diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index 9e38b1a..28f2edc 100755
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -46,9 +46,7 @@ in
             virtualHosts = {
               "${configHelpers.host}" = {
                 extraConfig = ''
-                  @allowed_ips {
-                    remote_ip 10.100.0.2
-                  }
+                  @not_allowed not remote_ip 10.100.0.2
                   respond @not_allowed 403
 
                   redir /.well-known/carddav /remote.php/dav/ 301
diff --git a/systems/mars/config/wireguard.nix b/systems/mars/config/wireguard.nix
old mode 100644
new mode 100755
index 4953ca3..b0d279b
--- a/systems/mars/config/wireguard.nix
+++ b/systems/mars/config/wireguard.nix
@@ -8,12 +8,15 @@ in
   networking = {
     wg-quick.interfaces = {
       wg0 = {
-        address = [ mars.wireguard.ip0 ];
+        address = [ "${mars.wireguard.ip0}/24" ];
         privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
         peers = [
           {
             publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
-            allowedIPs = [ "${web.localhost.address1}/0" ];
+            allowedIPs = [
+              "10.100.0.0/24"
+              "192.168.1.0/24"
+            ];
             endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port0}";
             persistentKeepalive = 25;
           }