds+OCa3WVmKmkdBrGKPHJSPEyyhSnPL0RIJMsBWDNbLbv8j
-nhfv8ONIX6ioWog0uDBMypHwNwax4Es5DdHGTpVlelKbI4nzDIV0EInrKtbZl0XT
-bBjtp6m44REU5ivRYoWIwnweM9pHLuFnIAb8XCW+C6Vnjd81jGOTWXnTY2ImAp8n
-4GgLkzmcauH82ngl53ZeDO/V9QOJO4ZXG3IsUKmjJo1nrdV2mIZMXfnLWAyTyHEn
-ZRgZD00F2V3YMVjMGcqcJxw0XdvY85ROvLEM6H20XXRKXab7ex08BqPANmOn0kvC
-eomcRys2RCwM2XMj2iwU1bkWfNorUEyeWtM+6kaxX9kjmW/uK8kVmKSyDdeSNnkH
-v9Al3zSPeijeRfyM2haOOhfKgV3sNuuf5iL7pugnIeWkiHuds4Q2YB+Irip5fCCw
-bYJEdhyZZM2TbWZ9zl+1sUYCb1We9YXB5WL7JioKGuISdXtV2rqMTWRS9JHH9pcA
-2/3DTzLEWlru8v3AE9GcuE9vy2hp06xSSdSmhtVk6gYbmJ9fqajeL7PZer/sWZT3
-fTQFRpw1yhU5fdCwNvXNltVjAYxHr58B1vfAo2m8r76gtgMzIx8CODoGMaRAd2qC
-XJd1FefSKqCNFJk2vlT+QhmxxpaMXifY9InOFc7M/wHVsDlhnH2JyfcC9W5DheBT
-sHzjDRoYNK26CMU5bRQKGZx6rgd33J3ICE9xZZo5bqnxthlUrNhm6n50eSS+Xmqw
-8ydahxpd7ZHu+zm5K5BQt8QhKBnlrBR1+YO8Q9B93O8hlqab9+jnTE0YY0W+aK3l
-K7qDjEwiNuwrXMTtAoBehD1qekrh0PXFucVOkJeZj3Ps1e6Rb05q8nH17hL3qb0w
-rFp+KUU6YJq6WH9zUB2InppDoC0lCJmEWe+hn+uCLIAffcsymwd2FG6IFRhanpDX
-/PkLPYaSsZCEzD8PA5Z6w/bqnq2ooidynm8VXxGahh1qlHd8KsmN3f3BXXPCTDpb
-zwzsidUYQ6z9uQ9kgKPJ+bDNDFZeW84n+QiXALNB7BhnN7rN1Rc+M2ArEXcoDSNY
-Q0c23GzCrCoE8s1i/hzrOjVQAoOLicEhBghq6qur/oaXDPzIOclsXMtPefRR1o/N
-1kAOJ6PNBoPtw7H0gNhn7JDuEmU35fnFedF2GGvsOkyy8jtrWBDBxfo/jqzbrFC2
-xsAkM4gr41bI/IjiYxM8idzgGlqSjRjhyuiLeYtD+//jwTpdcSS55MZ/X7T6fuUc
-dOJLW6bzs+wR0N2QbYKp+Xu/JHCET4lNHe2gtB8+7W5vH5wHf7+wXxTlaP4bogbC
-TxAIWmHfPvIBw3Db4hE2YEAL5x66V9wou53IH08sg6oyy+zt0YdCmZkmqxLgmitF
-ckvANeDXaPLy/mbIY7E5ufUVNyLei4mmeYTWcE0F3l3dCRbWH2Fu9UTzzSG2Pw/y
-0gp2tVtDvpl7VmTv7QiaATUSqcHaggbaRdLyu4D0MNQWHsGe1Blv0trEctHNJYl3
-5nrdIISNuEstZUuceKUJfcsbVPTjLvRHi6F+mjUBNDzktAHDmh7cqoqUsR5v4m9V
-00B0aAK3MWeq7eDIPetn727QuVLdZVBX1Vnc6SwkVpP1H9KohWHjqJO/cRg8z7JY
-IWY0aaBYXSGCvSC2wCV0G6FGg4IhquaC5rg2rWgy1Jr9reEJfuXC8Cz9noY2O1S1
-YxUl99wZZEjFMyT5GuREIfl4LRMhCswNSjl4k7LBAOO2AI7G04EQ6QYbxw14x1sx
-fgjpX92xWWvmFSL72By126FjC8W4JoUGuogGo2VHLR9JmDrF2fVnLU6oEYg5mY2+
-BU11SVo++i6F7oO/GVcAUUPr0q2NcD8K+CKaaHh9xOeKwu0gwBX0QwqvEceTFQFN
-jAd/tbnZfXe4gZwDepj1/YVovr4X6kAXL2yzrtMUmu3pfmhI1BFVuNXno3n+QcAF
-jmMBXdUWDImH2GNePngCWlbtxl3fpDVR3NeVQRHm2QE6oJpfcJGOAJ2aCk8Oywlu
-zcWnX9UGYEPAJXnjiy1ROAjTWL831kbi8Rv06O6FaJX4WYOxEgcbwYuuhUWOu1ZE
-ajIIIvW1tZA4k+rPheCPIc+GqMCvYW3C2IQG4SXFDk94LbTFzre2fEO60iqLplQA
-+zamJR9Cb/R0fb56kmMxqeapxf0S+X64sg7XfDRQsFLLRzPAqkdvbxEqxHJV6Ms4
-nyl3wDyzuX0Umr8kK0qdDTAp+jUXYmfgaO1UBsyD1iweB3lbqqBFOZ741W5pDP2u
-r07uoERX3McdLoxAtehK5pjm+JphqPXStscHsLqjn8qvvZ+cLLIcagduy9f5e/ax
-aZdpHkzE+P1vx7om2j9ZSUOByNwq/1ghqL9DS5Hmq4PH2RpJvn1Kba77fMZeGAZG
-gqmrjarYUQKyoBlXumOPEItDIJSwlQlhGiwhIdYKwRppsrkJCjMmvTYxu2OcVdYw
-VGWMCQ6r2QLfh8nc31z8S3A0LluqDFye1SbedOKfd657wQFzcVMaKalxjJzMS4Qc
-oFPkTiKb/qfSOTsYP4Eub1ZNXb6hI4Rf5pt1MF86nJTU9KjEq8Q9xSwbne0+kzeM
-Ou9yjaW8PHhmno98QiE94NeW0IRmd4V5j4aebOLTHNoH9RwGklNCBqC5SlM7uxaN
-qXGptAUR1034BP8pisKQEqj3pJ+HnIrx1Tg3Ho4JKvfdShEDNVnsGhHBwobizb6O
-FXiazqwMMN/qJf8Ll3ZVNxIeqjrlUWDgFdCTis3xiaFUV4mM7BAZWUVqjjthxq4U
-Mtd96bvOtdSo350X4P78rvahnlscdHodBG99u1qiV1Ga9lE6kBD4CDoOiDyanY/L
-Jr6rQCSDlk7DetS8mMkdnHC259O16yP2w3kk4gPNn/m3hDBTBfvS8uOOrpka97ph
-dh87krFfqQg6SJohq14mGCP32Ov1GOpYjLII8AqLjLIX4PzjIgLDiHJaGFLWty3Y
-7x3QUAIGyKdkVTbspt8mQoCk/dKZB7g4RR4Ag2XMQOxnglvDGHqv0ctBgjLlKlSn
-sEPpUEvBk+xAxzZj69chpQwVSPtdq2sX9Rd3GMNwMBGwN1MX/YH48unBEj6KCyrB
-nOJi3z5PhvXLZzM8YqOQ82noDo60JwpxGI1PLcFOkRC5Dett25Datj/8EMMOuNva
-AA8OtRkH4SDYx6FVeZJ3HE0ZcFXd0aWorAGNMl2I4HJVA9k3WjMGp0LBPVl3+LEy
-GQzFfd6laJUm5Wb6wNhEKIH3a68XdGsDCnZI1ZNPMV1/7ietM5pxFswvL4owZodw
-To6ipLotzzVNUwAB5L+Knq2adpan9B5HlCGH2B9+ziZ54oNgG6G6K/+ovO7W2FGS
-ELGqpjhUU+DIJ3sEUzLcC6Ie+dMJlkbatAc2GKI1rVU68rOL39DEzURT+jYsdNsC
-rZefb8D3PtCl2As8vRZ4KTNiKKmi9v/pu896oHgY5U7lakHInRt0f9bPrsQG1nCa
-KJR1s4H9+pJeUStbRVpNumqdI0wzMRo+Ke+Q0lnK/p9jBghZoG1xTSG3mFqtz7Pv
-EDn/CKu0bemhyQyAr1ADNxh0TNzw/zl6+lGZ9GTj0aicwk3EZAJn2Qw7akrGUrVJ
-we4guEMaEFKELktpA8kP92fyGgTKzwU4RE+QJ8yYSAjZZoVLOlZnMke1NS+voSny
-Gd1pwfF4EdK8FYTLYENCaOxDtI5elDuAaWUgNAhejUsB0l9zlxm2LNzbEAtCaV7Q
-AF8mp16JppfV+HhMvhkaCk09kiDuVG/7l61tSkeLqz4kRqo6gZIDOputGjAWKaPn
-MOaWHYwNC7y7RyH41c3kCL4E1IwcjFU76z0/cOrnKMwjItwpR+05WxFCUgCCrufj
-u+Utf14C0W5QzYyllCo16GZTj4eVrHQ96Mfmnw+hGHdv0AQpyPejvIpIBdT1AawH
-VBIEJRm2xDj1nkijUU57SsjmwS6LSyKkF2BfoO/SiYNKDlV7j4U6KOlCOAGXIqId
-QaLKKdv0gErorFrJ6DD591DUpTvD9zWOOniVRoweoSafx5gZyAMSDTdVoIt8EKxa
-LxCL8r7gF4HNoss0FszKPZg+2UR5gxw4L1muhuMCarpR+mF2JLaSws7VkGmizWHX
-wujF2OIE8Dnd/tCKGYfx9g2/9sdr46v52WSFNBaQ8Ew4LpWxrwr0XhTNAYrOaW7B
-+gsuKwocI1fBSSrP0mpDV5zsLc1x8hyFm9g4H6daFGVua2JPh/K6c1U9Svf1eNj1
-mlR0l5g5cpJmy6dwQJS7r730LxTr5TS4TlHFXsZh64Qcniisics5xRuzuasEQNhN
-Z8EXklSkl4gWq5VK11KjDyiQkiIVtFVIeQRatks1GRLIJEJiSQDAlp66J5tFKg7R
-5GA85bkMtuzwGGRkuxgGM0KwCPhO83mRQlRibl9kb/uXZLHj
------END AGE ENCRYPTED FILE-----
diff --git a/agenix/hosts/mediaserver/wireguard/config.age b/agenix/hosts/mediaserver/wireguard/config.age
new file mode 100644
index 0000000..8c37fc5
--- /dev/null
+++ b/agenix/hosts/mediaserver/wireguard/config.age
@@ -0,0 +1,16 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBNZk53
+S0w4QnRTZXhlTUQ1MXBRWk0xRlBrT1c4N2diWTZ1YjNCL3dYWjBrCkdkMWlXcXNp
+Qmo2TGtMNkU0RjFxNjdKNmlLTDg5S0F4dGJZUnVHbW81am8KLT4gc3NoLWVkMjU1
+MTkgWTk0WWlnIFF6OXd3dzZGaFJvZzJMNG1FN2tFc2wrUnBLY1pVR1F0TGNPZ1hF
+d0VUQlUKOHAva1I2Z3BZOVkzSDdmMHZ1c3daTCt4TzAwbHRoSW1ScStDT3YwUmtE
+dwotPiAqXFFaZi1ncmVhc2UgLT1MdgpnWkRCNlZaZmNzTWRQNUwzLyttZEhyeHBD
+UQotLS0gYVB2SU1HTkVFYXRwZEJWUHVxL0JvVzRQOW9MaHdSSWhFTzhnVktnK1hW
+OArFzvEULm92QAP7rzpoD/YBu4a5iDrKzVtFEYVIxf7CncBiO9L6Fb/1jjj9hjXw
+r2fFC5/Mt+5A3/Kw+s/wfLDIjs2x1k1Rw1hHPZAeRdhyeALDJdy1L2GWLLSfuKhq
+OceSSMhRsc72vo1pbVARD/6eOosyhmHzAX21O7TULh3O1pUIag18jBIh37nC8sn0
+a5/EX1Nj34oMSIB4gYeGTDTjl5ygNXOvFCIMZ0K1RCKClb17cmkSDWgg6vrzbo8k
+Ekm2plBkpeTw+9YenkZyWcJ+Kdpauyy3fvwmE+X7fHG2Xig3gRF7lv62wjj+HLew
+KqvGM5ZqcKu+kBK+VLj3xd7nIrrBiwXblJ2g2TxxuyORE+dcfkjmye1tVncWcOZJ
+NAUGxQWhNkFA1g40gM8M
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets.nix b/secrets.nix
index 9d4260a..321cc6b 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -60,6 +60,5 @@ in
 
   "agenix/hosts/mediaserver/tailscale/authkey.age".publicKeys = mediaserver;
 
-  "agenix/hosts/mediaserver/openvpn/authPP.age".publicKeys = mediaserver;
-  "agenix/hosts/mediaserver/openvpn/pp-nbg.age".publicKeys = mediaserver;
+  "agenix/hosts/mediaserver/wireguard/config.age".publicKeys = mediaserver;
 }
diff --git a/system/hosts/mediaserver.nix b/system/hosts/mediaserver.nix
index 053c19f..93a5bff 100644
--- a/system/hosts/mediaserver.nix
+++ b/system/hosts/mediaserver.nix
@@ -14,6 +14,8 @@ in
     ../nixos/attic.nix
 
     ../nixos/tailscale.nix
+
+    ../nixos/wireguard-netns.nix
   ];
 
   system.stateVersion = "22.11";
@@ -69,8 +71,6 @@ in
     useNetworkd = true;
   };
 
-  environment.systemPackages = with pkgs; [ wireguard-tools ];
-
   systemd.network = {
     enable = true;
 
diff --git a/system/nixos/openvpn-mediaserver.nix b/system/nixos/openvpn-mediaserver.nix
deleted file mode 100644
index eebfed6..0000000
--- a/system/nixos/openvpn-mediaserver.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }:
-
-{
-  services.openvpn.servers = {
-    pp = {
-      config = ''
-        auth-user-pass ${config.age.secrets.openvpn-auth-pp.path}
-        config ${config.age.secrets.openvpn-pp-nbg.path}
-      '';
-      updateResolvConf = false;
-    };
-  };
-}
diff --git a/system/nixos/wireguard-netns.nix b/system/nixos/wireguard-netns.nix
new file mode 100644
index 0000000..e59735b
--- /dev/null
+++ b/system/nixos/wireguard-netns.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [ wireguard-tools ];
+
+  systemd.services."netns@" = {
+    description = "%I network namespace";
+    before = [ "network.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = "${pkgs.iproute}/bin/ip netns add %I";
+      ExecStop = "${pkgs.iproute}/bin/ip netns del %I";
+    };
+  };
+
+  systemd.services.wg = {
+    description = "wg network interface";
+    bindsTo = [ "netns@wg.service" ];
+    requires = [ "network-online.target" ];
+    after = [ "netns@wg.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = with pkgs; writers.writeBash "wg-up" ''
+        set -e
+        ${iproute}/bin/ip link add wg0 type wireguard
+        ${wireguard-tools}/bin/wg setconf wg0 ${config.age.secrets.wireguard-config.path}
+        ${iproute}/bin/ip link set wg0 netns wg
+        ${iproute}/bin/ip -n wg address add 10.66.10.158/32 dev wg0
+        ${iproute}/bin/ip -n wg -6 address add fc00:bbbb:bbbb:bb01::3:a9d/128 dev wg0
+        ${iproute}/bin/ip -n wg link set wg0 up
+        ${iproute}/bin/ip -n wg route add default dev wg0
+        ${iproute}/bin/ip -n wg -6 route add default dev wg0
+      '';
+      ExecStop = with pkgs; writers.writeBash "wg-down" ''
+        ${iproute}/bin/ip -n wg route del default dev wg0
+        ${iproute}/bin/ip -n wg -6 route del default dev wg0
+        ${iproute}/bin/ip -n wg link del wg0
+      '';
+    };
+  };
+}