diff --git a/hosts/midas/default.nix b/hosts/midas/default.nix
index a229f887..fa37a4b3 100644
--- a/hosts/midas/default.nix
+++ b/hosts/midas/default.nix
@@ -15,14 +15,6 @@
   networking = {
     hostName = "midas";
     hostId = "38ba3f57";
-    vlans.internal = {
-      id=100;
-      interface="enp0s31f6";
-    };
-    interfaces.internal.ipv4.addresses = [{
-      address = "11.0.0.1";
-      prefixLength = 8;
-    }];
   };
 
   system = {
diff --git a/modules/system/services/server/wireguard/client/default.nix b/modules/system/services/server/wireguard/client/default.nix
index 0846d079..2b10cd49 100644
--- a/modules/system/services/server/wireguard/client/default.nix
+++ b/modules/system/services/server/wireguard/client/default.nix
@@ -1,19 +1,14 @@
 { config, lib, ... }:
 {
-  config = lib.mkIf config.services.wireguard.client.enable {
-    networking = {
-      firewall.trustedInterfaces = [ "wgc" ];
-      wg-quick.interfaces.wgc = {
-        privateKey = config.secrets.wg.clientKey;
-        peers = [
-          { # Kitty server
-            publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
-            allowedIPs = [ "10.100.0.0/24" ];
-            endpoint = "sv.nixfox.ca:51820";
-            persistentKeepalive = 25;
-          }
-        ];
-      };
-    };
+  networking.wg-quick.interfaces.wgc = lib.mkIf config.services.wireguard.client.enable {
+    privateKey = config.secrets.wg.clientKey;
+    peers = [
+      { # Home server
+        publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
+        allowedIPs = [ "11.0.0.0/8" ];
+        endpoint = "sv.nixfox.ca:51820";
+        persistentKeepalive = 25;
+      }
+    ];
   };
 }
diff --git a/modules/system/services/server/wireguard/server/default.nix b/modules/system/services/server/wireguard/server/default.nix
index c94d5b86..73870d5d 100644
--- a/modules/system/services/server/wireguard/server/default.nix
+++ b/modules/system/services/server/wireguard/server/default.nix
@@ -1,29 +1,41 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 {
   config = lib.mkIf config.services.wireguard.server.enable {
-    networking = {
-      firewall.allowedUDPPorts = [ 51820 ];
-
-      nat = {
-        enable = true;
-        internalInterfaces = [ "wgs" ];
+    systemd.network = {
+      netdevs = {
+        "50-wg0" = {
+          netdevConfig = {
+            Kind = "wireguard";
+            Name = "wg0";
+            MTUBytes = "1300";
+          };
+          wireguardConfig = {
+            PrivateKeyFile = pkgs.writeText "wgserversecret" config.secrets.wg.serverKey;
+            ListenPort = 51820;
+            RouteTable = "main";
+          };
+          wireguardPeers = [
+            { # NixOS Config Key
+              PublicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
+              AllowedIPs = [ "11.0.0.0/8" ];
+            }
+            { # Pixel 9
+              PublicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
+              AllowedIPs = [ "11.1.0.1/32" ];
+            }
+          ];
+        };
       };
-
-      wireguard.interfaces.wgs = {
-        ips = [ "10.100.0.1/24" ];
-        listenPort = 51820;
-        privateKey = config.secrets.wg.serverKey;
-        peers = [
-          { # NixOS Config Key
-            publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
-            allowedIPs = [ "10.100.0.16/28" ];
-          }
-          { # Pixel 9
-            publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
-            allowedIPs = [ "10.100.0.2/32" ];
-          }
-        ];
+      networks.wg0 = {
+        matchConfig.Name = "wg0";
+        address = [ "11.0.0.1/8" ];
+        networkConfig = {
+          IPMasquerade = "ipv4";
+          IPv4Forwarding = true;
+        };
       };
     };
+
+    networking.firewall.allowedUDPPorts = [ 51820 ];
   };
 }