diff --git a/wireguard/README.md b/wireguard/README.md
new file mode 100644
index 0000000..de5a3ad
--- /dev/null
+++ b/wireguard/README.md
@@ -0,0 +1,8 @@
+# Configuration de `wireguard`
+
+Serveur VPN.
+
+## Emplacements
+
+- `./server/*` -> `/etc/wireguard/*`
+- `./clients/*` -> N.A.
diff --git a/wireguard/clients/wifi_fablab.conf b/wireguard/clients/wifi_fablab.conf
new file mode 100644
index 0000000..c1fef3e
--- /dev/null
+++ b/wireguard/clients/wifi_fablab.conf
@@ -0,0 +1,11 @@
+[Interface]
+Address = 10.0.0.2/24
+PrivateKey = #! TODO use Secrets
+DNS = 208.67.222.222, 208.67.220.220
+MTU = 1420
+
+[Peer]
+AllowedIPs = 0.0.0.0/1, 128.0.0.0/1, ::/1, 8000::/1 # Don't intercept local traffic
+Endpoint = cohabit.fr:#! TODO use Secrets
+PersistentKeepalive = 25
+PublicKey = #! TODO use Secrets
diff --git a/wireguard/server/wg0.conf b/wireguard/server/wg0.conf
new file mode 100644
index 0000000..344f22c
--- /dev/null
+++ b/wireguard/server/wg0.conf
@@ -0,0 +1,13 @@
+[Interface]
+PrivateKey = #! TODO use Secrets
+Address = 10.0.0.1/24
+MTU = 1420
+ListenPort = #! TODO use Secrets
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE
+
+### Wifi Fablab ###
+[Peer]
+PublicKey = #! TODO use Secrets
+AllowedIPs = 10.0.0.2/32
+###################