diff --git a/pkg/zones/machine.go b/pkg/zones/machine.go
index 0a49ad3..1dd64a2 100644
--- a/pkg/zones/machine.go
+++ b/pkg/zones/machine.go
@@ -43,6 +43,24 @@ func (m *Machine) IsGateway() bool {
 	return ok
 }
 
+// SetGateway enables/disables a Machine ring0 integration
+func (m *Machine) SetGateway(enabled bool) error {
+	ri, found := m.getRingInfo(0)
+	switch {
+	case !found && !enabled:
+		return nil
+	case !found:
+		var err error
+
+		if ri, err = m.createRingInfo(0, false); err != nil {
+			return err
+		}
+	}
+
+	ri.Enabled = enabled
+	return m.SyncWireguardConfig(0)
+}
+
 // Zone indicates the [Zone] this machine belongs to
 func (m *Machine) Zone() int {
 	return m.zone.ID
diff --git a/pkg/zones/machine_rings.go b/pkg/zones/machine_rings.go
index bd67099..4ca1911 100644
--- a/pkg/zones/machine_rings.go
+++ b/pkg/zones/machine_rings.go
@@ -261,3 +261,55 @@ func (m *Machine) RemoveWireguardConfig(ring int) error {
 
 	return err
 }
+
+// SyncWireguardConfig updates all wgN.conf files for the specified
+// ring
+func (m *Machine) SyncWireguardConfig(ring int) error {
+	return m.zone.SyncWireguardConfig(ring)
+}
+
+// WriteWireguardConfig ...
+func (m *Machine) WriteWireguardConfig(ring int) error {
+	r, err := NewRing(m.zone.zones, m.zone, ring)
+	if err != nil {
+		return err
+	}
+
+	return m.writeWireguardRingConfig(r)
+}
+
+func (m *Machine) writeWireguardRingConfig(r *Ring) error {
+	wg, err := r.ExportConfig(m)
+	if err != nil {
+		return nil
+	}
+
+	f, err := m.CreateTruncFile("wg%v.conf", r.ID)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	_, err = wg.WriteTo(f)
+	return err
+}
+
+func (m *Machine) createRingInfo(ring int, enabled bool) (*RingInfo, error) {
+	keys, err := wireguard.NewKeyPair()
+	if err != nil {
+		return nil, err
+	}
+
+	ri := &RingInfo{
+		Ring:    ring,
+		Enabled: enabled,
+		Keys:    keys,
+	}
+
+	err = m.applyRingInfo(ring, ri)
+	if err != nil {
+		return nil, err
+	}
+
+	return ri, nil
+}