diff --git a/mkosi.build b/mkosi.build
new file mode 100755
index 0000000..8dfb7fa
--- /dev/null
+++ b/mkosi.build
@@ -0,0 +1,4 @@
+#!/bin/sh
+npm install
+mkdir -p "${DESTDIR}/usr/local/lib"
+cp -r "${SRCDIR}" "${DESTDIR}/usr/local/lib/wgapi"
diff --git a/mkosi.default b/mkosi.default
new file mode 100644
index 0000000..48da6c1
--- /dev/null
+++ b/mkosi.default
@@ -0,0 +1,13 @@
+[Distribution]
+Distribution=arch
+
+[Output]
+Format=directory
+Output=/var/lib/machines/wgapi
+
+[Packages]
+Packages=npm
+
+[Content]
+Password=root
+WithNetwork=yes
diff --git a/mkosi.extra/etc/ssl/private/_ca.crt b/mkosi.extra/etc/ssl/private/_ca.crt
new file mode 100644
index 0000000..af1ae7f
--- /dev/null
+++ b/mkosi.extra/etc/ssl/private/_ca.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF7zCCA9egAwIBAgIUL/Lx0bFmVYjHfBLYYNZAJZ3Fj/4wDQYJKoZIhvcNAQEL
+BQAwgYYxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhDb2xvcmFkbzEPMA0GA1UEBwwG
+QmxhbmNhMRwwGgYDVQQKDBNHYWxhY3RpYyBGb3J0cmVzcyA0MQwwCgYDVQQLDANr
+aTkxDDAKBgNVBAMMA2dmNDEZMBcGCSqGSIb3DQEJARYKa2k5QGdmNC5wdzAeFw0y
+MTAyMTYwNzA1MTFaFw0yMzEyMDcwNzA1MTFaMIGGMQswCQYDVQQGEwJVUzERMA8G
+A1UECAwIQ29sb3JhZG8xDzANBgNVBAcMBkJsYW5jYTEcMBoGA1UECgwTR2FsYWN0
+aWMgRm9ydHJlc3MgNDEMMAoGA1UECwwDa2k5MQwwCgYDVQQDDANnZjQxGTAXBgkq
+hkiG9w0BCQEWCmtpOUBnZjQucHcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQCzjqhEgXhjzWl62JHYHvWRx+PU+b9P+Z9iaE43CWNCaD8+kpOBlsNFxqZO
+ZQCvMDmpGUyXEA941UqeJ9Pq7iPyHmFhxI+LPgdDpJtMlMYhhX6Bk5r6FtOKkjA0
+855CnoUIlztLKnz3Z75tblKuCKhWBx+AZL4WCzSIK2/SWronUKI3EzLgQbpstYX2
+RGLJK6GA7Eb66TfaAB1PjdsJmmJK/a13Sdlv/3HkAH1PVzvReo0ATKFspIu5jeSp
+MRMhNoVsRwmpe3G15Ss6ZlqFAUd3ahtrykaW8qr3i0hW28dyGJcjEHzL4vlCWl4f
+BQDE4uwae2TCtS6d4nQap4T6Vd1NEGuxqc5pRFlCYBy5UkuP8Kx+BnDnjpOeizft
+B2gZSj8oYffK9lD/E3Eg0/ozL/ChnXpu+T58xCiPkXLhTHXhoN4oNMBxBr6/hE8V
+U75JfB5XxzaVC6EOSkQBkPylt1WhUE8QAIiwZXZ2kgcZ9mHy64QDGtqQfVcCGmBD
+Dypm7C2YY9Nix29vOwvn1HO0slH6uN85FOUkjPZRNlqcGPoLPfB5AdwbyoDPlYYD
+n0ZyUTIC/DNqqAAANpiv/b8GqRvExU+/8/paLF2X1+LmjCvvNeOmpDHMGKaxDNSq
+nZroFzvHHtOeOXrra8M+G+6lMqdx9NVLfx0zVw/nmB8/zN5FhwIDAQABo1MwUTAd
+BgNVHQ4EFgQUvqxVtSSfih0gyTRngtWTJQfR2Z4wHwYDVR0jBBgwFoAUvqxVtSSf
+ih0gyTRngtWTJQfR2Z4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEAZgh9PqG+jsRrtSAdEqE2bzTufnBQFLne7lxB3SwOn6tbF2CP16P/HvHafDCw
+wBDteb9HVPn3T6jABiEBrGrNGuYWQ8JpUh/Iee1QhwrKT4fPAnpQfuudtnp9wC7s
+KZqJXR6LsmwRCtoYrKVzNJB8yLP3Q24BIZv9oDZLMza0Bv2IIQ6JxZ7MmNycYeVe
+zxLY/rec48yp8H5DJfCboyiN27wI+z+vbgYJLFbNYs5DuxfkTQBRWJdlIx8siOrQ
+47TYVoTIvhI90P9AcDeuEje0fWgZu73MOPSlVPU9fUfc+kqxgLb0fXyVj/Iy993n
+faWWBsgh++ZxOw1ySGApwCzphLHD7b4RUAbOd+bBmCduucYja5Z2PXSvhvjyq8yL
+MnWmVBAnErRv9qu7oHkHvHo+ZpWmNx3fOr1Y5B9bcOcuU5HnOap34IoaEiPoI+Sv
+zXU/0H8WMu2ArqrpZDfCaL1hSXLqVyU2tKdbXYwQzxc2SD0IPuTzxZsS8JAXWR7x
+3U7w8nnWepZEi/zvtHCyEuleca/tS8ZIGdyfyQQg9uJc0995IedxZ+ckkhXYLoqm
+c4Y0mulZ7EqyRTV2dMy9ZcX9toKfk2n4pjIzVw4w8AqGnZwV4ydN8+NnxzUh2RF+
+kMqCWaotcnevd74RI7rj3DG9RRM4+JJju2vi8JgENQQMXsY=
+-----END CERTIFICATE-----
diff --git a/mkosi.extra/etc/systemd/system/multi-user.target.wants/wgapi.service b/mkosi.extra/etc/systemd/system/multi-user.target.wants/wgapi.service
new file mode 120000
index 0000000..c6bc0d3
--- /dev/null
+++ b/mkosi.extra/etc/systemd/system/multi-user.target.wants/wgapi.service
@@ -0,0 +1 @@
+../../../../usr/local/lib/systemd/wgapi.service
\ No newline at end of file
diff --git a/mkosi.extra/etc/wireguard/wg0.conf b/mkosi.extra/etc/wireguard/wg0.conf
new file mode 100644
index 0000000..ac18be8
--- /dev/null
+++ b/mkosi.extra/etc/wireguard/wg0.conf
@@ -0,0 +1,189 @@
+
+[sudo] password for ki9: 
+Sorry, try again.
+[sudo] password for ki9: 
+[Interface]
+PrivateKey = wE9g7CrPnn1shOp7alObdh4LNk+HL4bNwr2APmhFQmM=
+Address = fd69:1337:0:420:f4:f4:0:1/80, 10.4.0.1/16
+#DNS = fd69:1337:0:420:f4:f4:0:1, 10.4.0.1, fd69:1337:0:420:f4:f4:0:3, 10.4.0.3
+ListenPort = 52348
+PostUp = resolvectl dns %i 10.4.0.1 fd69:1337:0:420:f4:f4::1 10.4.0.3 fd69:1337:0:420:f4:f4::3
+PostUp = resolvectl domain %i gf4
+PostUp = iptables -A FORWARD -i gf4 -o gf4 -j ACCEPT
+PostUp = iptables -A FORWARD -i gf4 -j ACCEPT
+PostUp = iptables -A FORWARD -o gf4 -j ACCEPT
+PostUp = iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
+PostUp = ip6tables -A FORWARD -i gf4 -o gf4 -j ACCEPT
+PostUp = ip6tables -A FORWARD -i gf4 -j ACCEPT
+PostUp = ip6tables -A FORWARD -o gf4 -j ACCEPT
+PostUp = ip6tables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
+PostDown = iptables -D FORWARD -i gf4 -o gf4 -j ACCEPT
+PostDown = iptables -D FORWARD -i gf4 -j ACCEPT
+PostDown = iptables -D FORWARD -o gf4 -j ACCEPT
+PostDown = iptables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE
+PostDown = ip6tables -D FORWARD -i gf4 -o gf4 -j ACCEPT
+PostDown = ip6tables -D FORWARD -i gf4 -j ACCEPT
+PostDown = ip6tables -D FORWARD -o gf4 -j ACCEPT
+PostDown = ip6tables -t nat -D POSTROUTING -o enp3s0 -j MASQUERADE
+
+[Peer] # krow.gf4
+PublicKey = 6VA79LOmlUaJSD1AiLEMCtnjMRZ7rwRrdbtNSCDtO2k=
+PresharedKey = u3ZaKx4ydnGz4NXaccQ91PA6wd8bGrdBzNJIbqCn7Zk=
+AllowedIPs = fd69:1337:0:420:f4:f4:0:0/96, 10.4.0.0/16
+Endpoint = 85.17.214.157:56333
+
+[Peer] # nginx-ksn.gf4
+PublicKey = gJ81HBDqs9SmFf6PqFeoyXkMu6CYDlePGJxD456Nmig=
+PresharedKey = FdpV0xKsxIeKWt1Q+uFtfo0RneiSHD1/hOhcNYKufXM=
+AllowedIPs = fd69:1337:0:420:f4:f4:0:101/128, 10.4.0.101/32
+Endpoint = 172.93.54.60:62194
+
+[Peer] # cfx.chris.gf4
+PublicKey = sJ3WF4xThDkuF/JI14XbjbFL38oJU7WF0oEGtZr2bnY=
+PresharedKey = G/pI6TQ1JPJfEMhtTxPZ7BGfIopOh9Hz6lGokqF9JI8=
+AllowedIPs = fd69:1337:0:420:f4:f4:2:1/128, 10.4.2.1/32
+
+[Peer] # kvr.ki9.gf4
+PublicKey = Oxu9igRGQQcsZ40vUnb7YiTu7vVhQ/oQb5jKd6V3JBc=
+PresharedKey = hjEjwra1LlbIUAzBUwSt6gWmIc+1tiKIOY+cmcY1Pew=
+AllowedIPs = fd69:1337:0:420:f4:f4:1:5/128, 10.4.1.5/32
+
+[Peer] # knr.ki9.gf4
+PublicKey = Qd9c2buI39yKZuJDN4r+ShgIUBpoETjvZR9hR+bNvVI=
+PresharedKey = l74QRRniTaIjwjtyR0NWC30xH+/0LWPDAI2Fs6YToDo=
+AllowedIPs = fd69:1337:0:420:f4:f4:1:6/128, 10.4.1.6/32
+
+[Peer] # kp3.ki9.gf4
+PublicKey = Cx1VK1PZddMu1sOv+kdp6GVr6oX4jGqOXF1WnZjnyBc=
+PresharedKey = VehQr/QY5lWSZ8UQ17g7ob7DebB0I1VgTfUrUlPnm0Q=
+AllowedIPs = fd69:1337:0:420:f4:f4:1:3/128, 10.4.1.3/32
+
+[Peer] # kp4.ki9.gf4
+PublicKey = 1JXIwB7yEAQTTbrUtGRmUFq6uKlOG9bsdiiODSIO+V8=
+PresharedKey = SD+4d7rX+kNwxsG0567VXxTzRfyl+mXdGqHMATopCGs=
+AllowedIPs = fd69:1337:0:420:f4:f4:1:4/128, 10.4.1.4/32
+
+[Peer] # bhp.ki9.gf4
+PublicKey = nZcMK7EslQNl8QHZrUpTGXCcPOJhQIMdReK90pQDqnE=
+PresharedKey = S8IYZIGjg+rHn4JJT8PI+/bRd2zS26l7BRKFGvCf7RM=
+AllowedIPs = fd69:1337:0:420:f4:f4:1:70/128, 10.4.1.70/32
+
+[Peer] # op1.ki9.gf4
+PublicKey = rjIcYsJEXtmNCHfC3XHT7txpAqhMY9PXhR/LvHgKDkE=
+PresharedKey = 0IfTYf/lBBUWIguEs6q/eYiTAZsafgSW06zGGz8tvgY=
+AllowedIPs = fd69:1337:0:420:f4:f4:1:11/128, 10.4.1.11/32
+
+[Peer] # phone.chris.gf4
+PublicKey = 9cQQ5lcs6JqCTuLBw/j22olAf5yuZoVfR6jqu9t40xE=
+PresharedKey = ItfoABRB/vUBaNJu2XkYzh8IZZC3Sc2XernFNUXMTls=
+AllowedIPs = fd69:1337:0:420:f4:f4:2:2/128, 10.4.2.2/32
+
+[Peer] # x230.chris.gf4
+PublicKey = B1/UaM8lrydA9TiT9K2PAO9+AO/l6KdhiKKG3Szn+FQ=
+PresharedKey = aHgoFAOG9hCtBDPKd1XjltnsEpK9o9AYKsjHJmJTmnk=
+AllowedIPs = fd69:1337:0:420:f4:f4:2:3/128, 10.4.2.3/32
+
+[Peer] # cpu.ico.gf4
+PublicKey = KW4q9oK635AbopBrHD1pWIe6YMi3aRtWfTk3UO//TBI=
+PresharedKey = Ddk24UOBMlVFMe4+xWZ/76y6fKap4n8FT1jJOJr5sMU=
+AllowedIPs = fd69:1337:0:420:f4:f4:3:1/128, 10.4.3.1/32
+
+[Peer] # phone.ico.gf4
+PublicKey = p6fsL3TmOnGbev7nq5x1UEvZfX0sYt54DwN+MCI8eWU=
+PresharedKey = koLI00VX8IZDhEZ4sRloB4+rnG+Z8yxjRKOpwoamrgI=
+AllowedIPs = fd69:1337:0:420:f4:f4:3:2/128, 10.4.3.2/32
+
+[Peer] # cpu2.ico.gf4
+PublicKey = mI692IzLnqtUVoQ+HwHbNsgBvtd2bB7+u3q4QDwkHgQ=
+PresharedKey = ej8MUmKTo0b4+M4YAJXMHj0NDI34Jk40Xom0WjL0RrY=
+AllowedIPs = 10.4.3.3/32, fd69:1337:0:420:f4:f4:3:3/128
+
+[Peer] # cpu3.ico.gf4
+PublicKey = biVvNHJQsjvGri6TADZcJyNPYSv6VxfQW45nfdOXBBA=
+PresharedKey = Bv53eLjb0+zKqyI4cukgUk7ppwNJ+nXY312WJQQRIUk=
+AllowedIPs = 10.4.3.4/32, fd69:1337:0:420:f4:f4:3:4/128
+
+[Peer] # laptop.ico.gf4
+PublicKey = F6nPbGSfudVRlfnfiNyB2ZZcu0Tw2Zz1i4PbMPw1dhE=
+PresharedKey = UWOtprs1xvRwZ9+p8fvLzC301+5GcjyJEBJ24jDPeTs=
+AllowedIPs = 10.4.3.5/32, fd69:1337:0:420:f4:f4:3:5/128
+
+[Peer] # phone0.chris.gf4
+PublicKey = YmuAGeAXs+0BSsdEiTKlq2mpYTzyK1hzDDTmxINdL1Y=
+PresharedKey = 9yg/LHFP/BAHwEQd1fwpU3bonLE3VQzjZ8j3fiNOChs=
+AllowedIPs = 10.4.2.5/32, fd69:1337:0:420:f4:f4:2:5/128
+
+[Peer] # dpi.ki9.gf4
+PublicKey = /WxektsH9OyOqGgm5baF8adbtKBbO6tm4juCstelTF0=
+PresharedKey = +rFuWUer0boUXyA+DhlkGjD2VzX9go1VSnYbUaUygQo=
+AllowedIPs = 10.4.1.16/32, fd69:1337:0:420:f4:f4:1:16/128
+
+[Peer] # cpu4.ico.gf4
+PublicKey = qhHTXRBodnuzNWyPhZzJjV5hSwDmshbdPI7AMNoIhRA=
+PresharedKey = SIfrh5Nb0xAjKbSaoYJuLv+d/c78feOPPOI/WRrLeqI=
+AllowedIPs = 10.4.3.6/32, fd69:1337:0:420:f4:f4:3:6/128
+
+[Peer] # macmini.don.gf4
+PublicKey = 2mDVjfhmbryoikrAF++9FWWmQi7cDJy7XTmGIqOUtAE=
+PresharedKey = p/8p6OsTfydz4OdgoxTVVn5v+IUHbUUiqKal5suULG4=
+AllowedIPs = 10.4.5.1/32, fd69:1337:0:420:f4:f4:5:1/128
+
+[Peer] # cpu5.ico.gf4
+PublicKey = MKG3VjyYXTq1MIX8bzsdawX+zB3tPTgvXYJPP87pv18=
+PresharedKey = fmz3oQ/nPUiwdVKwuYGmtxuW1ztRhvzy/74NZxFP5qQ=
+AllowedIPs = 10.4.3.7/32, fd69:1337:0:420:f4:f4:3:7/128
+
+[Peer] # cpu.test.gf4
+PublicKey = ys6bQ0C+QsYVja7Piy/3KSObf+dP2wqQTICfPH0C7nw=
+PresharedKey = WNnWMeB4d/Zs5GElsqJtSPtfgBI/msPkKaX21ZXLSCw=
+AllowedIPs = 10.4.4.1/32, fd69:1337:0:420:f4:f4:4:1/128
+
+[Peer] # kg5.ki9.gf4
+PublicKey = C6+34ICDYxnrQz4vpcL3/4kYuwUTcgED9YhdGPwqGDo=
+PresharedKey = 6Ia9/Kebauc1OsrHTorom7HsktYbnasRJ/opGwNQ4fc=
+AllowedIPs = 10.4.1.9/32, fd69:1337:0:420:f4:f4:1:9/128
+
+[Peer] # ocean.fal.gf4
+PublicKey = fePYBPIVz7hKbh4to0iXgHqkJ1UioJ0pA8g0k5gt71Q=
+PresharedKey = faP6oyRHVm+J2v+mW6r9JPXOjb1xZr8obnm7LQuPfH4=
+AllowedIPs = 10.4.6.1/32, fd69:1337:0:420:f4:f4:6:1/128
+
+[Peer] # wrd.woody.gf4
+PublicKey = W/wEIt1AghFFqx5C2yy2isYa400+43HJve/YGsoyZFc=
+PresharedKey = ylBsLXYccjsPs5MALAC+EPwiDaVlQ36tRCIEy1hQP4s=
+AllowedIPs = 10.4.7.1/32, fd69:1337:0:420:f4:f4:7:1/128
+
+[Peer] # cpu.aaruni.gf4
+PublicKey = fy/hRTZF+oyzV21mnDJfZFXamKTyqG1sQol0bDG0RmQ=
+PresharedKey = Exma2Np6qxnp6eslViA+OTNRRhp1DmZrIatYKTbfB2I=
+AllowedIPs = 10.4.8.1/32, fd69:1337:0:420:f4:f4:8:1/128
+
+[Peer] # cpu6.ico.gf4
+PublicKey = EWiKE/wsJOO6T00hZt4hIP1wte2Gi6XTbJ3xwN68WSA=
+PresharedKey = z8pAmuRZIpZ+t0Mi7cA0UaxgHo8l7e9/uVB6mOkZ4fU=
+AllowedIPs = 10.4.3.8/32, fd69:1337:0:420:f4:f4:3:8/128
+
+[Peer] # cpu7.ico.gf4
+PublicKey = Jx6wvtZGPYR68e6Jbn5tTp+FN6md7gww6lU25FATszs=
+PresharedKey = 2OfhD2WQ6dXv8cZYJWx2DZcMYU1uPSqJ0X7ipMMymNQ=
+AllowedIPs = 10.4.3.9/32, fd69:1337:0:420:f4:f4:3:9/128
+
+[Peer] # ci3.chris.gf4
+PublicKey = Vg4McMRsP1gtYtpimLWZjgBLaXoV8UeP6o9s8AVkV24=
+PresharedKey = bgDLIN0Mvd4NGhyoqzCm4yjJ1AJmvhexbOK4LmQI6vc=
+AllowedIPs = 10.4.2.4/32, fd69:1337:0:420:f4:f4:2:4/128
+
+[Peer] # dha.ki9.gf4
+PublicKey = eWKJe9gRanowDwXMBdlvN9P4ORHBIak1jqaD23vfD1k=
+PresharedKey = bZa4y7l9UpbfOaVeznpyVcq9/HEp+xV2eNEma4l6JUY=
+AllowedIPs = 10.4.1.10/32, fd69:1337:0:420:f4:f4:1:10/128
+
+[Peer] # zeus.ki9.gf4
+PublicKey = p1AwQ4URYdWKrHAUa+idkkFosCwCcgPTv3oXvvfd51E=
+PresharedKey = kEOxQlpO5HzFqMJ1uStQt62GgDIpost1QxJn/0m0rl8=
+AllowedIPs = 10.4.1.2/32, fd69:1337:0:420:f4:f4:1:2/128
+
+[Peer] # kamut.ki9.gf4
+PublicKey = m36oh4XyW4gWLOVXl8VdASFtgdI3hHY9ZqxNkbaOiG4=
+PresharedKey = MaUCTkbgEWwuA7MAaqra6sFwd/009q3qEijvD97j81M=
+AllowedIPs = 10.4.1.1/32, fd69:1337:0:420:f4:f4:1:1/128
diff --git a/mkosi.extra/usr/local/lib/systemd/system/wgapi.service b/mkosi.extra/usr/local/lib/systemd/system/wgapi.service
new file mode 100644
index 0000000..09e2106
--- /dev/null
+++ b/mkosi.extra/usr/local/lib/systemd/system/wgapi.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Wireguard API
+After=network.target
+
+[Service]
+WorkingDirectory=/usr/local/lib/wgapi/
+ExecStart=/usr/bin/npm run start
+
+[Install]
+WantedBy=multi-user.target
diff --git a/mkosi.nspawn b/mkosi.nspawn
new file mode 100644
index 0000000..ded5e07
--- /dev/null
+++ b/mkosi.nspawn
@@ -0,0 +1,2 @@
+[Exec]
+NotifyReady=true