diff --git a/flake.lock b/flake.lock
index 2d182ae..e978b60 100644
--- a/flake.lock
+++ b/flake.lock
@@ -165,11 +165,11 @@
     },
     "secrets": {
       "locked": {
-        "lastModified": 1711641020,
-        "narHash": "sha256-und6yndmaPsS/wEkqrEvN02VbK+HCFz0zglRNaZeCJI=",
+        "lastModified": 1711740735,
+        "narHash": "sha256-/NmklXfLak65luQoMsUl539faoabD+lo7P9fNDaXkic=",
         "ref": "refs/heads/master",
-        "rev": "057f8a2b8cd29a70764004d035a6a9e33c73f4ff",
-        "revCount": 5,
+        "rev": "42e5e76765daf6dd36fa195a5a424d8d69c15dfa",
+        "revCount": 6,
         "type": "git",
         "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
       },
diff --git a/hosts/alpha/network.nix b/hosts/alpha/network.nix
index 31b61f2..f7bcc9e 100644
--- a/hosts/alpha/network.nix
+++ b/hosts/alpha/network.nix
@@ -45,9 +45,9 @@
       name = "wg-sigma-public";
     };
 
-    # The following routes traffic destined for 116.203.6.156 (floating IP) to
-    # sigma through wireguard. This allows the server to have a public address
-    # and help others sail the high seas even though it is behind NAT.
+    # The following routes traffic destined for the sigma-p2p address (floating
+    # IP) to sigma through wireguard. This allows the server to have a public
+    # address and help others sail the high seas even though it is behind NAT.
     netdevs."51-wg-sigma-p2p" = {
       netdevConfig = {
         Name = "wg-sigma-p2p";
@@ -62,7 +62,7 @@
           wireguardPeerConfig = {
             PublicKey = "sigmaH/DKSU8KWyrPtucYmS2ewUvDvCNLxd/qYEo0n0=";
             PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
-            AllowedIPs = ["116.203.6.156/32"];
+            AllowedIPs = ["${secrets.alpha.sigma-p2p-ip-address}/32"];
             RouteTable = "main";
           };
         }
diff --git a/hosts/omega/network.nix b/hosts/omega/network.nix
index c0a9d30..84069c0 100644
--- a/hosts/omega/network.nix
+++ b/hosts/omega/network.nix
@@ -6,8 +6,8 @@
   systemd.network = {
     config = {
       routeTables = {
-        "wg-sigma-public" = 822944075;
-        "wg-sigma-p2p" = 2553;
+        "wg-sigma-public" = 42;
+        "wg-sigma-p2p" = 6881;
       };
     };
 
@@ -59,9 +59,9 @@
     };
 
     # The following establishes a wireguard tunnel to alpha and configures
-    # receiving traffic destined for 116.203.6.156. This allows the server to
-    # have a public address and help others sail the high seas even though it
-    # is behind NAT.
+    # receiving traffic destined for the sigma-p2p address. This allows the
+    # server to have a public address and help others sail the high seas even
+    # though it is behind NAT.
     netdevs."51-wg-sigma-p2p" = {
       netdevConfig = {
         Name = "wg-sigma-p2p";
@@ -85,11 +85,11 @@
     };
     networks."wg-sigma-p2p" = {
       name = "wg-sigma-p2p";
-      address = ["116.203.6.156/32"];
+      address = ["${secrets.sigma.sigma-p2p-ip-address}/32"];
       routingPolicyRules = [
         {
           routingPolicyRuleConfig = {
-            From = "116.203.6.156/32";
+            From = "${secrets.sigma.sigma-p2p-ip-address}/32";
             Table = "wg-sigma-p2p";
           };
         }