diff --git a/hosts/router/firewall.nix b/hosts/router/firewall.nix
index a721135..e26ef8c 100644
--- a/hosts/router/firewall.nix
+++ b/hosts/router/firewall.nix
@@ -13,7 +13,7 @@ let
         ${ifs.lan30.name},
         ${ifs.lan40.name},
         ${ifs.lan50.name},
-        wg0,
+        ${ifs.wg0.name},
     }
     define OPNSENSE_NET6 = ${vars.extra.opnsense.net6}
     define ZONE_LAN_EXTRA_NET6 = {
diff --git a/hosts/router/ifconfig.nix b/hosts/router/ifconfig.nix
index d479a7d..792dc0b 100644
--- a/hosts/router/ifconfig.nix
+++ b/hosts/router/ifconfig.nix
@@ -83,7 +83,7 @@ in
       ia_pd 30/${ifs.lan30.net6} -
       ia_pd 40/${ifs.lan40.net6} -
       ia_pd 50/${ifs.lan50.net6} -
-      # ia_pd 7 -
+      ia_pd 100/${pdFromWan}8::/64 -  # for vpn stuff
       # ia_pd 8 -
 
       # the leases can be assigned to the interfaces,
diff --git a/hosts/router/vars.nix b/hosts/router/vars.nix
index 50a0718..302714a 100644
--- a/hosts/router/vars.nix
+++ b/hosts/router/vars.nix
@@ -5,8 +5,11 @@ let
     name_,
     domain_,
     p4_,  # /24
+    p4Size_ ? 24,
     p6_,  # /64
+    p6Size_ ? 64,
     ulaPrefix_,  # /64
+    ulaSize_ ? 64,
     token? 1,
     ip6Token_? "::${toString token}",
     ulaToken_? "::${toString token}",
@@ -14,18 +17,18 @@ let
       name = name_;
       domain = domain_;
       p4 = p4_;
-      p4Size = 24;
+      p4Size = p4Size_;
       net4 = "${p4}.0/${toString p4Size}";
       addr4 = "${p4}.${toString token}";
       addr4Sized = "${addr4}/${toString p4Size}";
       p6 = p6_;
-      p6Size = 64;
+      p6Size = p6Size_;
       net6 = "${p6}::/${toString p6Size}";
       ip6Token = ip6Token_;
       addr6 = "${p6}${ip6Token}";
       addr6Sized = "${addr6}/${toString p6Size}";
       ulaPrefix = ulaPrefix_;
-      ulaSize = 64;
+      ulaSize = ulaSize_;
       ulaNet = "${ulaPrefix}::/${toString ulaSize}";
       ulaToken = ulaToken_;
       ulaAddr = "${ulaPrefix}${ulaToken}";
@@ -97,17 +100,14 @@ rec {
       p6_ = "${pdFromWan}a";             # ::/64
       ulaPrefix_ = "${ulaPrefix}:0050";  # ::/64
     };
-  };
-
-  wg = {
-    wg0 = rec {
-      name = "wg0";
-      p4 = "10.18.16";  # .0/24
-      addr4 = "${p4}.1";
-      addr4Sized = "${addr4}/24";
-      p6 = "${pdFromWan}f::6";  # :0:0/96
-      addr6 = "${p6}:0:1";
-      addr6Sized = "${addr6}/96";
+    wg0 = mkIfConfig {
+      name_ = "wg0";
+      domain_ = "wg0.${ldomain}";
+      p4_ = "10.18.16";  # .0/24
+      p6_ = "${pdFromWan}8:0:6";  # ::/96
+      p6Size_ = 96;
+      ulaPrefix_ = "${ulaPrefix}:0100:0:6";  # ::/96
+      ulaSize_ = 96;
     };
   };
 
diff --git a/hosts/router/wireguard.nix b/hosts/router/wireguard.nix
index 00282be..c98a3b8 100644
--- a/hosts/router/wireguard.nix
+++ b/hosts/router/wireguard.nix
@@ -1,11 +1,23 @@
 { config, lib, pkgs, ... }:
 let
   vars = import ./vars.nix;
-  wg0 = vars.wg.wg0;
+  wg0 = vars.ifs.wg0;
+
+  peerIps = ifObj: token: [
+    "${ifObj.p4}.${toString token}/32"
+    "${ifObj.p6}:${toString token}:0/112"
+    "${ifObj.ulaPrefix}:${toString token}:0/112"
+  ];
+
+  mkWg0Peer = token: publickey: {
+    allowedIPs = peerIps wg0 token;
+    inherit publickey;
+    pskEnabled = true;
+  };
 
   wg0Peers = {
     "Yura-TPX13" = {
-      allowedIPs = [ "${wg0.p4}.3/32" "${wg0.p6}:3:0/112" ];
+      allowedIPs = peerIps wg0 3;
       publicKey = "iJa5JmJbMHNlbEluNwoB2Q8LyrPAfb7S/mluanMcI08=";
       pskEnabled = true;
     };
@@ -60,7 +72,7 @@ in
       networkConfig = {
         IPv4Forwarding = true;
         IPv6SendRA = false;
-        Address = [ wg0.addr4Sized wg0.addr6Sized ];
+        Address = [ wg0.addr4Sized wg0.addr6Sized wg0.ulaAddrSized ];
       };
     };
   };