{ lib, config, ... }: { systemd.network = { enable = true; networks."50-wg0" = { name = "wg0"; address = [ "10.10.10.4/24" ]; }; netdevs = { "50-wg0" = { netdevConfig = { Name = "wg0"; Kind = "wireguard"; }; wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path; wireguardPeers = [ { AllowedIPs = [ "10.10.10.0/24" ]; PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub); Endpoint = "129.199.129.76:1194"; PersistentKeepalive = 5; } ]; }; }; }; }