{ config, ... }: { sops = { secrets.wg-b-palladium = { owner = "systemd-network"; group = "systemd-network"; }; }; systemd.network.netdevs."10-wg-b-palladium" = { netdevConfig = { Kind = "wireguard"; Name = "wg-b-palladium"; }; wireguardConfig = { PrivateKeyFile = config.sops.secrets.wg-b-palladium.path; ListenPort = 51844; }; wireguardPeers = [ { PublicKey = "YMTOhRAKWfFX1UVBoROPvgcQxTSN4tny35brAocdnwo="; AllowedIPs = [ "fd90:37fd:ddec:d921::/64" ]; PersistentKeepalive = 25; } ]; }; systemd.network.networks."10-wg-b-palladium" = { matchConfig.Name = "wg-b-palladium"; address = [ "fd90:37fd:ddec:d921::1/64" ]; linkConfig.RequiredForOnline = "no"; }; networking.firewall.allowedUDPPorts = [ 51844 ]; }