infrastructure/machines/core-services-01/tunnels.nix

{ ... }: {
  networking.wireguard.interfaces.wgalpha = {
    privateKeyFile = "/etc/secrets/wireguard/wgalpha";
    listenPort = 9999;

    ips = [
      "fdee:a536:13fa:53ab::2/128"
    ];

    peers = [
      {
        publicKey = "yAdQRTHn9Yko2r24j8tlxWBz0nYzHRxryPFq8t44Xw4=";
        allowedIPs = [ "fdee:a536:13fa:53ab::1/128" ];
      }
    ];
  };

  networking.firewall.allowedUDPPorts = [ 9999 ];
}