diff --git a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
index c5b84e574b8d..eae7a61297d1 100644
--- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
@@ -23,12 +23,24 @@ in {
         to set the peers up.
       '';
     };
+
+    singleSubnetPerField = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        By default, all allowed IPs and subnets are comma-separated in the
+        <literal>allowed_ips</literal> field. With this option enabled,
+        a single IP and subnet will be listed in fields like <literal>allowed_ip_0</literal>,
+        <literal>allowed_ip_1</literal> and so on.
+      '';
+    };
   };
   serviceOpts = {
     script = ''
       ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \
         -p ${toString cfg.port} \
         ${optionalString cfg.verbose "-v"} \
+        ${optionalString cfg.singleSubnetPerField "-s"} \
         ${optionalString (cfg.wireguardConfig != null) "-n ${cfg.wireguardConfig}"}
     '';
 
diff --git a/nixos/tests/prometheus-exporters.nix b/nixos/tests/prometheus-exporters.nix
index 90c7c9701f60..9a85501d15f8 100644
--- a/nixos/tests/prometheus-exporters.nix
+++ b/nixos/tests/prometheus-exporters.nix
@@ -331,11 +331,12 @@ let
             inherit (snakeoil.peer1) publicKey;
           };
         };
+        systemd.services.prometheus-wireguard-exporter.after = [ "wireguard-wg0.service" ];
       };
       exporterTest = ''
         waitForUnit("prometheus-wireguard-exporter.service");
         waitForOpenPort(9586);
-        succeed("curl -sSf http://localhost:9586/metrics | grep '${snakeoil.peer1.publicKey}'");
+        waitUntilSucceeds("curl -sSf http://localhost:9586/metrics | grep '${snakeoil.peer1.publicKey}'");
       '';
     };
   };
diff --git a/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix b/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
index 77bc187e3575..52620478339a 100644
--- a/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
+++ b/pkgs/servers/monitoring/prometheus/wireguard-exporter.nix
@@ -2,21 +2,19 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "wireguard-exporter";
-  version = "2.0.1";
+  version = "3.0.0";
 
   src = fetchFromGitHub {
     owner = "MindFlavor";
     repo = "prometheus_wireguard_exporter";
     rev = version;
-    sha256 = "11yrry8fzalcigqsx1wx371w543gdcsx48fd7dacbrsfl2dk2azp";
+    sha256 = "1vgwsg81xcxh7pcdc667mfviwwpzsm4lpllykf78vfahi9qmwffn";
   };
 
-  cargoSha256 = "1wnk39p144zjsdhnyjk6y41xs448bxnbbxkqk53r6i2f2wzrsk2m";
+  cargoSha256 = "06s9194lvwd7lynxnsrjfbjfj87ngvjbqjhx3idf7d1w9mgi4ysw";
 
   buildInputs = lib.optional stdenv.isDarwin Security;
 
-  doCheck = false;
-
   meta = with lib; {
     description = "A Prometheus exporter for WireGuard, written in Rust.";
     license = licenses.mit;