diff --git a/modules/applications/packages.nix b/modules/applications/packages.nix
index 485d685..0b85ff4 100644
--- a/modules/applications/packages.nix
+++ b/modules/applications/packages.nix
@@ -34,7 +34,9 @@ with deviceSpecific; {
     libnotify
     tree
     iperf
+
     (youtube-to-mpv.override { isLaptop = isLaptop; })
+    wg-conf
     # Other
     (vivaldi.override { proprietaryCodecs = true; })
     wget
diff --git a/modules/applications/wg-conf.nix b/modules/applications/wg-conf.nix
new file mode 100644
index 0000000..38a2fd5
--- /dev/null
+++ b/modules/applications/wg-conf.nix
@@ -0,0 +1,19 @@
+{ stdenv, pkgs }:
+let
+  myScript = pkgs.writeShellScriptBin "wg-conf" ''
+    if [[ -z "$1" ]]; then
+      exit 1
+    fi
+    systemctl stop wg-quick-wg0.service
+    cp "$1" /root/wg0.conf
+    systemctl start wg-quick-wg0.service
+  '';
+in
+stdenv.mkDerivation rec {
+  name = "wg-conf";
+  src = myScript;
+  installPhase = ''
+    mkdir -p $out/bin
+    cp ./bin/wg-conf $out/bin/wg-conf
+  '';
+}
\ No newline at end of file
diff --git a/modules/hardware.nix b/modules/hardware.nix
index af34d5a..67510ce 100644
--- a/modules/hardware.nix
+++ b/modules/hardware.nix
@@ -58,6 +58,9 @@ with deviceSpecific; {
       anonymousClients.allowedIpRanges = ["127.0.0.1"];
     };
   };
+  boot.extraModprobeConfig = lib.mkIf (device == "AMD-Workstation") ''
+    options snd slots=snd_virtuoso,snd_usb_audio
+  '';
 
   # SSD Section
   boot.kernel.sysctl = {
diff --git a/modules/packages.nix b/modules/packages.nix
index 04e3c94..62fb147 100644
--- a/modules/packages.nix
+++ b/modules/packages.nix
@@ -3,6 +3,7 @@
     (self: old: rec {
       # nerdfonts = nur.balsoft.pkgs.roboto-mono-nerd;
       youtube-to-mpv = pkgs.callPackage ./applications/youtube-to-mpv.nix {};
+      wg-conf = pkgs.callPackage ./applications/wg-conf.nix {};
       xonar-fp = pkgs.writers.writeBashBin "xonar-fp" ''
         CURRENT_STATE=`amixer -c 0 sget "Front Panel" | egrep -o '\[o.+\]'`
         if [[ $CURRENT_STATE == '[on]' ]]; then
@@ -25,6 +26,7 @@
   nixpkgs.config = {
     packageOverrides = pkgs: {
       i3lock-fancy = pkgs.callPackage ./applications/i3lock-fancy.nix {};
+      git-with-libsecret = pkgs.git.override { withLibsecret = true; };
       mullvad-vpn = pkgs.mullvad-vpn.overrideAttrs (oldAttrs: rec {
         version = "2019.8";
         src = pkgs.fetchurl {
diff --git a/modules/services.nix b/modules/services.nix
index 5fa218b..c9aa979 100644
--- a/modules/services.nix
+++ b/modules/services.nix
@@ -83,6 +83,8 @@
 
   services.upower.enable = true;
 
+  services.gnome3.gnome-keyring.enable = true;
+
   # virtualisation.docker.enable = config.deviceSpecific.isHost;
   # virtualisation.virtualbox.host = lib.mkIf config.deviceSpecific.isHost {
   #   enable = true;
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index 297449f..35730f3 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -2,45 +2,37 @@
 let
   cfg = config.secrets.wireguard.${config.device};
 in {
-  # Enable wireguard
-  networking.wg-quick.interfaces = lib.mkIf cfg.enable {
-    wg0 = cfg.interface;
-  };
-  # Enable killswitch
-  environment.systemPackages =
-    lib.mkIf (cfg.killswitch.package == "iptables") [
-      pkgs.iptables
-    ];
-  networking.nftables =
-    lib.mkIf (cfg.killswitch.package == "nftables") {
-    enable = true;
-    ruleset = ''
-      flush ruleset
-      table inet firewall {
-          chain input {
-              type filter hook input priority 0; policy drop;
-              iif "lo" accept
-              ct state { established, related } accept
-              ct state invalid drop
-              ip protocol icmp icmp type echo-request accept
-              ip daddr 192.168.0.1/24 accept
-              reject
-          }
-          chain forward {
-              type filter hook forward priority 0; policy drop;
-          }
-          chain output {
-              type filter hook output priority 0; policy drop;
-              oifname "lo" accept
-              oifname "wg0" accept
-              oifname "docker0" accept
-              oifname "vboxnet0" accept
-              oifname "vboxnet1" accept
-              udp dport domain drop
-              ip daddr 192.168.0.1/24 accept
-              udp dport 51820 accept
-          }
-      }
-    '';
+  config = lib.mkIf cfg.enable {
+    boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
+    environment.systemPackages = [ pkgs.wireguard pkgs.wireguard-tools ];
+    networking.firewall.checkReversePath = false;
+
+    systemd.services."wg-quick-wg0" = {
+      description = "wg-quick WireGuard Tunnel - wg0";
+      requires = [ "network-online.target" ];
+      after = [ "network.target" "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+      environment.DEVICE = "wg0";
+      path = [ pkgs.kmod pkgs.wireguard-tools ];
+
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+
+      script = ''
+        ${lib.strings.optionalString (!config.boot.isContainer) "modprobe wireguard"}
+        wg-quick up /root/wg0.conf
+      '';
+
+      postStart = lib.mkIf cfg.killswitch ''
+        ${pkgs.iptables}/bin/iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ${pkgs.iptables}/bin/iptables -I OUTPUT -s 192.168.0.0/24 -j ACCEPT && ${pkgs.iptables}/bin/ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
+      '';
+
+      preStop = ''
+        ${lib.strings.optionalString (cfg.killswitch) "${pkgs.iptables}/bin/iptables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ${pkgs.iptables}/bin/iptables -D OUTPUT -s 192.168.0.0/24 && ${pkgs.iptables}/bin/ip6tables -D OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT"}
+        wg-quick down /root/wg0.conf
+      '';
+    };
   };
 }
\ No newline at end of file
diff --git a/modules/workspace/misc.nix b/modules/workspace/misc.nix
index 56e1ce4..a70b6fa 100644
--- a/modules/workspace/misc.nix
+++ b/modules/workspace/misc.nix
@@ -15,8 +15,14 @@
     services.udiskie.enable = true;
     programs.git = {
       enable = true;
+      package = pkgs.git-with-libsecret;
       userEmail = "alukard.develop@gmail.com";
       userName = "Dmitriy Holkin";
+      extraConfig = {
+        credential = {
+          helper = "libsecret";
+        };
+      };
     };
     news.display = "silent";
     # programs.command-not-found = {
diff --git a/modules/workspace/zsh.nix b/modules/workspace/zsh.nix
index d59196c..cd0a89a 100644
--- a/modules/workspace/zsh.nix
+++ b/modules/workspace/zsh.nix
@@ -45,10 +45,12 @@
       "clr" = "clear";
       "weather" = "curl wttr.in/Volzhskiy";
       "l" = "ls -lah --group-directories-first";
-      "rede" = "systemctl --user start redshift.service";
-      "redd" = "systemctl --user stop redshift.service";
-      "bare" = "systemctl --user start barrier-client.service";
-      "bard" = "systemctl --user stop barrier-client.service";
+      "rede" = "systemctl --user start redshift.service &";
+      "redd" = "systemctl --user stop redshift.service &";
+      "bare" = "systemctl --user start barrier-client.service &";
+      "bard" = "systemctl --user stop barrier-client.service &";
+      "wgup" = "_ systemctl start wg-quick-wg0.service";
+      "wgdown" = "_ systemctl stop wg-quick-wg0.service";
     };
   };
 }
diff --git a/secret.nix.gpg b/secret.nix.gpg
index 29c425c..90152bc 100644
Binary files a/secret.nix.gpg and b/secret.nix.gpg differ