{ config, pkgs, ... }: { systemd.network = { enable = true; netdevs = { "10-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; MTUBytes = 1300; }; wireguardConfig = { PrivateKeyFile = pkgs.writeText "privkey" config.secrets.wgClientPriv; ListenPort = 9918; }; wireguardPeers = [ { PublicKey = config.secrets.wgServerPub; AllowedIPs = [ "0.0.0.0/0" ]; Endpoint = "sv.${config.secrets.jimDomain}:51820"; } ]; }; }; networks.wg0 = { matchConfig.Name = "wg0"; address = [ "10.100.0.19/24" ]; dns = [ "1.1.1.1" ]; gateway = [ "${config.ips.wgSpan}.1" ]; }; }; }