hackens-org-configurations/machines/hackens-milieu/networking.nix

{ lib, config, ... }: {
  systemd.network = {
    enable = true;

    networks."50-wg0" = {
      name = "wg0";
      address = [
        "10.10.10.4/24"
      ];
    };

    netdevs = {
      "50-wg0" = {
        netdevConfig = {
          Name = "wg0";
          Kind = "wireguard";
        };
        wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;

        wireguardPeers = [
          {
            AllowedIPs = [
              "10.10.10.0/24"
            ];
            PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
            Endpoint = "129.199.129.76:1194";
            PersistentKeepalive = 5;
          }
        ];
      };
    };
  };
}