diff --git a/modules/config/instances/config/web.nix b/modules/config/instances/config/web.nix
index 590f58b..4f8a1c9 100755
--- a/modules/config/instances/config/web.nix
+++ b/modules/config/instances/config/web.nix
@@ -22,6 +22,7 @@ in
     address1 = "0.0.0.0"; # All
     address2 = "192.168.50.1"; # Router
     address3 = "192.168.50.0"; # Router
+    address4 = "192.168.1.0"; # Router
   };
   remotehost = {
     address0 = "24.76.173.0";
diff --git a/modules/config/instances/config/wireGuard.nix b/modules/config/instances/config/wireGuard.nix
index 4a8ed16..d8b6be0 100755
--- a/modules/config/instances/config/wireGuard.nix
+++ b/modules/config/instances/config/wireGuard.nix
@@ -14,6 +14,7 @@ in
     path0 = "${sopsPath}/${name}";
   };
   ports = {
-    port0 = 51821;
+    port0 = 53;
+    port1 = 51821;
   };
 }
diff --git a/modules/home/cli/utilities/dig/default.nix b/modules/home/cli/utilities/dig/default.nix
new file mode 100644
index 0000000..2f9ca19
--- /dev/null
+++ b/modules/home/cli/utilities/dig/default.nix
@@ -0,0 +1,11 @@
+{
+  pkgs,
+  ...
+}:
+{
+  home.packages = builtins.attrValues {
+    inherit (pkgs)
+      dig
+      ;
+  };
+}
diff --git a/modules/home/cli/utilities/ipTables/default.nix b/modules/home/cli/utilities/ipTables/default.nix
new file mode 100644
index 0000000..a637517
--- /dev/null
+++ b/modules/home/cli/utilities/ipTables/default.nix
@@ -0,0 +1,11 @@
+{
+  pkgs,
+  ...
+}:
+{
+  home.packages = builtins.attrValues {
+    inherit (pkgs)
+      iptables
+      ;
+  };
+}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 27be9b5..9f10bcb 100755
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -18,7 +18,6 @@ in
           wayland
           searx
           flatpak
-          wireGuard
           ;
       };
     };
@@ -33,7 +32,6 @@ in
           sddm
           flatpak
           espanso
-          wireGuard
           glance
           ;
       };
@@ -44,7 +42,6 @@ in
         inherit (modules)
           plasma
           sddm
-          wireGuard
           ;
       };
     };
@@ -70,15 +67,6 @@ in
       };
     };
 
-    mantle = {
-      imports = builtins.attrValues {
-        inherit (modules)
-          sops
-          xserver
-          ;
-      };
-    };
-
     crust = {
       imports = builtins.attrValues {
         inherit (modules)
@@ -88,6 +76,15 @@ in
       };
     };
 
+    mantle = {
+      imports = builtins.attrValues {
+        inherit (modules)
+          sops
+          xserver
+          ;
+      };
+    };
+
     core = {
       imports = builtins.attrValues {
         inherit (modules)
diff --git a/modules/nixos/services/searx/config/engines.nix b/modules/nixos/services/searx/config/engines.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/general.nix b/modules/nixos/services/searx/config/general.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/outgoing.nix b/modules/nixos/services/searx/config/outgoing.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/plugins.nix b/modules/nixos/services/searx/config/plugins.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/search.nix b/modules/nixos/services/searx/config/search.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/server.nix b/modules/nixos/services/searx/config/server.nix
old mode 100644
new mode 100755
index b8fbb7d..9ed9cc8
--- a/modules/nixos/services/searx/config/server.nix
+++ b/modules/nixos/services/searx/config/server.nix
@@ -9,7 +9,8 @@ let
 in
 {
   port = configHelpers.service.ports.port0;
-  bind_address = ceres.wireguard.ip0;
+  bind_address =
+    if configHelpers.hostname == ceres.name then ceres.wireguard.ip0 else configHelpers.localhost;
   secret_key = config.sops.secrets.searx-key.path;
   limiter = false;
   public_instance = false;
diff --git a/modules/nixos/services/searx/config/ui.nix b/modules/nixos/services/searx/config/ui.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index c6ad71b..2f2cbeb 100755
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -5,7 +5,7 @@
   ...
 }:
 let
-  inherit (flake.config.machines.devices) ceres;
+  inherit (flake.config.machines.devices) ceres mars;
   inherit (flake.config.services.instances) searx web;
   configHelpers = {
     service = searx;
@@ -47,8 +47,9 @@ in
               "${configHelpers.host}" = {
                 extraConfig = ''
                   @allowed_ips {
-                    remote_ip 10.100.0.2
+                    remote_ip ${mars.wireguard.ip0}
                   }
+
                   handle @allowed_ips {
                     redir /.well-known/carddav /remote.php/dav/ 301
                     redir /.well-known/caldav /remote.php/dav/ 301
diff --git a/systems/ceres/config/wireguard.nix b/systems/ceres/config/wireguard.nix
old mode 100644
new mode 100755
index 8547055..466ebf5
--- a/systems/ceres/config/wireguard.nix
+++ b/systems/ceres/config/wireguard.nix
@@ -1,20 +1,21 @@
 { config, flake, ... }:
 let
-  inherit (flake.config.services.instances) wireGuard web;
+  inherit (flake.config.services.instances) wireGuard searx;
   inherit (flake.config.machines.devices) mars ceres;
   service = wireGuard;
 in
 {
   networking = {
     firewall = {
-      allowedUDPPorts = [
-        53
+      allowedTCPPorts = [
         service.ports.port0
       ];
+      allowedUDPPorts = [
+        service.ports.port0
+        service.ports.port1
+      ];
       interfaces.wg0.allowedTCPPorts = [
-        80
-        443
-        8080
+        searx.ports.port0
       ];
     };
 
@@ -28,7 +29,7 @@ in
     wireguard.interfaces = {
       wg0 = {
         ips = [ "${ceres.wireguard.ip0}/24" ];
-        listenPort = service.ports.port0;
+        listenPort = service.ports.port1;
         privateKeyFile = config.sops.secrets."${service.name}-private".path;
         peers = [
           {
diff --git a/systems/mars/config/wireguard.nix b/systems/mars/config/wireguard.nix
index b0d279b..74df4bc 100755
--- a/systems/mars/config/wireguard.nix
+++ b/systems/mars/config/wireguard.nix
@@ -1,23 +1,27 @@
 { config, flake, ... }:
 let
   inherit (flake.config.services.instances) wireGuard web;
-  inherit (flake.config.machines.devices) mars;
+  inherit (flake.config.services) instances;
+  inherit (flake.config.machines.devices) ceres mars;
   service = wireGuard;
 in
 {
   networking = {
-    wg-quick.interfaces = {
+    hosts = {
+      ${ceres.wireguard.ip0} = [ instances.searx.domains.url0 ];
+    };
+    wireguard.interfaces = {
       wg0 = {
-        address = [ "${mars.wireguard.ip0}/24" ];
+        ips = [ "${mars.wireguard.ip0}/32" ];
         privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
         peers = [
           {
             publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
             allowedIPs = [
-              "10.100.0.0/24"
-              "192.168.1.0/24"
+              "${ceres.wireguard.ip0}/32"
+              "${web.localhost.address4}/24"
             ];
-            endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port0}";
+            endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
             persistentKeepalive = 25;
           }
         ];