diff --git a/.gitignore b/.gitignore
index d128ad9..8089eb0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1 @@
-userdata/userdata.json
-hardware-configuration.nix
-networking.nix
\ No newline at end of file
+userdata/userdata.json
\ No newline at end of file
diff --git a/configuration.nix b/configuration.nix
index 1281ac4..50f3ecf 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -6,7 +6,6 @@ in
 {
   imports = [
     ./hardware-configuration.nix
-
     ./variables-module.nix
     ./variables.nix
     ./files.nix
@@ -34,9 +33,14 @@ in
   boot.cleanTmpDir = true;
   networking = {
     hostName = config.services.userdata.hostname;
+    usePredictableInterfaceNames = false;
     firewall = {
       allowedTCPPorts = lib.mkForce [ 22 25 80 143 443 465 587 993 8443 ];
       allowedUDPPorts = lib.mkForce [ 8443 ];
+      extraCommands = ''
+        iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
+        iptables --append FORWARD --in-interface vpn00 -j ACCEPT
+      '';
     };
     nameservers = [ "1.1.1.1" "1.0.0.1" ];
   };
@@ -84,4 +88,4 @@ in
       enable = true;
     };
   };
-}
+}
\ No newline at end of file
diff --git a/hardware-configuration.nix b/hardware-configuration.nix
new file mode 100644
index 0000000..7480c73
--- /dev/null
+++ b/hardware-configuration.nix
@@ -0,0 +1,9 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  fileSystems = {
+    "/" = { device = "/dev/sda1"; fsType = "ext4"; };
+    "/var" = { device = "/dev/sdb"; fsType = "ext4"; };
+  };
+}
\ No newline at end of file