diff --git a/configs/default.nix b/configs/default.nix
index 310c6bc..f41f4eb 100644
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -246,6 +246,7 @@ in {
     ./nix.nix
     ./newsboat.nix
     ./flameshot.nix
+    ./fritzbox.nix
     ./packages.nix
     ./picom.nix
     ./stardict.nix
diff --git a/configs/fritzbox.nix b/configs/fritzbox.nix
new file mode 100644
index 0000000..e8d35eb
--- /dev/null
+++ b/configs/fritzbox.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+  networking.wg-quick.interfaces.aether = {
+    dns = ["192.168.178.1" "fritz.box"];
+    listenPort = 51820;
+    privateKeyFile = config.age.secrets.wireguard-aether-key.path;
+    peers = [
+      {
+        allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
+        endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
+        persistentKeepalive = 25;
+        presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
+        publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
+      }
+    ];
+  };
+}
diff --git a/secrets b/secrets
index a4e26dd..cd5d126 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit a4e26dd9dfe8c9e44dc1d5070b0b76da425958c8
+Subproject commit cd5d1268394694957d268cc75fc41cfb9ccec341
diff --git a/secrets.txt b/secrets.txt
index d0a7f79..2434a37 100644
--- a/secrets.txt
+++ b/secrets.txt
@@ -13,6 +13,8 @@ secrets/fatteh-retiolum-privateKey-ed25519.age
 secrets/fatteh-retiolum-privateKey-rsa.age
 secrets/fatteh-syncthing-cert.age
 secrets/fatteh-syncthing-key.age
+secrets/fatteh-wireguard-aether-key.age
+secrets/fatteh-wireguard-aether-psk.age
 secrets/ful-retiolum-privateKey-ed25519.age
 secrets/ful-retiolum-privateKey-rsa.age
 secrets/ful-root.age
@@ -25,6 +27,8 @@ secrets/kabsa-retiolum-privateKey-ed25519.age
 secrets/kabsa-retiolum-privateKey-rsa.age
 secrets/kabsa-syncthing-cert.age
 secrets/kabsa-syncthing-key.age
+secrets/kabsa-wireguard-aether-key.age
+secrets/kabsa-wireguard-aether-psk.age
 secrets/kfm-password.age
 secrets/ledger-basicAuth.age
 secrets/makanek-retiolum-privateKey-ed25519.age
@@ -33,6 +37,8 @@ secrets/manakish-retiolum-privateKey-ed25519.age
 secrets/manakish-retiolum-privateKey-rsa.age
 secrets/manakish-syncthing-cert.age
 secrets/manakish-syncthing-key.age
+secrets/manakish-wireguard-aether-key.age
+secrets/manakish-wireguard-aether-psk.age
 secrets/maxmind-license-key.age
 secrets/mega-password.age
 secrets/miniflux-api-token.age
diff --git a/systems/fatteh/configuration.nix b/systems/fatteh/configuration.nix
index e7ac8a3..e7c749a 100644
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -38,8 +38,12 @@ in {
     restic.file = ../../secrets/restic.age;
     syncthing-cert.file = ../../secrets/fatteh-syncthing-cert.age;
     syncthing-key.file = ../../secrets/fatteh-syncthing-key.age;
+    wireguard-aether-key.file = ../../secrets/fatteh-wireguard-aether-key.age;
+    wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
   };
 
+  networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
+
   networking.hostName = "fatteh";
   networking.retiolum = retiolumAddresses.fatteh;
 
diff --git a/systems/kabsa/configuration.nix b/systems/kabsa/configuration.nix
index 6adfb4a..7a899e9 100644
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -43,8 +43,12 @@ in {
     restic.file = ../../secrets/restic.age;
     syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
     syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
+    wireguard-aether-key.file = ../../secrets/kabsa-wireguard-aether-key.age;
+    wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
   };
 
+  networking.wg-quick.interfaces.aether.address = ["192.168.178.203/24"];
+
   environment.systemPackages = [pkgs.zeroad];
 
   networking = {
diff --git a/systems/manakish/configuration.nix b/systems/manakish/configuration.nix
index 36067b1..26602f5 100644
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -32,8 +32,12 @@ in {
     };
     syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age;
     syncthing-key.file = ../../secrets/manakish-syncthing-key.age;
+    wireguard-aether-key.file = ../../secrets/manakish-wireguard-aether-key.age;
+    wireguard-aether-psk.file = ../../secrets/manakish-wireguard-aether-psk.age;
   };
 
+  networking.wg-quick.interfaces.aether.address = ["192.168.178.204/24"];
+
   stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
 
   niveum = {