os/hosts/giggles/home-controller.nix

{
  self,
  config,
  pkgs,
  ...
}: {
  config = {
    age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_giggles_wireguard_key.age";

    pub-solar.home-controller = {
      enable = true;
      role = "server";
      ownIp = "10.0.1.11";

      k3s = {
        enableLocalStorage = true;
        enableZfs = true;
      };

      wireguard = {
        privateKeyFile = "/run/agenix/home_controller_wireguard";
        peers = [
          {
            # chonk
            publicKey = "t1DS0y6eVzyGwomKAEWTWVsHK3xB7M/fNQ3wLgE3+B8=";
            allowedIPs = ["10.0.1.6/32"];
            endpoint = "data.gssws.de:51899";
            persistentKeepalive = 25;
          }
          {
            # cox
            publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
            allowedIPs = ["10.0.1.12/32"];
            endpoint = "cox.local:51899";
            persistentKeepalive = 25;
          }
          {
            # companion
            publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
            allowedIPs = ["10.0.1.13/32"];
            endpoint = "companion.local:51899";
            persistentKeepalive = 25;
          }
          {
            # ringo
            publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
            allowedIPs = ["10.0.1.21/32"];
            endpoint = "ringo.local:51899";
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
}