{ config, lib, pkgs, ... }: { systemd.network = { enable = true; networks = { "50-wg0" = { name = "wg0"; address = [ "10.10.10.1/24" ]; routes = [{ routeConfig = { Destination = "10.10.10.0/24"; Scope = "link"; }; }]; networkConfig = { IPForward = true; }; }; }; netdevs = { "50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig = { ListenPort = 1194; PrivateKeyFile = config.age.secrets."wg-key".path; }; wireguardPeers = [ { #hackens-desktop wireguardPeerConfig = { AllowedIPs = [ "10.10.10.3/32" ]; PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA="; }; } { #bakham (AGB) wireguardPeerConfig = { AllowedIPs = [ "10.10.10.5/32" ]; PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8="; }; } { #soyouzpanda wireguardPeerConfig = { AllowedIPs = [ "10.10.10.11/32" ]; PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8="; }; } { #sinavir wireguardPeerConfig = { AllowedIPs = [ "10.10.10.12/32" ]; PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M="; }; } ]; }; }; }; networking.firewall.allowedUDPPorts = [ 1194 ]; }