diff --git a/network/blatto-wg b/network/blatto-wg
new file mode 100755
index 0000000000000000000000000000000000000000..3dca72dcb6f3d5cda4314c80f99d05a1489c3756
--- /dev/null
+++ b/network/blatto-wg
@@ -0,0 +1,35 @@
+#!/bin/sh
+set -euo xtrace -o pipefail
+
+vlan_name=$1
+id=$2
+
+eval "$(ssh root@blatto.eu wg-get-metadata $vlan_name)"
+
+
+mkdir -p /etc/wireguard/blatto
+cd /etc/wireguard/blatto/
+[ -f psk ] || (umask 0077 && wg genpsk > psk)
+[ -f $id.key ] || wg genkey | (umask 0077 && tee $id.key) | wg pubkey > $id.pub
+
+ssh root@blatto.eu cat /etc/wireguard/$vlan_name/blattes.pub > blattes.pub
+cat psk | ssh root@blatto.eu "wg-register $vlan_name $id $(hostname) $(cat $id.pub)" < psk
+
+#cat $id.pub | ssh root@blatto.eu "cat > /etc/wireguard/$vlan_name/$id.pub"
+#cat psk | ssh root@blatto.eu "cat > /etc/wireguard/$vlan_name/$id.psk"
+
+
+
+cat <<AMEN
+#!/bin/sh
+set -o xtrace
+
+ip link add dev wg-blatto type wireguard
+ip addr add $v4net.$id/24 dev wg-blatto
+ip addr add $v6net::$id/64 dev wg-blatto
+wg set wg-blatto listen-port 12061 private-key /etc/wireguard/blatto/$id.key
+wg set wg-blatto peer \$(cat /etc/wireguard/blatto/blattes.pub) preshared-key /etc/wireguard/blatto/psk endpoint $blattes_ipv4:$port allowed-ips 0.0.0.0/0,::0/0
+ip link set wg-blatto up
+ip route add $ipv4_prefix.0.0/16 via $v4net.1 dev wg-blatto metric 1000
+ip route add ${ipv6_prefix}00::0/56 via $v6net::1 dev wg-blatto metric 1000
+AMEN