diff --git a/nix/common.nix b/nix/common.nix
index 63fabdd..9f0bb62 100644
--- a/nix/common.nix
+++ b/nix/common.nix
@@ -8,6 +8,7 @@
 }:
 {
   imports = [
+    (if mkkArg.isDecrypted then ./variables-private.nix else {})
 # * NIX & NIXPKGS
     {
       nixpkgs.config = {
@@ -186,38 +187,32 @@
       ];
     }
 # * Args
+    {
+      options.konfig = lib.mkOption { default = { }; };
+      config = {
+        konfig = {
+          unstable = mkkArg.unstable;
+          stable = mkkArg.stable;
+          current = mkkArg.current;
+          nixerusPkgs =
+            (import mkkArg.current.nixerus { inherit pkgs; })
+            // (
+              if (pkgs.system == "x86_64-linux") then
+                {
+                  i686Linux = import mkkArg.current.nixerus { pkgs = pkgs.pkgsi686Linux; };
+                }
+              else
+                { }
+            );
 
-    (
-      let
-       
-
-      in
-      {
-        options.konfig = lib.mkOption { default = { }; }; 
-        config = {
-          konfig = {
-            unstable = mkkArg.unstable;
-            stable = mkkArg.stable;
-            current = mkkArg.current;
-            nixerusPkgs =
-              (import mkkArg.current.nixerus { inherit pkgs; })
-              // (
-                if (pkgs.system == "x86_64-linux") then
-                  {
-                    i686Linux = import mkkArg.current.nixerus { pkgs = pkgs.pkgsi686Linux; };
-                  }
-                else
-                  { }
-              );
-
-            arg = mkkArg;
-            rootFlake = (builtins.getFlake mkkArg.configRootPath);
-            vars = lib.mkDefault { };
-          };
-          _module.args.konfig = config.konfig;
+          arg = mkkArg;
+          rootFlake = (builtins.getFlake mkkArg.configRootPath);
+          vars = { };
         };
-      }
-    )
+        _module.args.konfig = config.konfig;
+      };
+    }
+
 # * common.nix END
   ];
 
diff --git a/nix/default.nix b/nix/default.nix
index 703869b..747bc14 100644
--- a/nix/default.nix
+++ b/nix/default.nix
@@ -44,9 +44,8 @@ in
               mkkArg
               // {
                 current = (if isStable then stable else unstable);
-              }
-              // {
                 isDecrypted = (isDecrypted (if isStable then stable else unstable).nixpkgs system);
+                isStable = isStable;
               }
               // extraArgs;
           };
diff --git a/nix/hosts/materusPC.nix b/nix/hosts/materusPC.nix
index 2c3437e..11e1754 100644
--- a/nix/hosts/materusPC.nix
+++ b/nix/hosts/materusPC.nix
@@ -18,6 +18,25 @@
 # ** Network
     {
       networking.hostName = "materusPC";
+      networking.useDHCP = lib.mkDefault true;
+      networking.wireless.iwd.enable = true;
+      networking.networkmanager.enable = true;
+      #networking.networkmanager.wifi.backend = "iwd";
+      networking.firewall.enable = true;
+
+      networking.firewall = {
+        logReversePathDrops = false;
+        # wireguard trips rpfilter up
+        extraCommands = ''
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+          ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
+        '';
+        extraStopCommands = ''
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+          ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
+        '';
+      };
+
     }
 # ** Hardware
 # *** Filesystems
diff --git a/nix/variables-private.nix b/nix/variables-private.nix
new file mode 100644
index 0000000..95a556e
Binary files /dev/null and b/nix/variables-private.nix differ