diff --git a/hetzner-vpn1.nix b/hetzner-vpn1.nix
index d16db0f..b362a87 100644
--- a/hetzner-vpn1.nix
+++ b/hetzner-vpn1.nix
@@ -1,4 +1,6 @@
-{pkgs, ...}: {
+{pkgs, ...}: let
+  wg_port = 51820;
+in {
   imports = [
     (import ./modules {
       hostName = "hetzner-vpn1";
@@ -27,17 +29,17 @@
     networking.nat.externalInterface = "eth0";
     networking.nat.internalInterfaces = ["wg0"];
     networking.firewall = {
-      allowedUDPPorts = [51820];
+      allowedUDPPorts = [wg_port];
     };
 
     networking.wireguard.interfaces = {
       # "wg0" is the network interface name. You can name the interface arbitrarily.
       wg0 = {
         # Determines the IP address and subnet of the server's end of the tunnel interface.
-        ips = ["10.100.0.1/24"];
+        ips = ["10.100.0.1/32"];
 
         # The port that WireGuard listens to. Must be accessible by the client.
-        listenPort = 51820;
+        listenPort = wg_port;
 
         # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
         # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
@@ -59,7 +61,13 @@
             # Phone
             publicKey = "/sjNk9rXaMdrCHD2kmut1AXD1UhF1xcZ4ju+EmFGcCk=";
             # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-            #allowedIPs = ["10.100.0.2/32"];
+            allowedIPs = ["10.100.0.2/32"];
+          }
+          {
+            # vinzenz-lpt
+            publicKey = "D/6431f8oJ61C5vjjEIpY5Rc750oK4yVh9B/32q4xAE=";
+            # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
+            allowedIPs = ["10.100.0.3/32"];
           }
         ];
       };