diff --git a/ansible/assets/bastion/wg0.conf.j2 b/ansible/assets/bastion/wg0.conf.j2
index 0b87907..e92bf2b 100644
--- a/ansible/assets/bastion/wg0.conf.j2
+++ b/ansible/assets/bastion/wg0.conf.j2
@@ -1,7 +1,7 @@
 [Interface]
 Address = {{ wg_interface_ip }}
 ListenPort = 51820
-PrivateKey = {{ wg_private_key}}
+PrivateKey = {{ bastion_wg_private_key}}
 #https://serverfault.com/questions/1162475/iptables-exclude-a-specific-port-from-being-forwarded-to-the-destination
 PostUp = iptables -t nat -N Inbound
 PostUp = iptables -t nat -A PREROUTING -d {{ public_ip }} -j Inbound
diff --git a/ansible/assets/docker-ext/wg0.conf.j2 b/ansible/assets/docker-ext/wg0.conf.j2
index 23a345f..ba65a7d 100644
--- a/ansible/assets/docker-ext/wg0.conf.j2
+++ b/ansible/assets/docker-ext/wg0.conf.j2
@@ -1,8 +1,7 @@
 [Interface]
-PrivateKey = {{ docker_ext_wg_private_key }}
+PrivateKey = {{ homeserver_wg_private_key }}
 Address = 10.11.20.2/24
 ListenPort = 51820
-DNS = 10.11.1.10
 
 [Peer]
 PublicKey = {{ bastion_wg_public_key }}
@@ -10,15 +9,3 @@ AllowedIPs = 0.0.0.0/0
 Endpoint = vps.mycomputer.party:51820
 PersistentKeepalive = 25
 
-#MacBook
-[Peer]
-PublicKey = /A0WduzRrt/LwKmGm6lq/+TS/1gBekU86FSdhvUo82M=
-AllowedIPs = 10.11.20.4
-
-[Peer]
-PublicKey = eEHA7CSOR5nha9w4SCB+tOXcuCxgkxIXtNU3xB7wZn4=
-AllowedIPs = 10.11.20.5/32
-
-[Peer]
-PublicKey = QJmTVggRFs6Df/snbb3Fx3PeFFeaOqy3eUruV0eIXyE=
-AllowedIPs = 10.11.20.6/32
diff --git a/ansible/buildHomelab.yaml b/ansible/buildHomelab.yaml
index 7fd3d5b..7f22831 100644
--- a/ansible/buildHomelab.yaml
+++ b/ansible/buildHomelab.yaml
@@ -94,18 +94,27 @@
     - name: Prune images
       ansible.builtin.shell: docker image prune -f
 
-- name: Local server Wireguard
+- name: Homeserver wireguard
   hosts: 
     - docker-ext
   tags:
     - bastion
   tasks:
-    - name: "Local server Wireguard"
+    - name: "Homeserver Wireguard config"
       ansible.builtin.template:
         src: assets/{{ inventory_hostname }}/wg0.conf.j2
         dest: /etc/wireguard/wg0.conf
         backup: true
 
+
+- name: Setup docker-int wireguard
+  hosts: docker-int
+  vars:
+  tags:
+    - wireguard
+  roles:
+    - bastion
+
 - name: Traefik config
   hosts:
     - docker-ext
@@ -117,4 +126,3 @@
         src: assets/{{ inventory_hostname }}/rules.yaml.j2
         dest: /root/docker/traefik/rules.yaml
         backup: true
-
diff --git a/ansible/inventory/group_vars/external_access/vars b/ansible/inventory/group_vars/external_access/vars
new file mode 100644
index 0000000..17972bc
--- /dev/null
+++ b/ansible/inventory/group_vars/external_access/vars
@@ -0,0 +1,4 @@
+bastion_wg_public_key: s3Ch/zcv5IeSpIbHBT5pdzpHWwV2qh4Z9W/0DSZg/CQ=
+bastion_wg_private_key: "{{ vault_bastion_wg_private_key }}"
+homeserver_wg_public_key: 84ITOv/sB0f/h7fIY+uLQeTmMDgTCjvVzIQmEsLAZmo=
+homeserver_wg_private_key: "{{ vault_homeserver_wg_private_key }}"
diff --git a/ansible/inventory/group_vars/external_access/vault b/ansible/inventory/group_vars/external_access/vault
new file mode 100644
index 0000000..1664079
--- /dev/null
+++ b/ansible/inventory/group_vars/external_access/vault
@@ -0,0 +1,13 @@
+$ANSIBLE_VAULT;1.1;AES256
+63313365346334336431303631306338366438616433623333343531653765363531303966653661
+6265393431346631346661363264393937663663333832360a346634306132633839383731353036
+65353434616566623963323134353234316362663636333162366561386137363431393936363437
+3636326139363765640a333736363530616238303531663637303064633961323332353766323134
+39306535636566333165623835363239333331383830616564626437656463376464663238663731
+64373335343135333535356231613733633565623530396165663237656135333032626138643364
+62343665663832653165323263643230343738363066633938373961386332333131306636643564
+65616635343065646261333930363635376133626462646532326436323130396266653263376331
+65653430373333633536356233616230363538323032616337363139666330353836653036376264
+35326439323939656639616665633265623264396132313337376661373731313138376136336664
+37656138373131303263343266643439333035356635636664646638373539373130336638383233
+31303139366130303137
diff --git a/ansible/inventory/group_vars/wireguard/vars b/ansible/inventory/group_vars/wireguard/vars
index 9a59354..87d6bb7 100644
--- a/ansible/inventory/group_vars/wireguard/vars
+++ b/ansible/inventory/group_vars/wireguard/vars
@@ -1,4 +1 @@
-bastion_wg_public_key: uBjwOBqEeH/2V7qo5GLGQaX159I1YBztzxvYE9pXOnI=
-bastion_wg_private_key: "{{ vault_bastion_wg_private_key }}"
-docker_ext_wg_public_key: 84ITOv/sB0f/h7fIY+uLQeTmMDgTCjvVzIQmEsLAZmo=
-docker_ext_wg_private_key: "{{ vault_docker_ext_wg_private_key }}"
+docker_int_wg_private_key: "{{ vault_docker_int_wg_private_key }}"
diff --git a/ansible/inventory/group_vars/wireguard/vault b/ansible/inventory/group_vars/wireguard/vault
index 938e65c..db55578 100644
--- a/ansible/inventory/group_vars/wireguard/vault
+++ b/ansible/inventory/group_vars/wireguard/vault
@@ -1,13 +1,9 @@
 $ANSIBLE_VAULT;1.1;AES256
-65633461333438396463383333323364616536316536363136646361613837353938316562363466
-6431373436363535666662323636623439643532323865610a356334333430356138363561363039
-37613232333932663833303038353531636261663830653436633132386432623835643433663532
-6533343630353634320a326139346666643135326566336263653965623835396236366433313031
-37656666613035663764626430366635316430303835396436666563653531373635303633383264
-64356631393433303337373631313034323339623338383937653565376261633034666330656331
-38663262656264323639643261623263646537343430396265663762393835646566646563353766
-61363237393033643034343862663739303736336636326230386131356632626630633361646664
-66343637393439393463363434303331343161656364386535366535666433356332396364353630
-62376262373839656339353530656666626235643630303665643633326365616266656330333538
-62626237383835306534643839353465316664643161373465306461373366356433343863393635
-63363235633339373538
+62643663333863323162613131393738396338666162623530336235613164636337666235333166
+3533366265333931623439666134346130356430333531330a636561363132666339353861396332
+37646564626364306264636539633362663139643238353532393661666165643531343930316637
+3365663330326131630a663062343535376438343462373733363762343637333730396463643638
+62363235623765386133336466663433633430316531316364643233303061626664653761303930
+31366162666239656333626232323334373865653561326131336262343133663030306363626461
+64306466373764343132333564626638633932633538306536626666636338316433346666656135
+34643761633861656135