diff --git a/modules/nixos/services/searx/config/server.nix b/modules/nixos/services/searx/config/server.nix
index b8fbb7d..9ed9cc8 100755
--- a/modules/nixos/services/searx/config/server.nix
+++ b/modules/nixos/services/searx/config/server.nix
@@ -9,7 +9,8 @@ let
 in
 {
   port = configHelpers.service.ports.port0;
-  bind_address = ceres.wireguard.ip0;
+  bind_address =
+    if configHelpers.hostname == ceres.name then ceres.wireguard.ip0 else configHelpers.localhost;
   secret_key = config.sops.secrets.searx-key.path;
   limiter = false;
   public_instance = false;
diff --git a/systems/ceres/config/wireguard.nix b/systems/ceres/config/wireguard.nix
index 5f5f689..948588f 100755
--- a/systems/ceres/config/wireguard.nix
+++ b/systems/ceres/config/wireguard.nix
@@ -28,7 +28,7 @@ in
 
     wireguard.interfaces = {
       wg0 = {
-        ips = [ "${ceres.wireguard.ip0}/24" ];
+        ips = [ "${ceres.wireguard.ip0}/32" ];
         listenPort = service.ports.port1;
         privateKeyFile = config.sops.secrets."${service.name}-private".path;
         peers = [
diff --git a/systems/mars/config/wireguard.nix b/systems/mars/config/wireguard.nix
index 847f3bf..c3bb1fa 100755
--- a/systems/mars/config/wireguard.nix
+++ b/systems/mars/config/wireguard.nix
@@ -6,21 +6,22 @@ let
 in
 {
   networking = {
-    wireguard.interfaces.wg0 = {
-      ips = [ "${mars.wireguard.ip0}/24" ];
-      privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
-      peers = [
-        {
-          publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
-          allowedIPs = [
-            "10.100.0.0/24"
-            "${ceres.wireguard.ip0}/24"
-            "192.168.1.0/24"
-          ];
-          endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
-          persistentKeepalive = 25;
-        }
-      ];
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "${mars.wireguard.ip0}/32" ];
+        privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
+        peers = [
+          {
+            publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
+            allowedIPs = [
+              "${ceres.wireguard.ip0}/32"
+              "192.168.1.0/24"
+            ];
+            endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
     };
   };