diff --git a/hosts/network.nix b/hosts/network.nix
index 8d9d90e..979d11c 100644
--- a/hosts/network.nix
+++ b/hosts/network.nix
@@ -126,7 +126,9 @@ in {
       };
     };
   };
-  ${prefix}.network = {
-    inherit hosts wg_subnets;
+  config = {
+    ${prefix}.network = {
+      inherit hosts wg_subnets;
+    };
   };
 }
diff --git a/modules/services/wgautomesh.nix b/modules/services/wgautomesh.nix
index c7cd936..3bb154f 100644
--- a/modules/services/wgautomesh.nix
+++ b/modules/services/wgautomesh.nix
@@ -35,24 +35,26 @@ in {
     description = "Whether to use IPv6. Defaults to true";
     default = true;
   };
-  networking.wireguard.interfaces.wg0 = {
-    ips =
-      if cfg.useIPv6
-      then ["${meshnetwork.wg_subnets.IPv6}"]
-      else ["${meshnetwork.wg_subnets.IPv4}"];
-    listenPort = cfg.wireguardPort;
-    privateKeyFile = "/var/lib/wireguard-keys/private";
-    mtu = 1420;
-  };
-  services.wgautomesh = {
-    enable = true;
-    services.wgautomesh.settings = {
-      interface = "wg0";
-      peers =
+  config = {
+    networking.wireguard.interfaces.wg0 = {
+      ips =
         if cfg.useIPv6
-        then buildPeerlist "v6" meshnetwork.hosts
-        else buildPeerlist "v4" meshnetwork.hosts;
-      upnp_forward_external_port = wireguardPort;
+        then ["${meshnetwork.wg_subnets.IPv6}"]
+        else ["${meshnetwork.wg_subnets.IPv4}"];
+      listenPort = cfg.wireguardPort;
+      privateKeyFile = "/var/lib/wireguard-keys/private";
+      mtu = 1420;
+    };
+    services.wgautomesh = {
+      enable = true;
+      services.wgautomesh.settings = {
+        interface = "wg0";
+        peers =
+          if cfg.useIPv6
+          then buildPeerlist "v6" meshnetwork.hosts
+          else buildPeerlist "v4" meshnetwork.hosts;
+        upnp_forward_external_port = wireguardPort;
+      };
     };
   };
 }