diff --git a/ansible/host_vars/merlin b/ansible/host_vars/merlin
new file mode 100644
index 0000000..94abfdd
--- /dev/null
+++ b/ansible/host_vars/merlin
@@ -0,0 +1,40 @@
+---
+ansible_host: 65.109.13.133
+
+wireguard_address: "10.0.0.4/24"
+wireguard_endpoint: "65.109.13.133"
+wireguard_persistent_keepalive: "30"
+wireguard_allowed_ips: "10.0.0.0/24"
+
+wireguard_postup:
+  - iptables -A FORWARD -o %i -j ACCEPT
+  - iptables -A FORWARD -i %i -j ACCEPT
+  - iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
+
+wireguard_postdown:
+  - iptables -D FORWARD -i %i -j ACCEPT
+  - iptables -D FORWARD -o %i -j ACCEPT
+  - iptables -t nat -D POSTROUTING -o enp1s0 -j MASQUERADE
+
+wireguard_unmanaged_peers:
+  phone:
+    public_key: ioG35kDFTtip+Acfq+je9qDHYbZij+J6+Pg3T6Z4N0w=
+    allowed_ips: 10.0.0.3/32
+    persistent_keepalive: 0
+  zen:
+    public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
+    allowed_ips: 10.0.0.4/32
+    persistent_keepalive: 0
+consul_client_addr: "127.0.0.1 10.0.0.4"
+consul_bind_address: "10.0.0.4"
+consul_ui: True
+consul_iface: "wg0"
+nomad_bind_addr: "10.0.0.4"
+nomad_host_networks:
+  - name: "private"
+    interface: wg0
+  - name: "public"
+    interface: eth0
+  - name: "default"
+    interface: wg0
+vault_listener_address: 10.0.0.4
diff --git a/ansible/production b/ansible/production
index f0b9943..85a62c4 100644
--- a/ansible/production
+++ b/ansible/production
@@ -4,6 +4,7 @@ gerard
 
 [VPS]
 corwin
+merlin
 
 [dhcp]
 gerard
@@ -11,6 +12,7 @@ gerard
 [wireguard]
 corwin
 oscar
+merlin
 
 [database]
 oscar