diff --git a/secrets.nix b/secrets.nix
index 367d785..c1098f8 100644
Binary files a/secrets.nix and b/secrets.nix differ
diff --git a/system/desktop/firewall.nix b/system/desktop/firewall.nix
index fd28138..11101a4 100644
--- a/system/desktop/firewall.nix
+++ b/system/desktop/firewall.nix
@@ -1,11 +1,13 @@
-{
+let
+  ips = import ../modules/ips.nix; 
+in {
   # Networking settings
   networking = {
     # Enable firewall
     firewall = {
       allowPing = false;
       extraInputRules = ''
-        ip saddr 10.0.0.2 accept comment "Accept Server Connections"
+        ip saddr { ${ips.server}, ${ips.wgSpan}.1 } accept comment "Accept Server"
       '';
     };
   };
diff --git a/system/desktop/wireguard.nix b/system/desktop/wireguard.nix
new file mode 100644
index 0000000..67d9809
--- /dev/null
+++ b/system/desktop/wireguard.nix
@@ -0,0 +1,23 @@
+{outputs, ...}: let
+  ips = import ../modules/ips.nix;
+in {
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+  };
+
+  networking.wireguard.interfaces = {
+    "${ips.wgInt}" = {
+      # Define IP of client in per device config
+      listenPort = 51820;
+      privateKey = outputs.secrets.wgClientPriv;
+      peers = [
+        { # 0.0.0.0 makes wg act like a traditional VPN
+          publicKey = outputs.secrets.wgServerPub;
+          allowedIPs = [ "0.0.0.0/0" ];
+          endpoint = "mc.${outputs.secrets.jimDomain}:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+}
diff --git a/system/pinebook.nix b/system/pinebook.nix
index acd76f1..c321732 100644
--- a/system/pinebook.nix
+++ b/system/pinebook.nix
@@ -36,11 +36,14 @@
     ./services/mpd.nix
   ];
 
+  # Set hostname
+  networking.hostName = "JimPine";
+
   # Disable 32 bit graphics
   hardware.opengl.driSupport32Bit = lib.mkForce false;
 
-  # Set hostname
-  networking.hostName = "JimPine";
+  # Set the VPN IP per machine
+  networking.wireguard.interfaces."${ips.wgInt}".ips = [ "${ips.wgSpan}.17/24" ];
 
   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
   system.stateVersion = "24.05";
diff --git a/system/server/wireguard.nix b/system/server/wireguard.nix
index 9155f51..670490c 100644
--- a/system/server/wireguard.nix
+++ b/system/server/wireguard.nix
@@ -14,21 +14,23 @@ in {
   networking.wireguard = {
     enable = true;
     interfaces = {
-      # Wireguard interface name can be arbitrary
-      wg0 = {
-        # Determines the IP and subnet of the tunnel interface
+      "${ips.wgInt}" = {
         ips = [ "${ips.wgSpan}.1/24" ];
         listenPort = 51820;
-	privateKey = outputs.secrets.wireguardPriv;
+	privateKey = outputs.secrets.wgServerPriv;
         peers = [
           { # Jimbo Pixel 9
-            publicKey = outputs.secrets.wirePixel9Pub;
+            publicKey = outputs.secrets.wgPixel9Pub;
             allowedIPs = [ "${ips.wgSpan}.2/32" ];
           }
           { # Oracle VM
-            publicKey = outputs.secrets.wireOraclePub;
+            publicKey = outputs.secrets.wgOraclePub;
             allowedIPs = [ "${ips.wgSpan}.3/32" ];
           }
+          { # General Nix
+            publicKey = outputs.secrets.wgClientPub;
+            allowedIPs = [ "${ips.wgSpan}.16/28" ];
+          }
         ];
       };
     };