{ flake, config, pkgs, ... }: { age.secrets.wg-private-key-server.file = "${flake.self}/secrets/wg-private-pie-server.age"; networking.nat = { enable = true; enableIPv6 = true; internalInterfaces = [ "wg-server" ]; }; networking.firewall.allowedUDPPorts = [ 51898 ]; # Enable WireGuard networking.wg-quick.interfaces = { wg-server = { listenPort = 51898; address = [ "10.0.1.2/32" "fd00:acab:1312:acab:2::/128" ]; dns = [ "10.0.1.2" "fd00:acab:1312:acab:2::" ]; privateKeyFile = "/run/agenix/wg-private-key-server"; peers = [ # { # # router # publicKey = ""; # allowedIPs = ["10.0.1.1/32"]; # persistentKeepalive = 25; # } { # droppie publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw="; allowedIPs = [ "10.0.1.3/32" "fd00:acab:1312:acab:3::/128" ]; persistentKeepalive = 25; } { # chocolatebar publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A="; allowedIPs = [ "10.0.1.5/32" "fd00:acab:1312:acab:5::/128" ]; persistentKeepalive = 25; } { # biolimo publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc="; allowedIPs = [ "10.0.1.6/32" "fd00:acab:1312:acab:6::/128" ]; persistentKeepalive = 25; } ]; }; }; }