diff --git a/deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml b/deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml
new file mode 100644
index 0000000..6f536f8
--- /dev/null
+++ b/deployments/serverBuild/wg_vpn/tasks/posttasks_ios.yml
@@ -0,0 +1,13 @@
+- name: (local) fill out the rest of the wg0.conf file
+  blockinfile:
+    path: ~/wireguard/ios.conf
+    block: |
+      Address = 10.200.219.10/32, fd86:ea04:1115::10/128
+      DNS = 1.1.1.1
+          
+      [Peer]
+      PublicKey = {{ server_publickey.stdout }}
+      Endpoint = vpn.awful.club:51820
+      AllowedIPs = 0.0.0.0/0, ::/0
+
+ 
diff --git a/deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml b/deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml
new file mode 100644
index 0000000..8c6bcb8
--- /dev/null
+++ b/deployments/serverBuild/wg_vpn/tasks/pretasks_ios.yml
@@ -0,0 +1,15 @@
+- name: make wg dir since macs are now weird about /etc/anything
+  file:
+    path: ~/wireguard/
+    state: directory
+
+- name: Generate keys
+  shell: |
+    printf "[Interface]\nPrivateKey = " > ~/wireguard/ios.conf
+    wg genkey | tee -a ~/wireguard/ios.conf | wg pubkey > ~/wireguard/ios_publickey
+  vars:
+    umask: "077"      
+
+- name: register publickey for later use
+  shell: cat ~/wireguard/ios_publickey
+  register: ios_publickey