hackens-org-configurations/profiles/hackens/vpn-network/default.nix

{ pkgs, ... }:
{
  imports = [ 
    ./wg-peers.nix
  ];

  networking.wireguard.interfaces.wghackens = {
    ips = [ "192.168.2.1/24" ];
    listenPort = 51820;

    privateKeyFile = "/etc/secrets/wghackens";
    generatePrivateKeyFile = true;
  };

  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
}