diff --git a/bundles/wireguard/items.py b/bundles/wireguard/items.py
index d7c00e6..f9425c2 100644
--- a/bundles/wireguard/items.py
+++ b/bundles/wireguard/items.py
@@ -22,9 +22,7 @@ for number, (peer, config) in enumerate(sorted(node.metadata.get('wireguard/peer
             'psk': config['psk'],
             'pubkey': config['pubkey'],
         },
-        'needs': {
-            'pkg_apt:wireguard',
-        },
+        'needs': {'pkg_apt:wireguard'} if node.has_bundle('apt') else set(),
         'triggers': {
             'svc_systemd:systemd-networkd:restart',
         },
diff --git a/bundles/wireguard/metadata.py b/bundles/wireguard/metadata.py
index f81cde5..573aa4e 100644
--- a/bundles/wireguard/metadata.py
+++ b/bundles/wireguard/metadata.py
@@ -200,9 +200,13 @@ def firewall(metadata):
 def interface_ips(metadata):
     interfaces = {}
     for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
+        if '/' in config['my_ip']:
+            my_ip = config['my_ip']
+        else:
+            my_ip = '{}/31'.format(config['my_ip'])
         interfaces[f'wg{number}'] = {
             'ips': {
-                '{}/31'.format(config['my_ip']),
+                my_ip,
             },
         }
     return {
@@ -214,7 +218,7 @@ def interface_ips(metadata):
     'nftables/rules/10-wireguard',
 )
 def snat(metadata):
-    if not node.has_bundle('nftables'):
+    if not node.has_bundle('nftables') or node.os == 'arch':
         raise DoNotRunAgain
 
     rules = {