diff --git a/configuration/default.nix b/configuration/default.nix
index 0043336..f4309ea 100644
--- a/configuration/default.nix
+++ b/configuration/default.nix
@@ -53,7 +53,6 @@
   networking = {
     hostName = "tlaternet";
     usePredictableInterfaceNames = false;
-    useDHCP = false;
 
     firewall = {
       allowedTCPPorts = [
diff --git a/configuration/services/wireguard.nix b/configuration/services/wireguard.nix
index f598e19..867dcd5 100644
--- a/configuration/services/wireguard.nix
+++ b/configuration/services/wireguard.nix
@@ -1,9 +1,4 @@
 {config, ...}: {
-  # iptables needs to permit forwarding from wg0 to wg0
-  networking.firewall.extraCommands = ''
-    iptables -A FORWARD -i wg0 -o wg0 -j ACCEPT
-  '';
-
   systemd.network = {
     netdevs = {
       "20-wg0" = {
@@ -43,25 +38,9 @@
       "20-wg0" = {
         matchConfig.Name = "wg0";
 
-        networkConfig = {
-          Address = [
-            "10.45.249.1/32"
-            # TODO(tlater): Add IPv6 whenever that becomes relevant
-          ];
-
-          IPForward = "yes";
-          IPv4ProxyARP = "yes";
-        };
-
-        routes = [
-          {
-            routeConfig = {
-              Source = "10.45.249.0/24";
-              Destination = "10.45.249.0/24";
-              Gateway = "10.45.249.1";
-              GatewayOnLink = "no";
-            };
-          }
+        networkConfig.Address = [
+          "10.45.249.1/24"
+          # TODO(tlater): Add IPv6 whenever that becomes relevant
         ];
 
         linkConfig.RequiredForOnline = "no";