diff --git a/machines/nixos/vault01/networking/default.nix b/machines/nixos/vault01/networking/default.nix
index 3fb2f3f..8d877ba 100644
--- a/machines/nixos/vault01/networking/default.nix
+++ b/machines/nixos/vault01/networking/default.nix
@@ -7,7 +7,6 @@
   lib,
   meta,
   name,
-  config,
   ...
 }:
 
@@ -190,32 +189,6 @@ in
           "10-enp67s0f0np0" = {
             name = "enp67s0f0np0";
             linkConfig.Promiscuous = true;
-            networkConfig = {
-              Bridge = "br0";
-
-              LinkLocalAddressing = false;
-              LLDP = false;
-              EmitLLDP = false;
-              IPv6AcceptRA = false;
-              IPv6SendRA = false;
-            };
-            linkConfig.MTUBytes = 1504;
-          };
-          "50-gretap1" = {
-            name = "gretap1";
-            networkConfig = {
-              Bridge = "br0";
-
-              LinkLocalAddressing = false;
-              LLDP = false;
-              EmitLLDP = false;
-              IPv6AcceptRA = false;
-              IPv6SendRA = false;
-            };
-            linkConfig.MTUBytes = 1504;
-          };
-          "50-br0" = {
-            name = "br0";
             networkConfig = {
               VLAN = builtins.attrNames vlans;
 
@@ -227,54 +200,9 @@ in
             };
             linkConfig.MTUBytes = 1504;
           };
-          "50-wg0" = {
-            name = "wg0";
-            address = [ "10.10.17.1/30" ];
-            networkConfig.Tunnel = "gretap1";
-          };
         } // (mapAttrs' mkNetwork vlans);
 
-        netdevs = {
-          "50-gretap1" = {
-            netdevConfig = {
-              Name = "gretap1";
-              Kind = "gretap";
-            };
-            tunnelConfig = {
-              Local = "10.10.17.1";
-              Remote = "10.10.17.2";
-            };
-          };
-          "50-br0" = {
-            netdevConfig = {
-              Name = "br0";
-              Kind = "bridge";
-            };
-            bridgeConfig = {
-              VLANFiltering = false;
-              STP = false;
-            };
-          };
-          "50-wg0" = {
-            netdevConfig = {
-              Name = "wg0";
-              Kind = "wireguard";
-            };
-            wireguardConfig = {
-              ListenPort = 1194;
-              PrivateKeyFile = config.age.secrets."wg-key".path;
-            };
-
-            wireguardPeers = [
-              {
-                AllowedIPs = [
-                  "10.10.17.0/30"
-                ];
-                PublicKey = "g6S3gBx1Hf2iX41tokD+m8WfzJJTTcsKifOkn+Wcd00=";
-              }
-            ];
-          };
-        } // mapAttrs' mkNetdev vlans;
+        netdevs = mapAttrs' mkNetdev vlans;
       };
 
       services = {
@@ -392,20 +320,8 @@ in
           };
         };
       };
-      firewall = {
-        allowedUDPPorts = [
-          67
-          1194
-        ];
-        # FIXME: I dont't remember why it's here, and it doesn't seems right
-        # comes from https://git.dgnum.eu/DGNum/infrastructure/commit/411795c664374549e5e831722a80180b51fbf0d5
-        # checkReversePath = false;
-      };
+      firewall.allowedUDPPorts = [ 67 ];
     };
-
-    age.secrets."wg-key".owner = "systemd-network";
-    users.users."systemd-network".extraGroups = [ "keys" ];
-
     boot.kernel.sysctl."net.ipv4.ip_forward" = true;
   };
 }
diff --git a/machines/nixos/vault01/secrets/secrets.nix b/machines/nixos/vault01/secrets/secrets.nix
index f93ee25..45b76b0 100644
--- a/machines/nixos/vault01/secrets/secrets.nix
+++ b/machines/nixos/vault01/secrets/secrets.nix
@@ -14,5 +14,4 @@
     "radius-private_key_password_file"
     "eatonmon-password_file"
     "radius-ap-radius-secret_file"
-    "wg-key"
   ]
diff --git a/machines/nixos/vault01/secrets/wg-key b/machines/nixos/vault01/secrets/wg-key
deleted file mode 100644
index 6b366f8..0000000
Binary files a/machines/nixos/vault01/secrets/wg-key and /dev/null differ