diff --git a/hosts/beryllium/configuration.nix b/hosts/beryllium/configuration.nix
index bb01c6f..5ea865a 100644
--- a/hosts/beryllium/configuration.nix
+++ b/hosts/beryllium/configuration.nix
@@ -20,6 +20,36 @@
 
   networking.hostName = "beryllium";
 
+  petabyte.policyrouting = {
+    enable = true;
+    rules6 = [
+      { rule = "from 2a01:4f8:c0c:15f1::8107/128 lookup 200"; prio = 20000; }
+      { rule = "from 2a01:4f8:c0c:15f1::8107/128 unreachable"; prio = 20001; }
+    ];
+    rules4 = [
+      { rule = "from 10.20.30.107/32 lookup 200"; prio = 20000; }
+      { rule = "from 10.20.30.107/32 unreachable"; prio = 20001; }
+    ];
+  };
+
+
+  networking.wireguard.enable = true;
+  networking.wireguard.interfaces = {
+    wg-clerie = {
+      ips = [ "2a01:4f8:c0c:15f1::8107/128" "10.20.30.107/32" ];
+      table = "200";
+      peers = [
+        {
+          endpoint = "vpn.clerie.de:51820";
+          persistentKeepalive = 25;
+          allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
+          publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
+        }
+      ];
+      privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
+    };
+  };
+
   clerie.monitoring = {
     enable = true;
     id = "213";
diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix
index 6961a77..7415bf4 100644
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@@ -88,6 +88,11 @@
           allowedIPs = [ "2a01:4f8:c0c:15f1::8106/128" "10.20.30.106/32" ];
           publicKey = "kuUeStBuU6d8PGFHFhP5pEvy0nuZ0TmScI8w7MOt0is=";
         }
+        {
+          # beryllium
+          allowedIPs = [ "2a01:4f8:c0c:15f1::8107/128" "10.20.30.107/32" ];
+          publicKey = "SReFUcvw/4fLSkFGjkhDRyY9wyMCcjJ4Yiczt9X64Eo=";
+        }
       ];
       listenPort = 51820;
       allowedIPsAsRoutes = false;