diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix
index 3498660..5ad992f 100644
--- a/modules/system/wireguard.nix
+++ b/modules/system/wireguard.nix
@@ -1,13 +1,10 @@
 { config, lib, pkgs, ... }:
 let
-  serverName = "fondue";
-  serverInterface = "enp2s1";
+  port = 51820;
+  serverName = "sugarcane";
+  serverInterface = "ens3";
 
   clients = {
-    apricot = {
-      publicKey = "CpQJxoDeWJr7DdhbIO09svCxP7tuG2vUwRM8U4io5ms=";
-      allowedIPs = [ "10.100.0.2/32" ];
-    };
     blossom = {
       publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo=";
       allowedIPs = [ "10.100.0.3/32" ];
@@ -20,9 +17,9 @@ let
 
   clientPeers = builtins.attrValues clients;
   serverPeer = {
-    publicKey = "GwUO/hU/CrrmfYazqrXuAiP4kFB3ZoaMXf13N12X2SY=";
-    allowedIPs = [ "10.100.0.0/24" ];
-    endpoint = "fondue.lava.moe:20100";
+    publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0=";
+    allowedIPs = [ "0.0.0.0/0" ];
+    endpoint = "sugarcane.lava.moe:${toString port}";
     persistentKeepalive = 25;
   };
 
@@ -32,10 +29,13 @@ let
       externalInterface = serverInterface;
       internalInterfaces = [ "wg0" ];
     };
+    firewall = {
+      allowedUDPPorts = [ port ];
+    };
 
     wireguard.interfaces.wg0 = {
       ips = [ "10.100.0.1/24" ];
-      listenPort = 20100;
+      listenPort = port;
 
       postSetup = ''
         ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
@@ -52,7 +52,7 @@ let
   clientConfig = {
     wireguard.interfaces.wg0 = {
       ips = clients."${config.networking.hostName}".allowedIPs;
-      listenPort = 20100;
+      listenPort = port;
 
       privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path;
       peers = [ serverPeer ];