diff --git a/tasks/k3s.yaml b/tasks/k3s.yaml
index f0e4223..51f028f 100644
--- a/tasks/k3s.yaml
+++ b/tasks/k3s.yaml
@@ -16,15 +16,17 @@
   when: >
     install_kubernetes | default(true) | bool
       and
-    not kubernetes_installed | default(false) | bool
+    kubernetes_installed | default(false) | bool
 
 
 - name: Wireguard Cluster Encryption
   ansible.builtin.include_tasks:
-    file: k3s/configure.yaml
+    file: k3s/wireguard.yaml
   when: >
     install_kubernetes | default(true) | bool
       and
-    not kubernetes_installed | default(false) | bool
+    kubernetes_installed | default(false) | bool
       and
     not kubernetes_installed_encryption | default(false) | bool
+      and
+    kubernetes_config.cluster.networking.encrypt | default(false) | bool
diff --git a/tasks/k3s/wireguard.yaml b/tasks/k3s/wireguard.yaml
index aa0adfb..2effdc6 100644
--- a/tasks/k3s/wireguard.yaml
+++ b/tasks/k3s/wireguard.yaml
@@ -6,8 +6,8 @@
     update_cache: false
   when: >
     ansible_os_family == 'Debian'
-      and
-    kubernetes.networking.encrypt | default(false) | bool
+  #    and
+  #  kubernetes.networking.encrypt | default(false) | bool
 
 
 - name: Enable Cluster Encryption
@@ -15,10 +15,6 @@
     cmd: kubectl patch felixconfiguration default --type='merge' -p '{"spec":{"wireguardEnabled":true,"wireguardEnabledV6":true}}'
   changed_when: false
   when: >
-    ansible_os_family == 'Debian'
-      and
-    kubernetes.networking.encrypt | default(false) | bool
-      and
     kubernetes_config.cluster.prime.name == inventory_hostname
 
 - name: Set Kubernetes Encryption Final Install Fact