diff --git a/modules/config/instances/config/web.nix b/modules/config/instances/config/web.nix
index 4f8a1c9..590f58b 100755
--- a/modules/config/instances/config/web.nix
+++ b/modules/config/instances/config/web.nix
@@ -22,7 +22,6 @@ in
     address1 = "0.0.0.0"; # All
     address2 = "192.168.50.1"; # Router
     address3 = "192.168.50.0"; # Router
-    address4 = "192.168.1.0"; # Router
   };
   remotehost = {
     address0 = "24.76.173.0";
diff --git a/modules/config/instances/config/wireGuard.nix b/modules/config/instances/config/wireGuard.nix
index d8b6be0..4a8ed16 100755
--- a/modules/config/instances/config/wireGuard.nix
+++ b/modules/config/instances/config/wireGuard.nix
@@ -14,7 +14,6 @@ in
     path0 = "${sopsPath}/${name}";
   };
   ports = {
-    port0 = 53;
-    port1 = 51821;
+    port0 = 51821;
   };
 }
diff --git a/modules/home/cli/utilities/dig/default.nix b/modules/home/cli/utilities/dig/default.nix
deleted file mode 100644
index 2f9ca19..0000000
--- a/modules/home/cli/utilities/dig/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  pkgs,
-  ...
-}:
-{
-  home.packages = builtins.attrValues {
-    inherit (pkgs)
-      dig
-      ;
-  };
-}
diff --git a/modules/home/cli/utilities/ipTables/default.nix b/modules/home/cli/utilities/ipTables/default.nix
deleted file mode 100644
index a637517..0000000
--- a/modules/home/cli/utilities/ipTables/default.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  pkgs,
-  ...
-}:
-{
-  home.packages = builtins.attrValues {
-    inherit (pkgs)
-      iptables
-      ;
-  };
-}
diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 9f10bcb..27be9b5 100755
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -18,6 +18,7 @@ in
           wayland
           searx
           flatpak
+          wireGuard
           ;
       };
     };
@@ -32,6 +33,7 @@ in
           sddm
           flatpak
           espanso
+          wireGuard
           glance
           ;
       };
@@ -42,6 +44,7 @@ in
         inherit (modules)
           plasma
           sddm
+          wireGuard
           ;
       };
     };
@@ -67,15 +70,6 @@ in
       };
     };
 
-    crust = {
-      imports = builtins.attrValues {
-        inherit (modules)
-          hardware
-          programs
-          ;
-      };
-    };
-
     mantle = {
       imports = builtins.attrValues {
         inherit (modules)
@@ -85,6 +79,15 @@ in
       };
     };
 
+    crust = {
+      imports = builtins.attrValues {
+        inherit (modules)
+          hardware
+          programs
+          ;
+      };
+    };
+
     core = {
       imports = builtins.attrValues {
         inherit (modules)
diff --git a/modules/nixos/services/searx/config/engines.nix b/modules/nixos/services/searx/config/engines.nix
old mode 100755
new mode 100644
diff --git a/modules/nixos/services/searx/config/general.nix b/modules/nixos/services/searx/config/general.nix
old mode 100755
new mode 100644
diff --git a/modules/nixos/services/searx/config/outgoing.nix b/modules/nixos/services/searx/config/outgoing.nix
old mode 100755
new mode 100644
diff --git a/modules/nixos/services/searx/config/plugins.nix b/modules/nixos/services/searx/config/plugins.nix
old mode 100755
new mode 100644
diff --git a/modules/nixos/services/searx/config/search.nix b/modules/nixos/services/searx/config/search.nix
old mode 100755
new mode 100644
diff --git a/modules/nixos/services/searx/config/server.nix b/modules/nixos/services/searx/config/server.nix
old mode 100755
new mode 100644
index 9ed9cc8..b8fbb7d
--- a/modules/nixos/services/searx/config/server.nix
+++ b/modules/nixos/services/searx/config/server.nix
@@ -9,8 +9,7 @@ let
 in
 {
   port = configHelpers.service.ports.port0;
-  bind_address =
-    if configHelpers.hostname == ceres.name then ceres.wireguard.ip0 else configHelpers.localhost;
+  bind_address = ceres.wireguard.ip0;
   secret_key = config.sops.secrets.searx-key.path;
   limiter = false;
   public_instance = false;
diff --git a/modules/nixos/services/searx/config/ui.nix b/modules/nixos/services/searx/config/ui.nix
old mode 100755
new mode 100644
diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index 2f2cbeb..c6ad71b 100755
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -5,7 +5,7 @@
   ...
 }:
 let
-  inherit (flake.config.machines.devices) ceres mars;
+  inherit (flake.config.machines.devices) ceres;
   inherit (flake.config.services.instances) searx web;
   configHelpers = {
     service = searx;
@@ -47,9 +47,8 @@ in
               "${configHelpers.host}" = {
                 extraConfig = ''
                   @allowed_ips {
-                    remote_ip ${mars.wireguard.ip0}
+                    remote_ip 10.100.0.2
                   }
-
                   handle @allowed_ips {
                     redir /.well-known/carddav /remote.php/dav/ 301
                     redir /.well-known/caldav /remote.php/dav/ 301
diff --git a/systems/ceres/config/wireguard.nix b/systems/ceres/config/wireguard.nix
old mode 100755
new mode 100644
index 466ebf5..8547055
--- a/systems/ceres/config/wireguard.nix
+++ b/systems/ceres/config/wireguard.nix
@@ -1,21 +1,20 @@
 { config, flake, ... }:
 let
-  inherit (flake.config.services.instances) wireGuard searx;
+  inherit (flake.config.services.instances) wireGuard web;
   inherit (flake.config.machines.devices) mars ceres;
   service = wireGuard;
 in
 {
   networking = {
     firewall = {
-      allowedTCPPorts = [
-        service.ports.port0
-      ];
       allowedUDPPorts = [
+        53
         service.ports.port0
-        service.ports.port1
       ];
       interfaces.wg0.allowedTCPPorts = [
-        searx.ports.port0
+        80
+        443
+        8080
       ];
     };
 
@@ -29,7 +28,7 @@ in
     wireguard.interfaces = {
       wg0 = {
         ips = [ "${ceres.wireguard.ip0}/24" ];
-        listenPort = service.ports.port1;
+        listenPort = service.ports.port0;
         privateKeyFile = config.sops.secrets."${service.name}-private".path;
         peers = [
           {
diff --git a/systems/mars/config/wireguard.nix b/systems/mars/config/wireguard.nix
index 74df4bc..b0d279b 100755
--- a/systems/mars/config/wireguard.nix
+++ b/systems/mars/config/wireguard.nix
@@ -1,27 +1,23 @@
 { config, flake, ... }:
 let
   inherit (flake.config.services.instances) wireGuard web;
-  inherit (flake.config.services) instances;
-  inherit (flake.config.machines.devices) ceres mars;
+  inherit (flake.config.machines.devices) mars;
   service = wireGuard;
 in
 {
   networking = {
-    hosts = {
-      ${ceres.wireguard.ip0} = [ instances.searx.domains.url0 ];
-    };
-    wireguard.interfaces = {
+    wg-quick.interfaces = {
       wg0 = {
-        ips = [ "${mars.wireguard.ip0}/32" ];
+        address = [ "${mars.wireguard.ip0}/24" ];
         privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
         peers = [
           {
             publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
             allowedIPs = [
-              "${ceres.wireguard.ip0}/32"
-              "${web.localhost.address4}/24"
+              "10.100.0.0/24"
+              "192.168.1.0/24"
             ];
-            endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
+            endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port0}";
             persistentKeepalive = 25;
           }
         ];