diff --git a/home/private_dot_wireguard/adjudicator.conf.tmpl b/home/private_dot_wireguard/adjudicator.conf.tmpl
new file mode 100644
index 00000000..05f41f91
--- /dev/null
+++ b/home/private_dot_wireguard/adjudicator.conf.tmpl
@@ -0,0 +1,11 @@
+[Interface]
+# your own IP on the wireguard network
+Address = 192.168.2.2/24
+PrivateKey = {{ (secret "Wireguard - Adjudicator Secret" "NOTES") }}
+
+[Peer]
+PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
+# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
+AllowedIPs = 0.0.0.0/0, ::/0
+# ip and port of the peer
+Endpoint = 66.218.43.87:51820
diff --git a/home/private_dot_wireguard/adjudicator.pub b/home/private_dot_wireguard/adjudicator.pub
new file mode 100644
index 00000000..5813cede
--- /dev/null
+++ b/home/private_dot_wireguard/adjudicator.pub
@@ -0,0 +1 @@
+r2/IeYCO1T+l248387wUBoNnc2DK9O8pHcIr/NQqezM=
diff --git a/home/private_dot_wireguard/adjudicator.tmpl b/home/private_dot_wireguard/adjudicator.tmpl
new file mode 100644
index 00000000..068aff98
--- /dev/null
+++ b/home/private_dot_wireguard/adjudicator.tmpl
@@ -0,0 +1 @@
+{{ (secret "Wireguard - Adjudicator Secret" "NOTES") }}
diff --git a/home/private_dot_wireguard/bulwark.conf.tmpl b/home/private_dot_wireguard/bulwark.conf.tmpl
index 4a1228a4..3623e982 100644
--- a/home/private_dot_wireguard/bulwark.conf.tmpl
+++ b/home/private_dot_wireguard/bulwark.conf.tmpl
@@ -1,7 +1,6 @@
 [Interface]
 # your own IP on the wireguard network
 Address = 192.168.2.4/24
-Table = auto
 PrivateKey = {{ (secret "Wireguard - Bulwark Secret" "NOTES") }}
 
 [Peer]
diff --git a/provision/nixos/hosts/kestrel/configuration.nix b/provision/nixos/hosts/kestrel/configuration.nix
index 20720f66..4a526710 100644
--- a/provision/nixos/hosts/kestrel/configuration.nix
+++ b/provision/nixos/hosts/kestrel/configuration.nix
@@ -58,6 +58,15 @@
     extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ]; # Enable ‘sudo’ for the user.
   };
 
+  # Password-less root
+  security.sudo.extraRules = [{ 
+    users = [ "${user}" ];
+    commands = [{ 
+      command = "ALL" ;
+      options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea
+    }];
+  }];
+  
   # List packages installed in system profile.
   environment.systemPackages = with pkgs; [
       # One-off stable packages
diff --git a/provision/nixos/modules/system/wireguard-client.nix b/provision/nixos/modules/system/wireguard-client.nix
index f2c48917..c5dac83b 100644
--- a/provision/nixos/modules/system/wireguard-client.nix
+++ b/provision/nixos/modules/system/wireguard-client.nix
@@ -16,6 +16,9 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    # Create qr code for phones with:
+    # qrencode -t ansiutf8 < myfile_here
+    environment.systemPackages = with pkgs; [ qrencode ];
     networking.firewall = {
       allowedUDPPorts = [ 51820 ];
     };