declared network.nix

hosts/workstation/configuration.nix

@@ -20,6 +20,7 @@ in
 {
   imports = [
     ./hardware-configuration.nix
+    ./network.nix
     ../../config/base.nix
     ../../config/stylix.nix
     ../../environments/gnome.nix
@@ -55,51 +56,7 @@ in
       settings.term = "xterm-256color";
     };
   };
-  networking = {
-    hostName = "workstation";
-    wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
-      ips = [ "${config.my.ips.wg-workstation}/32" ];
-      privateKeyFile = config.sops.secrets."workstation/private".path;
-      peers = [
-        {
-          publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
-          endpoint = "${config.my.ips.vps}:51820";
-          persistentKeepalive = 25;
-          allowedIPs = [
-            "${config.my.ips.wg-vps}/32"
-            config.my.subnets.wg-homelab
-          ];
-        }
-      ];
-    };
-    firewall = {
-      allowedTCPPorts = [
-        config.my.ports.nsUsbloader
-        config.my.ports.syncthingGui
-      ];
-      allowedTCPPortRanges = [
-        {
-          from = 1714;
-          to = 1764;
-        }
-      ];
-      interfaces.wg0.allowedTCPPorts = [
-        config.services.ollama.port
-        config.services.open-webui.port
-        config.services.sillytavern.port
-        config.my.ports.comfyui
-      ];
-    };
-    nftables.tables.wg-local-redirect = {
-      family = "ip";
-      content = ''
-        chain prerouting {
-          type nat hook prerouting priority dstnat;
-          iifname "wg0" ip daddr ${config.my.ips.wg-workstation}/32 tcp dport ${toString config.my.ports.sillytavern} redirect to :${toString config.my.ports.sillytavern}
-        }
-      '';
-    };
-  };
+  networking.hostName = "workstation";
   users = {
     groups.ai = { };
     users.jawz.packages = [