{ config, lib, ... }: let port = 51820; in { options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration"; config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) { sops.secrets."vps/server/private".sopsFile = ../../secrets/wireguard.yaml; networking = { firewall.allowedUDPPorts = [ port ]; wireguard.interfaces.wg0 = { ips = [ config.my.wgInterfaces.wg-homelab config.my.wgInterfaces.wg-friends config.my.wgInterfaces.wg-guests ]; listenPort = port; postSetup = ""; postShutdown = ""; privateKeyFile = config.sops.secrets."vps/server/private".path; peers = [ { publicKey = "OUiqluRaS4hmGvLJ3csQrnIM3Zzet50gsqtTABaUkH4="; allowedIPs = [ "${config.my.ips.wg-server}/32" ]; } { publicKey = "BwN4uCkMd6eAS5Ugld0oXnA16IhgEEQF8mOJ3+vHliA="; allowedIPs = [ "${config.my.ips.wg-galaxy}/32" ]; } { publicKey = "R1xUFOuboQf/yy8ShiXqoCPaPcH3Cn0n4PAWB2rgHTs="; allowedIPs = [ "${config.my.ips.wg-phone}/32" ]; } { publicKey = "rFgT6TXzRazK6GMazMNGjtOvzAAPST0LvCfN7QXsLho="; allowedIPs = [ "${config.my.ips.wg-friend1}/32" ]; } { publicKey = "R1CTx5+CXivMI6ZEmRYsyFUFILhe6Qnub0iEIRvvrEY="; allowedIPs = [ "${config.my.ips.wg-friend2}/32" ]; } { publicKey = "ecPNSacD6yVwpnLBs171z0xkw9M1DXKh/Kn70cIBcwA="; allowedIPs = [ "${config.my.ips.wg-friend3}/32" ]; } { publicKey = "yg+2miZCrx89znFaUlU/le/7UIPgEAMY74fZfEwz8g4="; allowedIPs = [ "${config.my.ips.wg-friend4}/32" ]; } { publicKey = "u4/6ZYO7lUJZ9QmSlFPUaadq25gwDljjhsfgs/p2amc="; allowedIPs = [ "${config.my.ips.wg-friend5}/32" ]; } { publicKey = "GawtOvsZ75avelIri5CjGoPXd8AFpi9qlZ6dSsqUISE="; allowedIPs = [ "${config.my.ips.wg-guest1}/32" ]; } { publicKey = "NvhUnErIb0/hi+Hui/o5l5Pq4ZysFVIn1VBPsjoTeCk="; allowedIPs = [ "${config.my.ips.wg-guest2}/32" ]; } ]; }; }; }; }