nomicon/infra/libkookie/configuration/server/wireguard/hyperion.nix

{ config, ... }:

let listenPort = 51820;
in
{
  networking.firewall.allowedTCPPorts = [ listenPort ];
  
  networking.wireguard.interfaces."intranet" = {
    ips = [ "10.13.12.1" ];
    inherit listenPort;
    privateKeyFile = "/var/lib/wireguard/keys/private";

    peers = [
      { publicKey = "NHMpnZW6h/MwxWcjztpwH5NN44jS9lB1b5T5jby1i1A=";
        allowedIPs = [ "10.13.12.2/32" ]; }
      { publicKey = "U/EmC6uMGqrLOd+lqfquDcUShPHgoulN35Dan6RAqyU=";
        allowedIPs = [ "10.13.12.3/32" ]; }
      { publicKey = "yh8gU4otkndmSsVBuaPMxxFHem45FE3POvSAWi8LEik=";
        allowedIPs = [ "10.13.12.4/32" ]; }
      { publicKey = "cPvj0SPITg1twz3DprtQgehJDOAhOL/hnXlB5ZS6Fi4=";
        endpoint = "85.119.82.108:51820";
        allowedIPs = [ "10.172.171.0/24" ]; }
      # { publicKey = "oQZ3fcb9LsnQj8sDYLHf1+hodnW4XEhsM0rNBgHROz8=";
      #   allowedIPs = [ "10.172.171.2/32" ]; }
    ];
  };
}