diff --git a/flake.nix b/flake.nix
index 29d518d..d3653fa 100644
--- a/flake.nix
+++ b/flake.nix
@@ -89,6 +89,17 @@
         ];
       };
 
+      # VPS - Wireguard
+      nixosConfigurations."tempore" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = inputs;
+        modules = [
+          nur.nixosModules.nur
+          home-manager.nixosModules.home-manager
+          ./machines/tempore
+        ];
+      };
+
       # These machines will be configured later.
       /* # Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support
          nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem {
diff --git a/machines/example/default.nix b/machines/example/default.nix
index 4516a06..cb088d6 100644
--- a/machines/example/default.nix
+++ b/machines/example/default.nix
@@ -14,24 +14,29 @@ in {
   networking.hostName = "MACHINE";
 
   # All "my" options
-  my.laptop.enable = true;
-  my.git.enable = true;
+  my.laptop.enable = false;
+  my.git.enable = false;
   my.roles = {
-    design.enable = true;
-    devel.enable = true;
-    gaming.enable = true;
-    graphical.enable = true;
+    design.enable = false;
+    devel.enable = false;
+    gaming.enable = false;
+    graphical.enable = false;
     graphical.basic.enable = false;
-    latex.enable = true;
-    media-client.enable = true;
-    torrent.enable = true;
-    virtualisation.enable = true;
+    latex.enable = false;
+    media-client.enable = false;
+    torrent.enable = false;
+    virtualisation.enable = false;
     yggdrasil-client.enable = true;
 
-    server = { ivabus-dev.enable = true; };
+    server = {
+      ivabus-dev.enable = false;
+      slides-ivabus-dev.enable = false;
+      urouter.enable = false;
+    };
   };
   my.users = {
     ivabus.enable = true;
+    ivabus.dotfiles.enable = true;
     user.enable = false;
   };
   my.features.secrets = true;
diff --git a/machines/tempore/default.nix b/machines/tempore/default.nix
new file mode 100644
index 0000000..422eb53
--- /dev/null
+++ b/machines/tempore/default.nix
@@ -0,0 +1,68 @@
+{ config, pkgs, lib, secrets, ... }:
+
+let my = import ../..;
+in {
+  imports = [
+    ./hardware.nix # Use nixos-generate-config --show-hardware-config > /etc/nixos/machines/MACHINE/hardware.nix
+    my.modules
+  ];
+
+  networking.hostName = "tempore";
+  services.qemuGuest.enable = true;
+
+  # All "my" options
+  my.laptop.enable = false;
+  my.git.enable = false;
+  my.roles = {
+    design.enable = false;
+    devel.enable = false;
+    gaming.enable = false;
+    graphical.enable = false;
+    graphical.basic.enable = false;
+    latex.enable = false;
+    media-client.enable = false;
+    torrent.enable = false;
+    virtualisation.enable = false;
+    yggdrasil-client.enable = true;
+
+    server = {
+      ivabus-dev.enable = false;
+      slides-ivabus-dev.enable = false;
+      urouter.enable = false;
+    };
+  };
+  my.users = {
+    ivabus.enable = true;
+    ivabus.dotfiles.enable = true;
+    user.enable = false;
+  };
+  my.features.secrets = true;
+
+  networking.useDHCP = true;
+
+  networking.nat.enable = true;
+  networking.nat.externalInterface = "ens3";
+  networking.nat.internalInterfaces = [ "wg0" ];
+  networking.firewall = { allowedUDPPorts = [ 51820 ]; };
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.1/24" ];
+      listenPort = 51820;
+
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE
+      '';
+
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE
+      '';
+
+      privateKey = secrets.wireguard.privateKey;
+
+      peers = secrets.wireguard.peers;
+    };
+  };
+
+  system.stateVersion = "23.05";
+}
diff --git a/machines/tempore/hardware.nix b/machines/tempore/hardware.nix
new file mode 100644
index 0000000..07e27c1
--- /dev/null
+++ b/machines/tempore/hardware.nix
@@ -0,0 +1,11 @@
+{ modulesPath, ... }: {
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/vda";
+  boot.initrd.availableKernelModules =
+    [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
+  boot.initrd.kernelModules = [ "nvme" ];
+  fileSystems."/" = {
+    device = "/dev/vda1";
+    fsType = "ext4";
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index 6bf416f..26fd220 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -10,4 +10,5 @@ else {
   maas-address = builtins.readFile ./secrets/maas-address;
   yggdrasil-peer = builtins.readFile ./secrets/yggdrasil-peer;
   yggdrasil-password = builtins.readFile ./secrets/yggdrasil-password;
+  wireguard = import ./secrets/wireguard.nix;
 }
diff --git a/secrets/wireguard.nix b/secrets/wireguard.nix
new file mode 100644
index 0000000..14b6a66
Binary files /dev/null and b/secrets/wireguard.nix differ