{ config, pkgs, lib, ... }: let port = 51820; endpoint = "vpn.feal.no:51820"; publicKey = "ct2FBeSSt0u38tFMv61aVpGwdcJvXi1Q0sV0zCNH7xU="; in { sops.secrets."wireguard/wg0/private" = {}; networking.firewall.allowedUDPPorts = [ port ]; networking.wireguard.interfaces.wg0 = { ips = [ "10.100.0.2/24" ]; listenPort = port; privateKeyFile = config.sops.secrets."wireguard/wg0/private".path; peers = [ { inherit endpoint publicKey; allowedIPs = [ "10.100.0.0/24" ]; persistentKeepalive = 25; } ]; }; }