diff --git a/hosts/ni/default.nix b/hosts/ni/default.nix
index dc920fb4..512a9b9c 100644
--- a/hosts/ni/default.nix
+++ b/hosts/ni/default.nix
@@ -201,14 +201,16 @@ in
   networking.wg-quick.interfaces.wireguard0 = {
     privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path;
 
+    dns = with wireguardPeers.server; [ IPv4 IPv6 ];
+
     address = with wireguardPeers.desktop; [
-      "${IPv4}/32"
-      "${IPv6}/128"
+      "${IPv4}/24"
+      "${IPv6}/96"
     ];
 
     peers = [
       {
-        publicKey = lib.readFile ../plover/files/wireguard/wireguard-public-key-plover;
+        publicKey = lib.removeSuffix "\n" (lib.readFile ../plover/files/wireguard/wireguard-public-key-plover);
         presharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/plover".path;
         allowedIPs = wireguardAllowedIPs;
         endpoint = "${interfaces.main'.IPv4.address}:${toString wireguardPort}";
diff --git a/hosts/plover/modules/services/wireguard.nix b/hosts/plover/modules/services/wireguard.nix
index 69210cff..ed28700a 100644
--- a/hosts/plover/modules/services/wireguard.nix
+++ b/hosts/plover/modules/services/wireguard.nix
@@ -9,8 +9,8 @@ let
 
   wireguardIFName = "wireguard0";
 
-  desktopPeerAddresses = with wireguardPeers.desktop; [ "${IPv4}/32" "${IPv6}/128" ];
-  phonePeerAddresses = with wireguardPeers.phone; [ "${IPv4}/32" "${IPv6}/128" ];
+  desktopPeerAddresses = with wireguardPeers.desktop; [ "${IPv4}/24" "${IPv6}/96" ];
+  phonePeerAddresses = with wireguardPeers.phone; [ "${IPv4}/24" "${IPv6}/96" ];
 in
 {
   environment.systemPackages = [ pkgs.wireguard-tools ];