diff --git a/modules/nixos/access/peeps.nix b/modules/nixos/access/peeps.nix
index ab68fc90..7b8d1523 100644
--- a/modules/nixos/access/peeps.nix
+++ b/modules/nixos/access/peeps.nix
@@ -47,10 +47,12 @@ in {
       mkBefore nft)
     cfg.ranges;
     condition = "ip6 saddr { ${concatStringsSep "," (mapAttrsToList (name: _: "$" + mkNftName name) cfg.ranges)} }";
+    mkInclude = name: ''include "${cfg.stateDir}/${name}*.nft"'';
+    includes = mapAttrsToList (name: _: mkBefore (mkInclude name)) cfg.ranges;
   in {
     nftables.ruleset = mkIf cfg.enable (mkMerge (
       nftRanges
-      ++ [(mkBefore ''include "${cfg.stateDir}/*.nft"'')]
+      ++ includes
     ));
     firewall.interfaces.peeps = {
       nftables.enable = cfg.enable;