diff --git a/tasks/wireguard.yml b/tasks/wireguard.yml
index a187b69..dd39333 100644
--- a/tasks/wireguard.yml
+++ b/tasks/wireguard.yml
@@ -19,13 +19,13 @@
     path: '{{ item }}'
     owner: root
     group: systemd-network
-    mode: '0640'
+    mode: '0750'
     state: directory
     recurse: true
   loop:
     - '{{ vpn_config_dir }}'
-    - '{{ vpn_media_server_public_key_path | dirname }}'
-    - '{{ vpn_media_server_key_path | dirname }}'
+    - '{{ vpn_server_public_key_path | dirname }}'
+    - '{{ vpn_server_key_path | dirname }}'
 
 - name: Copy Wireguard server credentials
   become: true
diff --git a/tasks/wireguard_media.yml b/tasks/wireguard_media.yml
index 24039ae..17d9b26 100644
--- a/tasks/wireguard_media.yml
+++ b/tasks/wireguard_media.yml
@@ -19,13 +19,13 @@
     path: '{{ item }}'
     owner: root
     group: systemd-network
-    mode: '0640'
+    mode: '0750'
     state: directory
     recurse: true
   loop:
     - '{{ vpn_config_dir }}'
-    - '{{ vpn_server_public_key_path | dirname }}'
-    - '{{ vpn_server_private_key_path | dirname }}'
+    - '{{ vpn_media_server_public_key_path | dirname }}'
+    - '{{ vpn_media_server_key_path | dirname }}'
 
 - name: Copy Wireguard server media credentials
   become: true
diff --git a/vars/main.yml b/vars/main.yml
index 455a55f..c2275cf 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -12,4 +12,4 @@ packages:
   - certbot
   - unattended-upgrades
 
-vpn_config_dir: '/etc/wireguard/keys'
+vpn_config_dir: '/etc/wireguard'