diff --git a/modules/profiles/base.nix b/modules/profiles/base.nix
index d26bb4a..e2f9e42 100644
--- a/modules/profiles/base.nix
+++ b/modules/profiles/base.nix
@@ -10,6 +10,9 @@
   nix.package = config.pkgsInstances.unstable.lix;
   environment.variables.EDITOR = "nvim";
 
+  #initialize mesh vpn secret
+  lyn.sops.secrets."all/meshnetwork/gossip_secret" = {};
+
   # TODO
   time.timeZone = "Europe/Berlin";
 
diff --git a/modules/services/wgautomesh.nix b/modules/services/wgautomesh.nix
index 1c13fb6..63936dc 100644
--- a/modules/services/wgautomesh.nix
+++ b/modules/services/wgautomesh.nix
@@ -9,7 +9,6 @@
 
   # decrypt gossip secret
   # change this to comply with you secret management
-  ${prefix}.sops.secrets."all/meshnetwork/gossip_secret" = {};
   gossip_secret_path = config.sops.secrets."all/meshnetwork/gossip_secret".path;
 
   # function to make a peerlist suitable for wgautomesh
@@ -17,7 +16,7 @@
     #filter out hosts that have wg.enabled set to false
     wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts;
     #filter out hosts that don't support IP{$version}
-    filteredHosts = lib.filterAttrs (_: host: host.${version}.public != "") wgEnabledHosts;
+    filteredHosts = lib.filterAttrs (_: host: host.${version} != null) wgEnabledHosts;
   in
     lib.mapAttrsToList (name: host: {
       pubkey = host.wg.pubkey;