diff --git a/modules/wireguard.py b/modules/wireguard.py
new file mode 100644
index 00000000..8511483d
--- /dev/null
+++ b/modules/wireguard.py
@@ -0,0 +1,10 @@
+# Copyright 2024 dhtech
+#
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file
+
+
+def generate(host, *args):
+    return {'wireguard': None}
+
+# vim: ts=4: sts=4: sw=4: expandtab
diff --git a/modules/wireguard/manifests/init.pp b/modules/wireguard/manifests/init.pp
new file mode 100644
index 00000000..1c411f03
--- /dev/null
+++ b/modules/wireguard/manifests/init.pp
@@ -0,0 +1,48 @@
+class wireguard {
+  # Execute 'apt-get update'
+  exec { 'apt-update':                    # exec resource named 'apt-update'
+    command => '/usr/bin/apt-get update'  # command this resource will run
+  }
+
+  # Install wireguard package
+  package { 'wireguard':
+    ensure  => installed,
+    require => Exec['apt-update'],        # require 'apt-update' before installing
+  }
+
+  # Create wireguard interface
+  exec { 'create':
+    require => Package['wireguard'],
+    command => '/usr/bin/ip link add dev wg0 type wireguard',
+    unless  => '/usr/bin/ip link show wg0'
+  }
+
+
+# Set wireguard interface IP
+  exec { 'set wg interface IP':
+    require => Package['wireguard'],
+    command => '/usr/bin/ip address add dev wg0 77.80.200.129/25',
+    unless  => '/usr/bin/ip addr show wg0 | grep 77.80.200.129/25'
+  }
+
+# Specify all clients usable IPs 77.80.200.130 - 77.80.200.254
+  $clients = [
+    { nick => 'felix', ip => '77.80.200.130', key => '5Dk2crqm8A51OQ1blVK701YMZj33U+GONpmLrr0LWkM=' },
+    { nick => 'washington', ip => '77.80.200.131', key => 'Z8aCXv4ydIhUEtvH+NJv39mAMGiS8uF8oNgCoIByAFI=' },
+  ]
+
+
+# Build the wg0 config file will all clients from previous step
+  file { 'setConf':
+    ensure  => file,
+    path    => '/etc/wireguard/wg0.conf',
+    notify  => Exec[syncConf],
+    content => template('wireguard/templates/wg0.conf.erb'),
+  }
+
+# Sync changes towards the wg0 interface
+  exec { 'syncConf':
+    require => Package['wireguard'],
+    command => '/usr/bin/wg syncconf wg0 /etc/wireguard/wg0.conf',
+  }
+}
\ No newline at end of file
diff --git a/modules/wireguard/templates/wg0.conf.erb b/modules/wireguard/templates/wg0.conf.erb
new file mode 100644
index 00000000..993d734b
--- /dev/null
+++ b/modules/wireguard/templates/wg0.conf.erb
@@ -0,0 +1,13 @@
+[Interface]
+#Just placeholder privkey will be pulled from vault
+PrivateKey = UJywHJtV58X11nF6zmouBCmfKfKbH4iggugRA/Th/k8=
+ListenPort = 51820
+
+
+<% @clients.each do |client| -%>
+#<%= client['nick'] %>
+[Peer]
+PublicKey = <%= client['key'] %>
+AllowedIPs = <%= client['ip'] %>
+
+<% end -%>