diff --git a/modules/profiles/base.nix b/modules/profiles/base.nix
index e40adbd..2f971c6 100644
--- a/modules/profiles/base.nix
+++ b/modules/profiles/base.nix
@@ -5,16 +5,6 @@
 }:
 
 with lib;
-let
-  nom-system = pkgs.writeShellApplication {
-    name = "nom-system";
-    runtimeInputs = with pkgs; [ nix-output-monitor ];
-    text = ''
-      nom build --no-link "/home/moritz/.dotfiles#nixosConfigurations.$(hostname).config.system.build.toplevel"
-    '';
-  };
-  nom-system-command = command: "${nom-system}/bin/nom-system && ${command}";
-in
 {
   users.users.moritz = {
     isNormalUser = true;
@@ -49,8 +39,8 @@ in
         rm = "rm -i";
         mv = "mv -i";
 
-        nixos-switch = nom-system-command "sudo nixos-rebuild switch --flake ~/.dotfiles";
-        nixos-boot = nom-system-command "sudo nixos-rebuild boot --flake ~/.dotfiles";
+        nixos-switch = "sudo nixos-rebuild switch --flake ~/.dotfiles";
+        nixos-boot = "sudo nixos-rebuild boot --flake ~/.dotfiles";
         nixos-update = "pushd ~/.dotfiles && nix flake update && popd";
 
         latexwatch = ''find -type f -name "*.tex" | entr -c latexmk -pdf -silent'';
@@ -87,7 +77,6 @@ in
     nixpkgs-fmt
     statix
     manix
-    nix-output-monitor
 
     # other
     bat
diff --git a/modules/profiles/desktop.nix b/modules/profiles/desktop.nix
index d70b17f..4a9e5d8 100644
--- a/modules/profiles/desktop.nix
+++ b/modules/profiles/desktop.nix
@@ -93,9 +93,9 @@ with lib; {
       kdeconnect.enable = true;
       mullvad.enable = true;
       openconnect.enable = true;
+      openvpn.enable = true;
       printing.enable = true;
       redshift.enable = true;
-      wireguard.enable = true;
     };
   };
 
diff --git a/modules/services/default.nix b/modules/services/default.nix
index d63a582..4d2b238 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -8,9 +8,9 @@
     ./kdeconnect.nix
     ./mullvad.nix
     ./openconnect.nix
+    ./openvpn.nix
     ./picom.nix
     ./printing.nix
     ./redshift.nix
-    ./wireguard.nix
   ];
 }
diff --git a/modules/services/openvpn.nix b/modules/services/openvpn.nix
new file mode 100644
index 0000000..b0b49bc
--- /dev/null
+++ b/modules/services/openvpn.nix
@@ -0,0 +1,39 @@
+{ config
+, lib
+, pkgs
+, ...
+}:
+
+with lib;
+let
+  cfg = config.my.services.openvpn;
+in
+{
+  options.my.services.openvpn.enable = mkEnableOption "openvpn";
+
+  config = lib.mkIf cfg.enable {
+    age.secrets = {
+      homeVPN = {
+        file = ../../secrets/home-vpn.age;
+        owner = "1000";
+      };
+      homeVPNPassword = {
+        file = ../../secrets/home-vpn-password.age;
+        owner = "1000";
+      };
+    };
+    services.openvpn.servers = {
+      homeVPN = {
+        config = "config /run/agenix/homeVPN ";
+        autoStart = false;
+        updateResolvConf = true;
+      };
+    };
+    systemd.services.openvpn-homeVPN-password = {
+      description = "Enter homeVPN password";
+      script = "cat /run/agenix/homeVPNPassword | systemd-tty-ask-password-agent";
+      wantedBy = [ "openvpn-homeVPN.service" ];
+      after = [ "openvpn-homeVPN.service" ];
+    };
+  };
+}
diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
deleted file mode 100644
index 8b0bbfb..0000000
--- a/modules/services/wireguard.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ config
-, lib
-, pkgs
-, ...
-}:
-
-with lib;
-let
-  cfg = config.my.services.wireguard;
-in
-{
-  options.my.services.wireguard.enable = mkEnableOption "wireguard";
-
-  config = lib.mkIf cfg.enable {
-    age.secrets = {
-      wireguard-private-key.file = ../../secrets/wireguard-private-key.age;
-      wireguard-preshared-key.file = ../../secrets/wireguard-preshared-key.age;
-    };
-    networking.firewall = {
-      allowedUDPPorts = [ 51820 ];
-    };
-    networking.wg-quick.interfaces = {
-      wg0 = {
-        autostart = false;
-        address = [ "10.8.0.3/24" ];
-        listenPort = 51820;
-        privateKeyFile = "/run/agenix/wireguard-private-key";
-        peers = [
-          {
-            publicKey = "bT/U8ko3i//vH8LNn2R56JkGMg+0GLFrZSF81BBax08=";
-            presharedKeyFile = "/run/agenix/wireguard-preshared-key";
-            # Forward all the traffic via VPN.
-            allowedIPs = [ "0.0.0.0/0" ];
-            endpoint = "wg.moritzboeh.me:51820";
-            persistentKeepalive = 25;
-          }
-        ];
-      };
-    };
-  };
-}
diff --git a/secrets/home-vpn-password.age b/secrets/home-vpn-password.age
new file mode 100644
index 0000000..ec25887
Binary files /dev/null and b/secrets/home-vpn-password.age differ
diff --git a/secrets/home-vpn.age b/secrets/home-vpn.age
new file mode 100644
index 0000000..6652e7b
Binary files /dev/null and b/secrets/home-vpn.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 179ef3a..0862e22 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -12,10 +12,10 @@ let
 in
 {
   "github.age".publicKeys = all;
+  "home-vpn-password.age".publicKeys = all;
+  "home-vpn.age".publicKeys = all;
   "nordvpn.age".publicKeys = all;
   "spotifyd.age".publicKeys = all;
   "ssh-home.age".publicKeys = all;
   "uni-vpn.age".publicKeys = all;
-  "wireguard-preshared-key.age".publicKeys = all;
-  "wireguard-private-key.age".publicKeys = all;
 }
diff --git a/secrets/wireguard-preshared-key.age b/secrets/wireguard-preshared-key.age
deleted file mode 100644
index b766d8b..0000000
--- a/secrets/wireguard-preshared-key.age
+++ /dev/null
@@ -1,16 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 CjuqfA HUg3FETh6ezG8DcEaFW/VYrzKoqpGKpWQKk2R+e4zzM
-Hnj5vK3gT2+BpGVYfQBPnosUiBgp2shs4g3Va1Z1JzU
--> ssh-ed25519 QRYDmg vc5Qzx8lbFF6BYV/BVNDv7+4tvwdGV8nyUHoVEr1yEA
-mp4s4Kg7UcS6HEcaZaFhypPQh6BzeeovpEzxn0Q91Q4
--> ssh-ed25519 wG6LYg ZDy84tJ1nyrtCdOVlF464rPAmWEQXcP11B30+ccXJ2k
-i+efuVas6vT9K55/soO2SOLxo29heQTR12gO5gx5SSI
--> ssh-ed25519 ZYd7Zg jmWJkTLgzrt3nU7KA3xRU37T3EriWngdbCC4GwS/pik
-PYtUFRBv8yIuHgDrMJNdrsUsqjjKc/+hmvj1+pY3MpQ
--> ssh-ed25519 as9VYQ qpAgrLdj/1tLgGSH/ixGisVSBAoDB2A/nednmGKqLiM
-AD6i7RrNgXcPW6ebr8T1vwsbGDQkWX/zNX7kLZ1bkTI
--> syy03-grease G1Yn Zq| $0
-EmxSuXdlQfAHuTHTAd4nvyFFhfOVswM9F79VwDNuXVkf/SatEO2uhCM4RmInrNhP
-a7U1TNxhGd4HuT0k5wqaN2Vr67adR6Hh024vaTxw9OHneQ
---- 7AIOs1wK0DIhK+AVkPDlOZjzFLfhsqZlWXVkLnXNcN8
-!È®¼^Ã.CJ°„¸ ª]¼JN‚§Äºfú0¼'Äajy+î?;à¼…Üw0wÒE`Sß¤¥¯Ò'¬Lá#1½Ò×ET¤.k=÷
\ No newline at end of file
diff --git a/secrets/wireguard-private-key.age b/secrets/wireguard-private-key.age
deleted file mode 100644
index 7c50bee..0000000
--- a/secrets/wireguard-private-key.age
+++ /dev/null
@@ -1,15 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 CjuqfA EQLHOBOVfp+j3x+coXt1isDkG+LvsSYkU8PT1cg97FQ
-NJWJKvmN4hUHsC34n1ap4HlipC0rGWlqrbgR4vm91YY
--> ssh-ed25519 QRYDmg LOvHPzC4zfX2rlQBxYwHoHhjftCyWnBRLXZ/aB1ekQM
-lVtsflczWZwhBx4FZeJK6jtcUCvwQKIA5Gmbth2to9U
--> ssh-ed25519 wG6LYg nqcLDqaVL7D0seK7kW52vmG/lm0Nd28lBroYrRMVynI
-oYA8E4DDR26gpRCdJMWtzoGvUTErI6GMSdF99kTNKtc
--> ssh-ed25519 ZYd7Zg vz3LZxq0+KTx6E4J0X6duivLP0TFtA8WaOQaiSmMcF4
-5g+3H/6J9FjsWifcfmEq8dz0hk4mpZhhJaEndPE3Mpw
--> ssh-ed25519 as9VYQ VIQ18yC/qEiP66hfCwWAbAbNCBypB47gbWkFg/TJmWE
-MXK5RnuwAlKt676CPO0N/3BeM9gsgMPZNEG1DXq8uXA
--> 8kx-grease s%obC ~GOw1 C
-
---- V8z981BPe2yVOaMCj2np9Vvvy/6zP8xHCFKRFwsceXs
-¢»„•¤ÇÜà+’Xobë_)È<zÝ¯mDPoçßê±KðÂ½ùÛÞZåé=Ø,ŒÂ¥ºt-·b+}vûçµpgÝÊU'	þø#/89„
\ No newline at end of file