diff --git a/hosts/muon/configuration.nix b/hosts/muon/configuration.nix
index 74780f1..fa254af 100644
--- a/hosts/muon/configuration.nix
+++ b/hosts/muon/configuration.nix
@@ -1,6 +1,5 @@
 { config, lib, pkgs, inputs, system, ... }:
-let
-  cfg = config.mods;
+let cfg = config.mods;
 
 in {
   # Hardware
@@ -10,9 +9,8 @@ in {
     inputs.actual.nixosModules.default
   ];
 
-  environment.systemPackages = with inputs.nix-alien.packages.${system}; [
-    nix-alien
-  ];
+  environment.systemPackages = with inputs.nix-alien.packages.${system};
+    [ nix-alien ];
 
   # System
   mods.user.name = "muon";
@@ -33,13 +31,14 @@ in {
   mods.server.media.enable = true;
   mods.server.astral.enable = true;
   mods.server.astral.autoStart = false;
-  
+
   mods.docker.media.enable = false;
 
   mods.server.sync.enable = true;
   mods.tailscale.enable = true;
   mods.openvpn.enable = false;
   mods.wireguard.enable = true;
+  mods.i2p.enable = true;
 
   services.xserver.windowManager.i3.enable = true;
   services.actual.enable = true;
diff --git a/modules/home/default.nix b/modules/home/default.nix
index b3492e6..3d56c0d 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -1,5 +1,5 @@
-{ pkgs, lib, config, osConfig, ... }: let
-  cfg = osConfig.mods;
+{ pkgs, lib, config, osConfig, ... }:
+let cfg = osConfig.mods;
 
 in {
   imports = [
diff --git a/modules/home/desktop/productivity.nix b/modules/home/desktop/productivity.nix
index 1290ef5..ed4c489 100644
--- a/modules/home/desktop/productivity.nix
+++ b/modules/home/desktop/productivity.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, ... }: {
+{ pkgs, lib, config, osConfig, ... }: {
   options.mods.desktop.productivity.enable =
     lib.mkEnableOption "enables gui productivity tools";
 
@@ -6,6 +6,8 @@
     home.packages = with pkgs; [
       # ISO downloader
       qbittorrent
+      xd
+      biglybt
       # transmission_4-gtk
 
       # email
@@ -33,6 +35,14 @@
       };
     };
 
+    xdg.desktopEntries = lib.mkIf osConfig.mods.i2p.enable {
+      i2p-browser = {
+        name = "i2p Browser";
+        genericName = "Web Browser";
+        exec = "${pkgs.mullvad-browser}/bin/mullvad-browser -p i2p";
+      };
+    };
+
     # programs.qutebrowser = {
     #   enable = true;
     # };
diff --git a/modules/nixos/core/network.nix b/modules/nixos/core/network.nix
index aab8f0b..2d3c923 100644
--- a/modules/nixos/core/network.nix
+++ b/modules/nixos/core/network.nix
@@ -1,9 +1,10 @@
 { pkgs, lib, config, ... }: {
   options.mods = {
+    i2p.enable = lib.mkEnableOption "enables i2p network";
     tailscale.enable = lib.mkEnableOption "enables tailscale";
     wireguard.enable = lib.mkEnableOption "enables wireguard client";
     openvpn.enable = lib.mkEnableOption "enables openvpn config";
-    openvpn.config = let 
+    openvpn.config = let
       username = "${config.mods.user.name}";
       folder = "${config.users.users.${username}.home}/documents/openvpn/";
       file = "${config.mods.user.name}.ovpn";
@@ -20,29 +21,42 @@
     services.tailscale.enable = config.mods.tailscale.enable;
 
     services.openvpn.servers = lib.mkIf config.mods.openvpn.enable {
-      remote.config = ''config ${config.mods.openvpn.config}'';
+      remote.config = "config ${config.mods.openvpn.config}";
     };
 
-    networking.firewall = lib.mkIf config.mods.wireguard.enable {
-      allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
+    networking.firewall.allowedTCPPorts = [
+      7656 # default proto sam port
+      7070 # default web interface port
+      4447 # default socks proxy port
+      4444 # default http proxy port
+    ];
+    services.i2pd = lib.mkIf config.mods.i2p.enable {
+      enable = true;
+      proto.sam.enable = true;
+      address = "127.0.0.1";
+      proto = {
+        http.enable = true;
+        socksProxy.enable = true;
+        httpProxy.enable = true;
+      };
     };
+
+    networking.firewall.allowedUDPPorts = [ 51820 ];
     networking.wg-quick.interfaces = lib.mkIf config.mods.wireguard.enable {
       wg0 = {
         address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ];
         dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
         mtu = 1500;
         privateKeyFile = "/home/muon/wireguard-keys/private";
-      
-        peers = [
-          {
-            publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
-            presharedKeyFile = "/home/muon/wireguard-keys/psk-muon";
-            allowedIPs = [ "0.0.0.0/0" "::/0" ];
-            # ip route add 93.95.230.11 via 192.168.0.1
-            endpoint = "93.95.230.11:51820";
-            persistentKeepalive = 25;
-          }
-        ];
+
+        peers = [{
+          publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
+          presharedKeyFile = "/home/muon/wireguard-keys/psk-muon";
+          allowedIPs = [ "0.0.0.0/0" "::/0" ];
+          # ip route add 93.95.230.11 via 192.168.0.1
+          endpoint = "93.95.230.11:51820";
+          persistentKeepalive = 25;
+        }];
       };
     };