diff --git a/ansible/templates/wireguard/wg0.conf b/ansible/templates/wireguard/wg0.conf.j2
similarity index 100%
rename from ansible/templates/wireguard/wg0.conf
rename to ansible/templates/wireguard/wg0.conf.j2
diff --git a/wg.mk b/wg.mk
index 23e2414..ce3a7c5 100644
--- a/wg.mk
+++ b/wg.mk
@@ -1,15 +1,21 @@
-public_key := $(shell cat /etc/wireguard/dmz_public_key)
+public_key = $(shell cat /etc/wireguard/dmz_public_key)
 name := $(shell git config list | grep user.nam | cut -d= -f2)
 
 wgkeys.rec: /etc/wireguard/dmz_public_key
 	recins $@ -t $(basename $@) -f name -v "$(name)" -f pubkey -v "$(public_key)"
 
+/etc/wireguard/dmz.conf: xecut/nimbus/wireguard_client.conf | /etc/wireguard/dmz_private_key
+	sed 's/PRIVATE_KEY/$(shell cat $|)/' $< > $@
+
 /etc/wireguard/dmz_private_key: | /bin/wg
 	$| genkey > $@
 	chmod 700 $@
 
+ansible/host_vars/local_host.yml: wgkeys.rec
+	recsel $< -t $(basename $<) -e 'name = "$(name)"' -P pubkey
+
 /etc/wireguard/dmz_public_key: /etc/wireguard/dmz_private_key | /bin/wg
 	$| pubkey < $< > $@
 
 .PHONY: wgkeys
-wgkeys: /etc/wireguard/dmz_public_key ## Create dmz-keys on your machine for wiregurd.
+wgkeys: /etc/wireguard/dmz.conf ## Create dmz-keys on your machine for wiregurd.
diff --git a/xecut/nimbus/wireguard_client.conf b/xecut/nimbus/wireguard_client.conf
new file mode 100644
index 0000000..61abc9a
--- /dev/null
+++ b/xecut/nimbus/wireguard_client.conf
@@ -0,0 +1,14 @@
+
+[Interface]
+Address = 10.0.0.1/24
+SaveConfig = true
+PrivateKey = PRIVATE_KEY
+ListenPort = 51900
+
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+
+[Peer]
+PublicKey = GH+qA1Au9BraGhNt7Aqp8tdhGVfH8ENnY3VzKhe69XQ=
+AllowedIPs = 10.0.0.2/32
+