diff --git a/mullvad.spec b/mullvad.spec
new file mode 100644
index 0000000..262067d
--- /dev/null
+++ b/mullvad.spec
@@ -0,0 +1,70 @@
+Name:           3isec-qubes-mullvad-vpn
+Version:       	1.0
+Release:        1%{?dist}
+Summary:        Set up a Mullvad wireguard proxy in Qubes
+
+License:        GPLv3+
+SOURCE0:	      mullvad
+
+%description
+This package sets up a VPN gateway, named MullvadVPN
+It follows the method detailed in the Mullvad docs,
+https://mullvad.net/en/help/qubes-os-4-and-mullvad-vpn/
+
+This package is for use with wireguard.
+If you use openvpn, install the 3isec-qubes-openvpn package.
+
+The package creates a qube called MullvadVPN based on the debian-11-minimal
+template.  If the debian-11-minimal template is not present, it will
+be downloaded and installed - this may take some time depending on your
+net connection.
+
+There are changes to the firewall rules on MullvadVPN to ensure
+blocking of outbound connections.
+Only traffic to the Mullvad gateway is allowed.
+
+After installing the package, copy your Mullvad configuration file or
+zip file to MullvadVPN.
+A menu item for "Setup Mullvad VPN" will be created on the main Qubes Menu.
+Run this to set up the VPN.
+When finished, restart MullvadVPN.
+
+To use the VPN, set MullvadVPN as the netvm for your qubes(s).
+All traffic will go through the VPN.
+The VPN will fail closed if the connection drops.
+No traffic will go through clear.
+
+If you remove the package, the salt files will be removed.
+**The MullvadVPN gateway will also be removed.**
+To do this ALL qubes will be checked to see if they use MullvadVPN.
+If they do, their netvm will be set to `none`.
+
+You can, of course, use template-mullvad to create other VPN gateways.
+
+%install
+rm -rf %{buildroot}
+mkdir -p %{buildroot}/srv/salt
+cp -rv %{SOURCE0}/  %{buildroot}/srv/salt
+
+%files
+%defattr(-,root,root,-)
+/srv/salt/mullvad/*
+
+%post
+if [ $1 -eq 1 ]; then
+  qubesctl state.apply mullvad.clone
+  qubesctl --skip-dom0 --targets=template-mullvad state.apply mullvad.install
+  qubesctl state.apply mullvad.create
+  qubesctl --skip-dom0 --targets=MullvadVPN state.apply mullvad.configure
+fi
+
+%postun
+if [ $1 -eq 0 ]; then
+  for i in `qvm-ls -O NAME,NETVM | awk '/ MullvadVPN/{ print $1 }'`;do qvm-prefs $i netvm none; done
+  qvm-kill MullvadVPN
+  qvm-remove --force MullvadVPN template-mullvad 
+fi
+
+%changelog
+* Mon Aug 08 2022 unman <unman@thirdeyesecurity.org> - 1.0
+- First Build