os/hosts/ryzensun/networking.nix

{
  networking = {
    hosts = {
      "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"];
      "10.0.0.66" = ["consul.service.cgn-1.consul"];
      "10.0.1.9" = ["consul.service.lev-1.consul"];
      "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"];
      "10.0.0.200" = ["headnode.cgn-1"];
      "10.0.0.201" = ["cn01.cgn-1"];
      "10.0.0.202" = ["cn02.cgn-1"];
      "10.0.0.205" = ["cn05.cgn-1"];
      "10.0.0.206" = ["cn06.cgn-1"];
      "10.0.0.207" = ["cn07.cgn-1"];
      "10.0.0.208" = ["cn08.cgn-1"];
      "10.0.1.200" = ["headnode.lev-1"];
      "10.0.1.201" = ["cn01.lev-1"];
      "10.0.1.202" = ["cn02.lev-1"];
      "10.0.1.203" = ["cn03.lev-1"];
      "10.0.1.204" = ["cn04.lev-1"];
      "10.0.1.205" = ["cn05.lev-1"];
      "10.0.1.206" = ["cn00.lev-1"];
      "10.0.1.207" = ["cn06.lev-1"];
      "10.0.1.208" = ["cn07.lev-1"];
    };

    wireguard.enable = true;
    wg-quick.interfaces = {
      wg0 = {
        address = ["10.8.8.7/32"];
        privateKeyFile = "/etc/wireguard/wg0.privatekey";

        peers = [
          {
            publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
            allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"];
            endpoint = "85.88.23.16:51820";
            persistentKeepalive = 25;
          }
        ];
      };
      wg1 = {
        address = ["10.11.11.6/32"];
        privateKeyFile = "/etc/wireguard/wg1.privatekey";
        mtu = 1300;

        peers = [
          {
            publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928=";
            presharedKeyFile = "/etc/wireguard/wg1.presharedkey";
            allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"];
            endpoint = "80.71.153.1:51820";
            #persistentKeepalive = 16;
          }
        ];
      };
      wg2 = {
        address = ["10.7.6.204/32"];
        privateKeyFile = "/etc/wireguard/wg2.privatekey";

        peers = [
          { # nachtigall.pub.solar
            publicKey = "qzNywKY9RvqTnDO8eLik75/SHveaSk9OObilDzv+xkk=";
            allowedIPs = [ "10.7.6.1/32" "fd00:fae:fae:fae:fae:1::/96" ];
            endpoint = "[2a01:4f8:172:1c25::1]:51820";
            persistentKeepalive = 15;
          }
          { # flora-6.pub.solar
            publicKey = "jtSR5G2P/nm9s8WrVc26Xc/SQLupRxyXE+5eIeqlsTU=";
            allowedIPs = [ "10.7.6.2/32" "fd00:fae:fae:fae:fae:2::/96" ];
            endpoint = "80.71.153.210:51820";
            persistentKeepalive = 15;
          }
        ];
      };
      #wg1 = {
      #  address = [ "10.13.0.1/32" ];
      #  privateKeyFile = "/etc/wireguard/wg1.privatekey";
      #  mtu = 1412;

      #  peers = [
      #    {
      #      publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs=";
      #      allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ];
      #      endpoint = "[2a00:6020:48ad:dd00:dea6:32ff:fe85:3306]:51820";
      #      persistentKeepalive = 25;
      #    }
      #  ];
      #};
      #wg2 = {
      #  address = [ "10.6.6.4/32" ];
      #  privateKeyFile = "/etc/wireguard/wg2.privatekey";

      #  peers = [
      #    {
      #      publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
      #      presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
      #      allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ];
      #      endpoint = "85.88.23.127:51820";
      #      persistentKeepalive = 16;
      #    }
      #  ];
      #};
    };
  };
}