{ config, pkgs, ...}: { environment.systemPackages = with pkgs; [ wireguard wireguard-tools ]; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; networking = { firewall.allowedUDPPorts = [ 51820 52820 53820]; firewall.trustedInterfaces = [ "wg0" "server"]; wireguard.enable = true; wireguard.interfaces = { wg0 = { ips = [ "fd33:ab07:f877:23::1/64"]; listenPort = 52820; privateKeyFile = "/run/keys/wg-pion_priv"; allowedIPsAsRoutes = false; postSetup = '' ip route add 2a03:4000:20:18e::/64 via fd33:ab07:f877:23:300::1 dev wg0 ''; peers = [{ publicKey = "bgWFMIasw+IHfr/1drJWEHBcsCZ3fqoB4djiZ9BDUCM="; allowedIPs = [ "2a03:4000:20:18e::/64" "fd33:ab07:f877:23:300::1/72" ]; persistentKeepalive = 25; }]; }; /*server = { ips = [ "fd33:ab07:f877:2342::1/64"]; listenPort = 51820; privateKeyFile = "/run/keys/wg-pion_priv"; allowedIPsAsRoutes = true; postSetup = '' ip route add 2a03:4000:45:5f3:200::0/72 via fd33:ab07:f877:2342:200::1 dev server ''; peers = [{ publicKey = "PQW2/P7wozf8pmpWxCDofT7AwqkPjc5kq8qQigZoUjo="; allowedIPs = [ "2a03:4000:45:5f3:200::0/72" "fd33:ab07:f877:2342:200::1/72" ]; endpoint = "scotty-router:52820"; persistentKeepalive = 25; }]; };*/ vpn = { ips = [ "fd33:ab07:f877:2342::3/64"]; listenPort = 53820; privateKeyFile = "/run/keys/wg-pion_priv"; allowedIPsAsRoutes = true; peers = [{ publicKey = "7mmKxFeI/TYDqy4pLDkZyq32viNfon1zODFdOdbnhyM="; allowedIPs = [ "2a03:4000:45:5f3:500::3/128" ]; persistentKeepalive = 25; }]; }; }; }; }