Add Linode host configuration and WireGuard setup

- Introduced new configuration files for Linode host, including hardware configuration, toggles, and WireGuard settings.
- Updated flake.nix to include the new images.nix file for Linode image generation.
- Adjusted SSH key paths and secrets management for WireGuard to ensure proper integration with the new host setup.
- Enhanced firewall rules and NAT configuration for WireGuard to improve security and connectivity.

hosts/server/configuration.nix

@@ -37,7 +37,7 @@
       supportedFeatures = config.my.nix.features;
     }
   ];
-  sops.secrets."vps/home/private" = lib.mkIf config.my.secureHost {
+  sops.secrets."wireguard/server/private" = lib.mkIf config.my.secureHost {
     sopsFile = ../../secrets/wireguard.yaml;
   };
   networking = {
@@ -48,14 +48,14 @@
     };
     wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
       ips = [ "${config.my.ips.wg-server}/32" ];
-      privateKeyFile = config.sops.secrets."vps/home/private".path;
+      privateKeyFile = config.sops.secrets."wireguard/server/private".path;
       peers = [
         {
           publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
           endpoint = "${config.my.ips.vps}:51820";
           allowedIPs = [
             "${config.my.ips.wg-vps}/32"
-            "${config.my.ips.wg-friends}/24" # all friends
+            "${config.my.ips.wg-friends}/24"
           ];
           persistentKeepalive = 25;
         }