diff --git a/bundles/backup/files/backup_all b/bundles/backup/files/backup_all
new file mode 100644
index 0000000..e69de29
diff --git a/bundles/backup/files/backup_path b/bundles/backup/files/backup_path
new file mode 100644
index 0000000..4317efe
--- /dev/null
+++ b/bundles/backup/files/backup_path
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+PATH=$1
+SERVER=$(jq -r .server < /etc/backup/config.json)
+
+if zfs list -H -o mountpoint | grep -q "$PATH"
+then
+  TYPE=zfs
+elif test -d "$PATH"
+then
+  TYPE=directory
+elif test -f "$PATH"
+then
+  TYPE=file
+else
+  echo "UNKNOWN TYPE: $PATH"
+  exit 1
+fi
diff --git a/bundles/backup/metadata.py b/bundles/backup/metadata.py
index 9349032..5002518 100644
--- a/bundles/backup/metadata.py
+++ b/bundles/backup/metadata.py
@@ -1,4 +1,9 @@
 defaults = {
+    'apt': {
+        'packages': {
+            'rsync': {},
+        },
+    },
     'backup': {
         'server': None,
         'paths': [],
diff --git a/bundles/wireguard/files/wg0.netdev b/bundles/wireguard/files/wg0.netdev
index 8bc13a0..f6f2fc3 100644
--- a/bundles/wireguard/files/wg0.netdev
+++ b/bundles/wireguard/files/wg0.netdev
@@ -11,10 +11,11 @@ ListenPort=51820
 # Peer ${peer}
 [WireGuardPeer]
 PublicKey=${config['pubkey']}
+AllowedIPs=0.0.0.0/0
 %   if len(peers) == 1: # FIXME
-AllowedIPs=${network}
+#AllowedIPs=${network}
 %   else:
-AllowedIPs=${','.join(sorted(config['ips']))}
+#AllowedIPs=${','.join(sorted(config['ips']))}
 %   endif
 PresharedKey=${config['psk']}
 %   if 'endpoint' in config:
diff --git a/nodes/home.server.py b/nodes/home.server.py
index b9a2971..bd04204 100644
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@@ -22,6 +22,7 @@
             'domain': 'git.sublimity.de',
         },
         'wireguard': {
+            # iptables -t nat -A POSTROUTING -o enp1s0f0 -j MASQUERADE
             'my_ip': '172.19.136.1/22',
             'peers': {
                 'htz.mails': {},