Rework some wireguard stuff

hosts/bomberman/system/default.nix

@@ -10,7 +10,7 @@
     ../../../modules/system/devices/boot/systemd
     ../../../modules/system/devices/networking
     ../../../modules/system/devices/networking/firewall/pc
-    #../../../modules/system/devices/networking/wireguard/pc
+    ../../../modules/system/devices/networking/wireguard/pc
     ../../../modules/system/programs/git
     ../../../modules/system/programs/security
     ../../../modules/system/services/common
@@ -21,4 +21,5 @@
   ];
 
   networking.hostName = "bomberman";
+  systemd.network.networks.wg0.address = [ "10.100.0.19/24" ];
 }

modules/system/devices/networking/wireguard/pc/default.nix

@@ -1,22 +1,32 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 {
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ];
+  systemd.network = {
+    enable = true;
+    netdevs = {
+      "10-wg0" = {
+        netdevConfig = {
+          Kind = "wireguard";
+          Name = "wg0";
+          MTUBytes = 1300;
         };
-
-  networking.wireguard.interfaces = {
-    "${config.ips.wgInt}" = {
-      # Define IP of client in per device config
-      listenPort = 51820;
-      privateKey = config.secrets.wgClientPriv;
-      peers = [
-        { # 0.0.0.0 makes wg act like a traditional VPN
-          publicKey = config.secrets.wgServerPub;
-          allowedIPs = [ "0.0.0.0/0" ];
-          endpoint = "sv.${config.secrets.jimDomain}:51820";
-          persistentKeepalive = 25;
+        wireguardConfig = {
+          PrivateKeyFile = pkgs.writeText "privkey" config.secrets.wgClientPriv;
+          ListenPort = 9918;
+        };
+        wireguardPeers = [
+          {
+            PublicKey = config.secrets.wgServerPub;
+            AllowedIPs = [ "0.0.0.0/0" ];
+            Endpoint = "sv.${config.secrets.jimDomain}:51820";
           }
         ];
       };
     };
+    networks.wg0 = {
+      matchConfig.Name = "wg0";
+      address = [ "10.100.0.19/24" ];
+      dns = [ "1.1.1.1" ];
+      gateway = [ "${config.ips.wgSpan}.1" ];
+    };
+  };
 }

modules/system/devices/networking/wireguard/server/default.nix

@@ -21,10 +21,6 @@
             publicKey = config.secrets.wgPixel9Pub;
             allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
           }
-          { # Oracle VM
-            publicKey = config.secrets.wgOraclePub;
-            allowedIPs = [ "${config.ips.wgSpan}.3/32" ];
-          }
           { # General Nix
             publicKey = config.secrets.wgClientPub;
             allowedIPs = [ "${config.ips.wgSpan}.16/28" ];