diff --git a/packer/rootfs/etc/wireguard/wg0.conf b/packer/rootfs/etc/wireguard/wg0.conf
index e328ba8..280fb0f 100644
--- a/packer/rootfs/etc/wireguard/wg0.conf
+++ b/packer/rootfs/etc/wireguard/wg0.conf
@@ -2,11 +2,11 @@
 Address = 10.10.10.1/24, fd10:10:10::1/64
 ListenPort = 51820
 # Load keys
-PostUp = [ -s '/etc/wireguard/%i-privatekey' ] || (umask 077 && wg genkey > '/etc/wireguard/%i-privatekey')
-PostUp = [ -s '/etc/wireguard/%i-publickey'  ] || (umask 022 && wg pubkey < '/etc/wireguard/%i-privatekey' > '/etc/wireguard/%i-publickey')
+PostUp = [ -s '/etc/wireguard/%i-privatekey' ] || { umask 077 && wg genkey > '/etc/wireguard/%i-privatekey'; }
+PostUp = [ -s '/etc/wireguard/%i-publickey'  ] || { umask 022 && wg pubkey < '/etc/wireguard/%i-privatekey' > '/etc/wireguard/%i-publickey'; }
 PostUp = wg set '%i' private-key '/etc/wireguard/%i-privatekey'
 # Load peers
-PostUp = [ -e '/etc/wireguard/%i-peers.conf' ] || (umask 022 && touch '/etc/wireguard/%i-peers.conf')
+PostUp = [ -e '/etc/wireguard/%i-peers.conf' ] || { umask 022 && touch '/etc/wireguard/%i-peers.conf'; }
 PostUp = wg addconf '%i' '/etc/wireguard/%i-peers.conf'
 # Reload nftables
 PostUp = nft -f /etc/nftables.conf