{outputs, ...}: let ips = import ../modules/ips.nix; in { # Enable NAT networking = { nat = { enable = true; externalInterface = "${ips.netInt}"; internalInterfaces = [ "wg0" ]; }; firewall.allowedUDPPorts = [ 51820 ]; }; networking.wireguard = { enable = true; interfaces = { # Wireguard interface name can be arbitrary wg0 = { # Determines the IP address and subnet of the server's end of the tunnel interface. ips = [ "10.100.0.1/24" ]; listenPort = 51820; privateKey = outputs.secrets.wireguardPriv; peers = [ { # Jimbo Pixel 9 publicKey = outputs.secrets.wirePixel9Pub; allowedIPs = [ "10.100.0.2/32" ]; } { # Oracle VM publicKey = outputs.secrets.wireOraclePub; allowedIPs = [ "10.100.0.3/32" ]; } ]; }; }; }; }