diff --git a/misc/wg-client-conf.nix b/misc/wg-client-conf.nix
new file mode 100644
index 0000000..c7d5e5c
--- /dev/null
+++ b/misc/wg-client-conf.nix
@@ -0,0 +1,42 @@
+# use nix-build -E (import <system>/misc/wg-client-conf.nix {})
+{ pkgs ? import <nixpkgs> { }
+, address
+, privateKey
+, dns ? "8.8.8.8"
+, serverPublicKey
+, serverEndpoint
+}:
+
+let
+  toINI = pkgs.lib.generators.toINI { };
+
+  configs = toINI {
+    Interface = {
+      # "10.10.10.10/32"
+      Address = address;
+      # See <system>/notes/vpn.md to generate private key and public key
+      PrivateKey = privateKey;
+      DNS = dns;
+    };
+    Peer = {
+      # See <system>/notes/vpn.md to generate private key and public key
+      PublicKey = serverPublicKey;
+      AllowedIPs = "0.0.0.0/0";
+      # <hostname>:<port>
+      Endpoint = serverEndpoint;
+      PersistentKeepalive = 25;
+    };
+  };
+
+  configFile = pkgs.writeText "wg-client.conf" configs;
+
+  showQrcode = pkgs.writeScript "qrcode" ''
+    ${pkgs.qrencode}/bin/qrencode -t ansiutf8 < ${configFile}
+  '';
+in
+pkgs.runCommand "wg-client" { } ''
+  mkdir $out;
+
+  cp ${configFile} $out/wg-client.conf;
+  cp ${showQrcode} $out/qrcode;
+''