wireguard vps

hosts/server/configuration.nix

@@ -1,4 +1,4 @@
-{ ... }:
+{ config, ... }:
 {
   imports = [
     ./hardware-configuration.nix
@@ -6,6 +6,7 @@
     ../../config/stylix.nix
   ];
   my = import ./toggles.nix;
+  sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml;
   networking =
     let
       ports = [
@@ -20,6 +21,18 @@
         allowedTCPPorts = ports;
         allowedUDPPorts = ports;
       };
+      wireguard.interfaces.wg0 = {
+        ips = [ "10.77.0.2/32" ];
+        privateKeyFile = config.sops.secrets."vps/home/private".path;
+        peers = [
+          {
+            publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
+            endpoint = "51.222.141.104:51820";
+            allowedIPs = [ "10.77.0.1/32" ];
+            persistentKeepalive = 25;
+          }
+        ];
+      };
     };
   nix =
     let

hosts/server/toggles.nix

@@ -26,7 +26,7 @@ in
   services = enableList mkEnabled [
     "network"
     "nvidia"
-    "wireguard"
+    # "wireguard"
   ];
   dev = enableList mkEnabled [
     "nix"