it works!

hosts/server/configuration.nix

@@ -78,6 +78,7 @@ in
           endpoint = "${config.my.ips.vps}:51820";
           allowedIPs = [
             "${config.my.ips.wg-vps}/32"
+            config.my.subnets.wg-homelab
             config.my.subnets.wg-friends
             config.my.subnets.wg-guests
           ];

hosts/vps/configuration.nix

@@ -106,6 +106,8 @@ in
         iifname "${wgInterface}" ip saddr ${ips.wgGuest2}/32 ip daddr ${ips.homeServer}/32 tcp dport ${portsStr.stash} accept
         iifname "${wgInterface}" ip saddr ${subnets.wgGuests} ip daddr ${ips.homeServer}/32 icmp type echo-request accept
 
+        iifname "${wgInterface}" ip saddr ${subnets.wgHomelab} ip daddr ${ips.homeServer}/32 accept
+
         iifname "${wgInterface}" ip saddr ${subnets.wgFriends} oifname "${externalInterface}" accept
         iifname "${wgInterface}" ip saddr ${subnets.wgGuests} oifname "${externalInterface}" accept