diff --git a/machines/NixOS-VPS/default.nix b/machines/NixOS-VPS/default.nix
index bb72bae..458920a 100644
--- a/machines/NixOS-VPS/default.nix
+++ b/machines/NixOS-VPS/default.nix
@@ -141,5 +141,10 @@
     }];
   }];
 
+  # Directory for some state files (like wireguard keys)
+  systemd.tmpfiles.rules = [
+    "d /srv 0755 root root -"
+  ];
+
   system.stateVersion = "23.05";
 }
diff --git a/machines/NixOS-VPS/services/wireguard.nix b/machines/NixOS-VPS/services/wireguard.nix
index 01f9dba..333c464 100644
--- a/machines/NixOS-VPS/services/wireguard.nix
+++ b/machines/NixOS-VPS/services/wireguard.nix
@@ -34,91 +34,91 @@ in {
         Kind = "wireguard";
       };
       wireguardConfig = {
-        PrivateKeyFile = "/var/lib/wireguard/private";
+        PrivateKeyFile = "/srv/wireguard/private";
         ListenPort = wireguardPort;
       };
       wireguardPeers = [
         {
           wireguardPeerConfig = with wireguardPeers.ataraxia; {
             PublicKey = "qjkV4V0on7H3hXG7udKOv4Qu/IUBrsDcXNZt3MupP3o=";
-            PresharedKeyFile = "/var/lib/wireguard/ataraxia/preshared";
+            PresharedKeyFile = "/srv/wireguard/ataraxia/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.hypervisor; {
             PublicKey = "oKQ3HXZ1wwWyVgmA4RoCXscImohqB8hdMzP1FRArw0o=";
-            PresharedKeyFile = "/var/lib/wireguard/hypervisor/preshared";
+            PresharedKeyFile = "/srv/wireguard/hypervisor/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.mikrotik; {
             PublicKey = "amReLTZgu6pwtKCnk1q8EG5uZSgUNxRoh5m3w1D3rQo=";
-            PresharedKeyFile = "/var/lib/wireguard/mikrotik/preshared";
+            PresharedKeyFile = "/srv/wireguard/mikrotik/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.poco; {
             PublicKey = "ZbBJziuMjyHJNcgrLYIQtio7l3fEOJ4GXW4ST+N9V34=";
-            PresharedKeyFile = "/var/lib/wireguard/poco/preshared";
+            PresharedKeyFile = "/srv/wireguard/poco/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.kpoxa; {
             PublicKey = "U1wtbS8/yQGkBnBQUZs7KxxmvAajKb9jh83dDd2LdgE=";
-            PresharedKeyFile = "/var/lib/wireguard/kpoxa/preshared";
+            PresharedKeyFile = "/srv/wireguard/kpoxa/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.kpoxa2; {
             PublicKey = "ghU3Puwz5PeXmnDlxyh+IeuwFK44V3rXlMiFGs5YnwI=";
-            PresharedKeyFile = "/var/lib/wireguard/kpoxa2/preshared";
+            PresharedKeyFile = "/srv/wireguard/kpoxa2/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.faysss; {
             PublicKey = "JLvKyFwI7b9MsiZsnNAt3qs5ob18b3mrOZKR5HZCORY=";
-            PresharedKeyFile = "/var/lib/wireguard/faysss/preshared";
+            PresharedKeyFile = "/srv/wireguard/faysss/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.faysss2; {
             PublicKey = "S6k9l0K5/YmO5BPETQludC1CBHsKLsk9+n6kwSjx4n8=";
-            PresharedKeyFile = "/var/lib/wireguard/faysss2/preshared";
+            PresharedKeyFile = "/srv/wireguard/faysss2/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.faysss3; {
             PublicKey = "ka42gE67gShu88Ko7iQ/pK8zusod6bNIrIN8fkxVkC4=";
-            PresharedKeyFile = "/var/lib/wireguard/faysss3/preshared";
+            PresharedKeyFile = "/srv/wireguard/faysss3/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.doste; {
             PublicKey = "KVbEaO4DSpTb941zxOPQLWq2Glm9CDgK/9MwW95WuC0=";
-            PresharedKeyFile = "/var/lib/wireguard/doste/preshared";
+            PresharedKeyFile = "/srv/wireguard/doste/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.dell; {
             PublicKey = "//ss9UEHRFEZL4LbZaA1HiRUrMrn97kc7CmblUORXTc=";
-            PresharedKeyFile = "/var/lib/wireguard/dell/preshared";
+            PresharedKeyFile = "/srv/wireguard/dell/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }
         {
           wireguardPeerConfig = with wireguardPeers.hypervisor-dns; {
             PublicKey = "x4uavQEEfhdqNC4FCOPfKlEDRJiwOz4dy2W1KhJtnwc=";
-            PresharedKeyFile = "/var/lib/wireguard/hypervisor-dns/preshared";
+            PresharedKeyFile = "/srv/wireguard/hypervisor-dns/preshared";
             AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
           };
         }