diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix
index ea8cac3..72ad6bd 100644
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -19,14 +19,13 @@
   ";
 
   networking.useDHCP = false;
-
   systemd.network.enable = true;
 
-  #services.wg-clerie = {
-  #  enable = true;
-  #  ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
-  #  ipv4s = [ "10.20.30.108/32" ];
-  #};
+  profiles.clerie.wg-clerie = {
+    enable = true;
+    ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
+    ipv4s = [ "10.20.30.108/32" ];
+  };
 
   clerie.monitoring = {
     enable = true;
diff --git a/hosts/beryllium/configuration.nix b/hosts/beryllium/configuration.nix
index 15235da..274d44c 100644
--- a/hosts/beryllium/configuration.nix
+++ b/hosts/beryllium/configuration.nix
@@ -25,40 +25,12 @@
 
   networking.firewall.enable = false;
 
-  #networking.iproute2.enable = true;
-  #networking.iproute2.rttablesExtraConfig = ''
-  #  200 wg-clerie
-  #'';
-
-  #petabyte.policyrouting = {
-  #  enable = true;
-  #  rules6 = [
-  #    { rule = "from 2a01:4f8:c0c:15f1::8107/128 lookup wg-clerie"; prio = 20000; }
-  #    { rule = "from 2a01:4f8:c0c:15f1::8107/128 unreachable"; prio = 20001; }
-  #  ];
-  #  rules4 = [
-  #    { rule = "from 10.20.30.107/32 lookup wg-clerie"; prio = 20000; }
-  #    { rule = "from 10.20.30.107/32 unreachable"; prio = 20001; }
-  #  ];
-  #};
-
-
-  #networking.wireguard.enable = true;
-  #networking.wireguard.interfaces = {
-  #  wg-clerie = {
-  #    ips = [ "2a01:4f8:c0c:15f1::8107/128" "10.20.30.107/32" ];
-  #    table = "wg-clerie";
-  #    peers = [
-  #      {
-  #        endpoint = "vpn.clerie.de:51820";
-  #        persistentKeepalive = 25;
-  #        allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
-  #        publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
-  #      }
-  #    ];
-  #    privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
-  #  };
-  #};
+  profiles.clerie.wg-clerie = {
+    enable = true;
+    ipv6s = [ "2a01:4f8:c0c:15f1::8107/128" ];
+    ipv4s = [ "10.20.30.107/32" ];
+    privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
+  };
 
   clerie.monitoring = {
     enable = true;
diff --git a/hosts/tungsten/configuration.nix b/hosts/tungsten/configuration.nix
index f1028db..2751f57 100644
--- a/hosts/tungsten/configuration.nix
+++ b/hosts/tungsten/configuration.nix
@@ -23,11 +23,11 @@
 
   networking.hostName = "tungsten";
 
-  #services.wg-clerie = {
-  #  enable = true;
-  #  ipv6s = [ "2a01:4f8:c0c:15f1::8112/128" ];
-  #  ipv4s = [ "10.20.30.112/32" ];
-  #};
+  profiles.clerie.wg-clerie = {
+    enable = true;
+    ipv6s = [ "2a01:4f8:c0c:15f1::8112/128" ];
+    ipv4s = [ "10.20.30.112/32" ];
+  };
 
   clerie.monitoring = {
     enable = true;