diff --git a/euhadra.nix b/euhadra.nix
index 8565676..5f7fc02 100644
--- a/euhadra.nix
+++ b/euhadra.nix
@@ -16,14 +16,13 @@ let mpdStreamingPort = 8080; in
       issue_discards = 1
     }
   '';
-  boot.initrd.luks.devices = [
-    {
-      name = "euhadra_crypt";
+  boot.initrd.luks.devices = {
+    euhadra_crypt = {
       device = "/dev/disk/by-uuid/328a9ede-0958-490b-8e82-62b06b839e21";
       preLVM = true;
       allowDiscards = true;
-    }
-  ];
+    };
+  };
 
   networking.hostName = "euhadra";
   networking.hostId = "ddb5f0fd";
@@ -32,9 +31,11 @@ let mpdStreamingPort = 8080; in
 
   services.mpd = {
     enable = true;
-    network.listenAddress = "any";
+    # network.listenAddress = "127.0.0.1";
     musicDirectory = "/mnt/aplysia/music";
     extraConfig = ''
+      bind_to_address "10.59.0.6"
+
       # audio_output {
       #   type "alsa"
       #   name "dac"
@@ -44,6 +45,7 @@ let mpdStreamingPort = 8080; in
       audio_output {
         type "pulse"
         name "pulse"
+        server "127.0.0.1"
       }
 
       audio_output {
@@ -58,9 +60,41 @@ let mpdStreamingPort = 8080; in
     '';
   };
 
+  services.pipewire = {
+    config.pipewire-pulse = {
+      "pulse.properties"."server.address" = [
+        "unix:native"
+        "tcp:127.0.0.1:4713"
+      ];
+    };
+  };
+
+  networking.wireguard.interfaces.wg0 = {
+    ips = ["10.59.0.6/16"];
+    privateKeyFile = "/etc/wgkeys/euhadra";
+    allowedIPsAsRoutes = true;
+    postSetup = ''
+      ${pkgs.systemd}/bin/resolvectl domain wg0 '~htdf.gebner.org' '~mtlaa.gebner.org' '~ams.gebner.org'
+      ${pkgs.systemd}/bin/resolvectl dns wg0 10.58.0.1
+    '';
+    peers = [{
+      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
+      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
+      endpoint = "htdf-gw.gebner.org:35869";
+      # endpoint = "80.109.29.104:35869";
+      # endpoint = "127.0.0.1:35869";
+    }];
+  };
+  # systemd.services.wireguard-wg0.wantedBy = pkgs.lib.mkOverride 10 [];
+
+  services.resolved = {
+    domains = [];
+    enable = true;
+  };
+
   networking.firewall.allowedTCPPorts = [
     config.services.mpd.network.port
-    4713 # pulseaudio
+    # 4713 # pulseaudio
     mpdStreamingPort # mpd streaming
   ];
 
@@ -70,16 +104,17 @@ let mpdStreamingPort = 8080; in
 
   nixpkgs.config.mpv.vaapiSupport = true;
 
-  hardware.pulseaudio = {
-    systemWide = true;
-    zeroconf.publish.enable = true;
-    tcp = {
-      enable = true;
-      anonymousClients.allowedIpRanges = [
-        "127.0.0.1"
-        "10.57.0.0/16"
-      ];
-    };
-  };
+  # hardware.pulseaudio = {
+  #   systemWide = true;
+  #   zeroconf.publish.enable = true;
+  #   tcp = {
+  #     enable = true;
+  #     anonymousClients.allowedIpRanges = [
+  #       "127.0.0.1"
+  #       "10.57.0.0/16"
+  #     ];
+  #   };
+  # };
 
+  system.stateVersion = "19.03";
 }