diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..691037e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.venv/*
diff --git a/README.md b/README.md
index e69de29..612ce68 100644
--- a/README.md
+++ b/README.md
@@ -0,0 +1,37 @@
+# Wireguard automated install with vagrant and asnible provision
+
+
+## Dependencies:
+System:
+
+```bash
+# apt install python3 python3-pip python3-venv
+```
+
+Python:
+
+```bash
+python3 -m venv .venv
+source ./.venv/bin/activate
+pip install -r requirements.txt
+```
+Ansible:
+
+```bash
+ansible-galaxy install -r requirements.yml
+```
+
+
+## Start
+```bash
+./virsh_network/start.sh
+cd vg && vagrant up --provider=libvirt --no-parallel
+```
+
+
+## Destroy the environment
+```bash
+vagrant destroy
+./virsh_network/destroy.sh
+```
+
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..89b6b79
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1 @@
+ansible==7.3.0
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..4fe55ce
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,4 @@
+#  ansible-galaxy collection list
+collections:
+  - name:   community.general
+    version: '5.6.0'
diff --git a/vg/.gitignore b/vg/.gitignore
new file mode 100644
index 0000000..2c72071
--- /dev/null
+++ b/vg/.gitignore
@@ -0,0 +1 @@
+.vagrant/*
diff --git a/vg/Vagrantfile b/vg/Vagrantfile
new file mode 100644
index 0000000..cfd48aa
--- /dev/null
+++ b/vg/Vagrantfile
@@ -0,0 +1,46 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "generic/ubuntu2004"
+
+  config.vm.provider :libvirt do |libvirt|
+    libvirt.qemu_use_session = false
+  end
+  
+  config.vm.define "kp-root-node" do |rootNode|
+   rootNode.vm.hostname = "kp-root-node"
+   rootNode.vm.network :private_network, ip: "192.168.123.10", :libvirt_network_mage => "kp_wg_network"
+   rootNode.vm.provider :kvm do | kvm, override |
+      kvm.memory_size = '2048m'
+    end
+    rootNode.vm.provider :libvirt do |libvirt, override|
+      libvirt.memory = 2048
+      libvirt.nested = true
+      libvirt.cpus = 2
+    end
+
+    # Ansible provisioning
+    rootNode.vm.provision "server_init", type:'ansible' do |ansible|
+      ansible.playbook = "playbooks/server_init.yml"
+      ansible.become = true
+      ansible.host_key_checking = false
+      ansible.verbose = "v"
+    end
+  end
+
+  (1..3).each do |i|
+    config.vm.define "kp-client#{i}" do |client|
+      client.vm.hostname = "kp-client#{i}"
+      client.vm.network :private_network, ip: "192.168.123.1#{i}", :libvirt_network_mage => "kp_wg_network"
+      client.vm.provider :kvm do | kvm, override |
+        kvm.memory_size = '2048m'
+      end
+      client.vm.provider :libvirt do |libvirt, override|
+        libvirt.memory = 1024
+        libvirt.nested = true
+        libvirt.cpus = 1
+      end 
+    end
+  end
+end
diff --git a/vg/playbooks/add_peers.yml b/vg/playbooks/add_peers.yml
new file mode 100644
index 0000000..e69de29
diff --git a/vg/playbooks/peer_init.yml b/vg/playbooks/peer_init.yml
new file mode 100644
index 0000000..e69de29
diff --git a/vg/playbooks/server_init.yml b/vg/playbooks/server_init.yml
new file mode 100644
index 0000000..f2a9039
--- /dev/null
+++ b/vg/playbooks/server_init.yml
@@ -0,0 +1,83 @@
+---
+- hosts: all
+  become: yes
+  tasks:
+    - name: Install wireguard and ufw
+      ansible.builtin.apt:
+        name: 
+          - wireguard
+          - ufw
+        state: present
+
+    - name: Generate a wireguard server privatekey
+      ansible.builtin.shell: "wg genkey > /etc/wireguard/private.key"
+
+    - name: Read privatekey from the wireguard folder
+      ansible.builtin.shell: "cat /etc/wireguard/private.key"
+      register: server_private_key_stdout
+
+    - name: Set the file content to a variable
+      ansible.builtin.set_fact:
+        server_private_key: "{{ server_private_key_stdout.stdout }}"
+
+    - name: Get the default public interface
+      ansible.builtin.shell: "ip route list | grep default | awk '{print $5}'"
+      register: server_public_interface_stdout
+
+    - name: Set the stdout of the public interface to a variable
+      ansible.builtin.set_fact:
+        server_public_interface: "{{ server_public_interface_stdout.stdout }}"
+
+    - name: Protect the privatekey by allowing only the root user to read
+      ansible.builtin.file:
+        path: "/etc/wireguard/private.key"
+        owner: root
+        group: root
+        mode: '077'
+
+    - name: Generate a wireguard server pubkey
+      ansible.builtin.shell: "cat /etc/wireguard/private.key | wg pubkey > /etc/wireguard/public.key"
+
+    - name: Protect the privatekey by allowing only the root user to read
+      ansible.builtin.file:
+        path: "/etc/wireguard/public.key"
+        owner: root
+        group: root
+
+    - name: Install the server wireguard template to the server
+      ansible.builtin.template:
+        src: "server_wg0.conf"
+        dest: "/etc/wireguard/wg0.conf"
+
+    - name: Ensure that the permissions to the config are not too open
+      ansible.builtin.file:
+        path: "/etc/wireguard/wg0.conf"
+        owner: root
+        group: root
+        mode: '077'
+
+    - name: Allow everything and enable UFW
+      community.general.ufw:
+        state: enabled
+        policy: allow
+
+    - name: Set logging for the ufw
+      community.general.ufw:
+        logging: 'on'
+
+    - name: Allow all access to port 22
+      community.general.ufw:
+        rule: allow
+        port: '22'
+
+    - name: Allow all access to wireguard port (udp)
+      community.general.ufw:
+        rule: allow
+        port: '51820'
+        proto: udp
+
+    - name: Start the wireguard service
+      ansible.builtin.service:
+        name: wg-quick@wg0.service
+        enabled: yes
+        state: started
diff --git a/vg/playbooks/server_wg0.conf b/vg/playbooks/server_wg0.conf
new file mode 100644
index 0000000..fb8c7b6
--- /dev/null
+++ b/vg/playbooks/server_wg0.conf
@@ -0,0 +1,10 @@
+[Interface]
+PrivateKey = {{ server_private_key }}
+Address = 10.6.0.1/24
+ListenPort = 51820
+SaveConfig = true
+
+PostUp = ufw route allow in on wg0 out on {{ server_public_interface }}
+PostUp = iptables -t nat -I POSTROUTING -o {{ server_public_interface }} -j MASQUERADE
+PreDown = ufw route delete allow in on wg0 out on {{ server_public_interface }}
+PreDown = iptables -t nat -D POSTROUTING -o {{ server_public_interface }} -j MASQUERADE
diff --git a/virsh_network/destroy.sh b/virsh_network/destroy.sh
new file mode 100755
index 0000000..4ae5a5f
--- /dev/null
+++ b/virsh_network/destroy.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -eux
+
+NETWORK_NAME="kp_wg_network"
+
+sudo virsh net-destroy $NETWORK_NAME 
+sudo virsh net-undefine $NETWORK_NAME 
diff --git a/virsh_network/kp_wg_network.xml b/virsh_network/kp_wg_network.xml
new file mode 100644
index 0000000..daa257c
--- /dev/null
+++ b/virsh_network/kp_wg_network.xml
@@ -0,0 +1,14 @@
+<network>
+  <name>kp_wg_network</name>
+  <forward mode="nat">
+      <nat>
+      <port start='1024' end='65535'/>
+    </nat>
+  </forward>
+  <bridge name="kp_wg_network" stp='on' delay='0'/>
+  <ip address="192.168.123.1" netmask="255.255.255.0">
+    <dhcp>
+      <range start="192.168.123.2" end="192.168.123.254"/>
+    </dhcp>
+  </ip>
+</network>
diff --git a/virsh_network/start.sh b/virsh_network/start.sh
new file mode 100755
index 0000000..dfc45cf
--- /dev/null
+++ b/virsh_network/start.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -eux
+
+NETWORK_NAME="kp_wg_network"
+
+sudo virsh net-define "${NETWORK_NAME}.xml"
+sudo virsh net-start $NETWORK_NAME 
+sudo virsh net-autostart $NETWORK_NAME 
+
+sudo virsh net-list --all