diff --git a/network/blatto/blatto.config-defaults b/network/blatto/blatto.config-defaults
new file mode 100644
index 0000000000000000000000000000000000000000..de825791b67a1932bcfc3459d72bb702a9f0375c
--- /dev/null
+++ b/network/blatto/blatto.config-defaults
@@ -0,0 +1,28 @@
+set -u
+true ${blatto_wg:=false}
+true ${blatto_wg_adopt:=false}
+
+true ${blatto_ipv6_prefix:=2a01:510:d504:75}
+true ${blatto_ipv4_prefix:=10.12}
+true ${blatto_public_ipv4:=95.85.217.30}
+
+true ${blatto_vlid:=1$blatto_user_id}
+true ${blatto_wg_vlid:=6$blatto_user_id}
+true ${blatto_wg_port:=120$blatto_wg_vlid}
+true ${blatto_wg_ip:=$blatto_public_ipv4}
+
+true ${blatto_upstreams:=mn awn mul}
+true ${blatto_upstream_mn_id:=2}
+true ${blatto_upstream_awn_id:=3}
+true ${blatto_upstream_mul_id:=4}
+
+true ${blatto_v4net:=$blatto_ipv4_prefix.$blatto_vlid}
+true ${blatto_v6net:=${blatto_ipv6_prefix}${blatto_user_id}a}
+true ${blatto_wg_v4net:=$blatto_ipv4_prefix.$blatto_wg_vlid}
+true ${blatto_wg_v6net:=${blatto_ipv6_prefix}${blatto_user_id}b}
+
+true ${blatto_ipv4:=$blatto_v4net.$blatto_device_id}
+true ${blatto_ipv6:=${blatto_v6net}::${blatto_device_id}}
+true ${blatto_untr_ipv4:=$blatto_ipv4_prefix.7$blatto_user_id.$blatto_device_id}
+true ${blatto_wg_ipv4:=$blatto_wg_v4net.$blatto_device_id}
+true ${blatto_wg_ipv6:=${blatto_wg_v6net}::${blatto_device_id}}
diff --git a/network/blatto/blatto.config-init b/network/blatto/blatto.config-init
new file mode 100644
index 0000000000000000000000000000000000000000..e0abdd6ab6a9b0597a9be25029f254a3900b1682
--- /dev/null
+++ b/network/blatto/blatto.config-init
@@ -0,0 +1,8 @@
+blatto_username=jirkalvoda
+blatto_user=jk
+blatto_user_id=1
+blatto_device_id=$fixme
+blatto_wg=true
+blatto_wg_adopt=true
+
+. /etc/net/blatto.config-defaults
diff --git a/network/blatto/init.sh b/network/blatto/init.sh
new file mode 100755
index 0000000000000000000000000000000000000000..d430c3b0f1a82d49cb5b3f63b199f9e64da63014
--- /dev/null
+++ b/network/blatto/init.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+. ../../userconfig-lib.sh
+version 0
+need_root
+install_begin
+
+confln blatto.config-defaults /etc/net/ cr
+
+if ! [[ -f /etc/net/blatto.config ]]
+then
+	confln blatto.config-init /etc/net/blatto.config cr
+	r -Pc vim /etc/net/blatto.config
+fi
+
+while true
+do
+	bash <<AMEN
+	set -eu
+	. /etc/net/blatto.config
+	echo \$blatto_username \$blatto_user \$blatto_user_id \$blatto_device_id
+AMEN
+	if [[ $? != 0 ]]
+	then
+		echo error in config
+		r -Pc vim /etc/net/blatto.config
+	else
+		break
+	fi
+done
+
+
+
+if $(bash -c '. /etc/net/blatto.config; echo $blatto_wg')
+then
+	r ./wg-blatto-init
+	confln wg-blatto /etc/net/ cr
+	confln wg-blatto-fix-egypt /etc/net/ cr
+fi
+
+confln untr-bl /etc/net/ cr
+
+confln scripts/con-sm /etc/net/ cr
+
+install_ok
diff --git a/network/blatto/scripts/con-sm b/network/blatto/scripts/con-sm
new file mode 100755
index 0000000000000000000000000000000000000000..02392cd717411a26f30aa3b1174a0ba7008ca486
--- /dev/null
+++ b/network/blatto/scripts/con-sm
@@ -0,0 +1,34 @@
+#!/bin/sh
+set -o xtrace
+
+. /etc/net/blatto.config
+
+interface=sm
+
+echo R | socat unix:/run/conntrack_hack -
+ip link set $interface up
+ip addres add $blatto_ipv4/24 dev $interface
+ip addres add $blatto_ipv6/64 dev $interface
+ip route add $blatto_ipv4_prefix.0.0/16 via $blatto_v4net.1 dev $interface metric 1000
+ip route add ${blatto_ipv6_prefix}00::0/56 via $blatto_v6net::1 dev wg-blatto metric 1000
+ip route add default via $blatto_v4net.1 dev $interface metric 1000
+ip route add default via $blatto_v6net::1 dev $interface metric 1000
+
+ip route add $blatto_v4net.0/24 dev $interface metric 100 table 12
+ip route add default via $blatto_v4net.1 dev $interface metric 100 table 12
+ip -6 route add $blatto_v6net::0/64 dev $interface metric 100 table 12
+ip -6 route add default via $blatto_v6net::1 dev $interface metric 100 table 12
+
+for ups in $blatto_upstreams
+do
+	ups_id=blatto_upstream_${ups}_id
+	ups_id=${!ups_id}
+	ip route add $blatto_v4net.0/24 dev $interface metric 100 table 12$ups_id
+	ip route add default via $blatto_v4net.$ups_id dev $interface metric 100 table 12$ups_id
+	ip -6 route add $blatto_v6net::0/64 dev $interface metric 100 table 12$ups_id
+	ip -6 route add default via $blatto_v6net::$ups_id dev $interface metric 100 table 12$ups_id
+done
+
+(echo domain jk.blatto.eu;  echo nameserver 10.12.11.1 ) | resolvconf -a $interface
+
+systemctl reload net-blatto-daemon
diff --git a/network/blatto/untr-bl b/network/blatto/untr-bl
new file mode 100755
index 0000000000000000000000000000000000000000..8c913e803ac74b51b733d9a490943d6636895c48
--- /dev/null
+++ b/network/blatto/untr-bl
@@ -0,0 +1,22 @@
+#!/bin/sh
+set -o xtrace
+
+. /etc/net/blatto.config
+
+ifname=untr-bl
+
+ip link add $ifname type sit remote $blatto_ipv4_prefix.70.1 local $blatto_ipv4 mode any
+ip link set $ifname up
+ip a add $blatto_untr_ipv4/32 dev $ifname
+ip route add default dev $ifname dev $ifname-$ups table 612
+
+for ups in $blatto_upstreams
+do
+	ups_id=blatto_upstream_${ups}_id
+	ups_id=${!ups_id}
+
+	ip link add $ifname-$ups type sit remote $blatto_ipv4_prefix.70.$ups_id local $blatto_ipv4 mode any
+	ip link set $ifname-$ups up
+	ip a add $blatto_untr_ipv4/32 dev $ifname-$ups
+	ip route add default dev $ifname-$ups dev $ifname-$ups table 612$ups_id
+done
diff --git a/network/blatto/wg-blatto b/network/blatto/wg-blatto
new file mode 100755
index 0000000000000000000000000000000000000000..dcb2329a6b7532ac4e0e2f4b909e84451897dd72
--- /dev/null
+++ b/network/blatto/wg-blatto
@@ -0,0 +1,63 @@
+#!/bin/bash
+set -uo xtrace -o pipefail
+. /etc/net/blatto.config
+
+set -o xtrace
+
+do_route_flush=\${1:-false}
+adopt=$blatto_wg_adopt
+
+ip link del wg-blatto || true
+rm /run/wg-blatto/ -r || true
+
+ip link add dev wg-blatto type wireguard
+ip addr add $blatto_wg_ipv4/24 dev wg-blatto metric 1100
+ip addr add $blatto_wg_ipv6/64 dev wg-blatto metric 1100
+wg set wg-blatto listen-port $blatto_wg_port private-key /etc/wireguard/blatto/$blatto_device_id.key
+wg set wg-blatto peer $(cat /etc/wireguard/blatto/blattes.pub) preshared-key /etc/wireguard/blatto/psk endpoint $blatto_public_ipv4:$blatto_wg_port allowed-ips 0.0.0.0/0,::0/0
+ip link set mtu 1432 dev wg-blatto
+ip link set wg-blatto up
+
+for ups in $blatto_upstreams
+do
+	ups_id=blatto_upstream_${ups}_id
+	ups_id=${!ups_id}
+	ip link del wg-blatto2$ups || true
+	ip link add wg-blatto2$ups type sit remote $blatto_wg_v4net.$ups_id local any mode any
+	ip link set wg-blatto2$ups up
+	ip route add $blatto_wg_v4net/24 dev wg-blatto table 12$ups_id metric 1100 src $blatto_wg_ipv4
+	ip route add $blatto_wg_v6net/64 dev wg-blatto table 12$ups_id metric 1100 src $blatto_wg_ipv4
+	ip route add default dev wg-blatto2$ups  table 12$ups_id metric 1100 src $blatto_wg_ipv4
+	ip route add default dev wg-blatto2$ups  table 12$ups_id metric 1100 src $blatto_wg_ipv6
+done
+
+ip route add $blatto_wg_v4net/24 dev wg-blatto table 12 metric 1100 src $blatto_wg_ipv4
+ip route add $blatto_wg_v6net/64 dev wg-blatto table 12 metric 1100 src $blatto_wg_ipv4
+ip route add default dev wg-blatto table 12 metric 1100 src $blatto_wg_ipv4
+ip route add default dev wg-blatto table 12 metric 1100 src $blatto_wg_ipv6
+
+mkdir /run/wg-blatto/
+echo $adopt > /run/wg-blatto/adopt
+
+systemctl reload net-blatto-daemon
+
+if $adopt
+then
+	ip addr add $blatto_ipv4/32 dev wg-blatto metric 1000
+	ip addr add $blatto_ipv6/128 dev wg-blatto metric 1000
+
+	ip route add default dev wg-blatto table 12 metric 1000 src $blatto_ipv4
+	ip route add default dev wg-blatto table 12 metric 1000 src $blatto_ipv6
+
+	for ups in $blatto_upstreams
+	do
+		ups_id=blatto_upstream_${ups}_id
+		ups_id=${!ups_id}
+		ip route add default dev wg-blatto2$ups  table 12$ups_id metric 1000 src $blatto_ipv4
+		ip route add default dev wg-blatto2$ups  table 12$ups_id metric 1000 src $blatto_ipv6
+	done
+fi
+
+# HACK
+ip addr del $blatto_Wg_ipv4/24 dev wg-blatto metric 1100
+ip addr add $blatto_Wg_ipv4/24 dev wg-blatto metric 1100
diff --git a/network/blatto/wg-blatto-fix-egypt b/network/blatto/wg-blatto-fix-egypt
new file mode 100755
index 0000000000000000000000000000000000000000..78c5f33360022ea5dee0b7eec491cef2bd770329
--- /dev/null
+++ b/network/blatto/wg-blatto-fix-egypt
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+. /etc/net/blatto.config
+
+p=$(( 40000 + $RANDOM % 100))
+(echo "hodnytunel"; sleep 1) | socat - udp:$blatto_public_ipv4:$blatto_wg_port,sourceport=$p;
+wg set wg-blatto listen-port $p private-key /etc/wireguard/blatto/22.key
diff --git a/network/blatto/wg-blatto-init b/network/blatto/wg-blatto-init
new file mode 100755
index 0000000000000000000000000000000000000000..d9132696b1899ef981a42b1f10a418641e4175a8
--- /dev/null
+++ b/network/blatto/wg-blatto-init
@@ -0,0 +1,15 @@
+#!/bin/bash
+set -euo xtrace -o pipefail
+
+. /etc/net/blatto.config
+
+vlan_name=$blatto_user
+id=$blatto_device_id
+
+mkdir -p /etc/wireguard/blatto
+cd /etc/wireguard/blatto/
+[ -f psk ] || (umask 0077 && wg genpsk > psk)
+[ -f $id.key ] || wg genkey | (umask 0077 && tee $id.key) | wg pubkey > $id.pub
+
+ssh root@blatto.eu cat /etc/wireguard/$vlan_name/blattes.pub > blattes.pub
+cat psk | ssh root@blatto.eu "wg-register $vlan_name $id $(hostname) $(cat $id.pub)" < psk
diff --git a/network/dhcpcd.enter-hook-defaults b/network/dhcpcd.enter-hook-defaults
index cf9b4d837770cb35fdf18314b1230411ce4924b0..8f3b0d1db9b8e9d76b71d96b2d0dc99a009d9c37 100644
--- a/network/dhcpcd.enter-hook-defaults
+++ b/network/dhcpcd.enter-hook-defaults
@@ -18,6 +18,8 @@ then
 	do
 		route default via 10.12.11.$i metric 300 table 12$i
 		route 10.12.11.0/24 dev $interface metric 300 table 12$i
+		route6 2a01:510:d504:751a::0/64 dev $interface metric 300 table 12
+		route6 default via 2a01:510:d504:751a::$i dev $interface metric 300 table 12
 	done
 
 	route6 default via 2a01:510:d504:751a::1 dev $interface metric 3004
diff --git a/network/hopik/scripts/con-sm b/network/hopik/scripts/con-sm
deleted file mode 100755
index 32b7b8bae6cb101716e751f5b6606247fd50065a..0000000000000000000000000000000000000000
--- a/network/hopik/scripts/con-sm
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/sh
-set -o xtrace
-
-#interface=enp3s0f4u1u1
-interface=sm
-
-echo R | socat unix:/run/conntrack_hack -
-ip link set $interface up
-ip addres add 10.12.11.22/24 dev $interface
-ip addres add 2a01:510:d504:751a::22/64 dev $interface
-ip route add 10.12.0.0/16 via 10.12.11.1 dev $interface metric 1000
-ip route add 2a01:510:d504:7500::0/56 via 2a01:510:d504:751a::1 dev wg-blatto metric 1000
-ip route add default via 10.12.11.1 dev $interface metric 1000
-ip route add default via 2a01:510:d504:751a::1 dev $interface metric 1000
-
-ip route add 10.12.11.0/24 dev $interface metric 100 table 12
-ip route add default via 10.12.11.1 dev $interface metric 100 table 12
-ip -6 route add 2a01:510:d504:751a::0/64 dev $interface metric 100 table 12
-ip -6 route add default via 2a01:510:d504:751a::1 dev $interface metric 100 table 12
-
-for i in 2 3 4
-do
-	ip route add route default via 10.12.11.$i metric 100 table 12$i
-	ip route add route 10.12.11.0/24 dev $interface metric 100 table 12$i
-done
-
-
-(echo domain jk.blatto.eu;  echo nameserver 10.12.11.1 ) | resolvconf -a $interface
-
-systemctl reload net-blatto-daemon
diff --git a/network/wg-blatto b/network/wg-blatto
deleted file mode 100755
index b21b6aa1404d389d7c7bb0ead41dd785140833e8..0000000000000000000000000000000000000000
--- a/network/wg-blatto
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/bin/bash
-set -euo xtrace -o pipefail
-
-vlan_name=$1
-id=$2
-adopt=false
-
-[ "${3:-no}" == adopt ] && adopt=true
-
-eval "$(ssh root@blatto.eu wg-get-metadata $vlan_name)"
-
-
-mkdir -p /etc/wireguard/blatto
-cd /etc/wireguard/blatto/
-[ -f psk ] || (umask 0077 && wg genpsk > psk)
-[ -f $id.key ] || wg genkey | (umask 0077 && tee $id.key) | wg pubkey > $id.pub
-
-ssh root@blatto.eu cat /etc/wireguard/$vlan_name/blattes.pub > blattes.pub
-cat psk | ssh root@blatto.eu "wg-register $vlan_name $id $(hostname) $(cat $id.pub)" < psk
-
-#cat $id.pub | ssh root@blatto.eu "cat > /etc/wireguard/$vlan_name/$id.pub"
-#cat psk | ssh root@blatto.eu "cat > /etc/wireguard/$vlan_name/$id.psk"
-
-
-mkdir -p /etc/net
-
-(
-cat <<AMEN
-#!/bin/sh
-set -o xtrace
-
-do_route_flush=\${1:-false}
-
-ip link del wg-blatto || true
-rm /run/wg-blatto/ || true
-
-ip link add dev wg-blatto type wireguard
-ip addr add $v4net.$id/24 dev wg-blatto metric 100
-ip addr add $v6net::$id/64 dev wg-blatto metric 100
-wg set wg-blatto listen-port 12061 private-key /etc/wireguard/blatto/$id.key
-wg set wg-blatto peer \$(cat /etc/wireguard/blatto/blattes.pub) preshared-key /etc/wireguard/blatto/psk endpoint $blattes_ipv4:$port allowed-ips 0.0.0.0/0,::0/0
-ip link set mtu 1432 dev wg-blatto
-ip link set wg-blatto up
-
-AMEN
-
-for ups in $upstreams
-do
-	ups_id=upstream_${ups}_id
-	ups_id=${!ups_id}
-	echo ip link del wg-blatto2$ups || true
-	echo ip link add wg-blatto2$ups type sit remote $ipv4_prefix.$vlid.$ups_id local any mode any
-	echo ip link set wg-blatto2$ups up
-	echo
-done
-
-cat <<AMEN
-
-ip route add default via $v4net.1 dev wg-blatto table 12 metric 1100
-ip route add default via $v6net::1 dev wg-blatto table 12 metric 1100
-
-ip route add default dev wg-blatto2mn  table 122 metric 1100 src $v4net.$id
-ip route add default dev wg-blatto2awn table 123 metric 1100 src $v4net.$id
-ip route add default dev wg-blatto2mul table 124 metric 1100 src $v4net.$id
-
-mkdir /run/wg-blatto/
-
-echo $adopt > /run/wg-blatto/adopt
-
-systemctl reload net-blatto-daemon
-AMEN
-if $adopt
-then
-cat <<AMEN
-ip addr add $adopt_v4net.$id/32 dev wg-blatto metric 1000
-ip addr add $adopt_v6net::$id/128 dev wg-blatto metric 1000
-
-ip route add default dev wg-blatto table 12 metric 1000 src $adopt_v4net.$id
-ip route add default dev wg-blatto table 12 metric 1000 src $adopt_v6net::$id
-
-ip route add default dev wg-blatto2mn table 122 metric 1000 src $adopt_v4net.$id
-ip route add default dev wg-blatto2awn table 123 metric 1000 src $adopt_v4net.$id
-ip route add default dev wg-blatto2mul table 124 metric 1000 src $adopt_v4net.$id
-
-ip addr del $v4net.$id/24 dev wg-blatto metric 1100
-ip addr add $v4net.$id/24 dev wg-blatto metric 1100
-AMEN
-fi
-) > /etc/net/wg-blatto
-
-rm /etc/net/wg-blatto-route || true
-
-chmod +x /etc/net/wg-blatto