diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix
index bdb6ffb..662b75d 100644
--- a/modules/wireguard/home.nix
+++ b/modules/wireguard/home.nix
@@ -2,6 +2,7 @@
 let
   serverHostName = "vueko";
   serverPort = 51820;
+  subnet = "10.80.0.0/24";
   peers = {
     hitagi = {
       address = "10.80.0.5";
@@ -41,6 +42,11 @@ in
         visible = false;
         readOnly = true;
       };
+      subnet = lib.mkOption {
+        type = lib.types.str;
+        visible = false;
+        readOnly = true;
+      };
     };
   };
 
@@ -50,7 +56,10 @@ in
       sopsFile = ./../../machines + "/${config.networking.hostName}/secrets.yaml";
     };
 
-    sbruder.wireguard.home.address = peers."${config.networking.hostName}".address;
+    sbruder.wireguard.home = {
+      address = peers."${config.networking.hostName}".address;
+      inherit subnet;
+    };
 
     systemd.network = {
       enable = true;
@@ -83,7 +92,7 @@ in
               {
                 wireguardPeerConfig = {
                   PublicKey = peers."${serverHostName}".publicKey;
-                  AllowedIPs = [ "10.80.0.0/24" ];
+                  AllowedIPs = [ subnet ];
                   #Endpoint = "${serverHostName}.sbruder.de:${toString serverPort}"; # not possible because sadly not all devices have IPv6 connectivity
                   Endpoint = "168.119.176.53:${toString serverPort}";
                   PersistentKeepalive = 25;