wireguard for gemini

hosts/gemini/default.nix

@@ -21,7 +21,30 @@
 
   # Open ports in the firewall.
   networking.firewall.allowedTCPPorts = [ 22 ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+
+
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      address = [
+        "10.100.0.4/32"
+      ];
+
+      listenPort = 51820;
+
+      # Path to the private key file.
+      privateKeyFile = "/etc/nixos/hosts/gemini/wg.key";
+
+      peers = [{
+        publicKey = "atXy3zi3FLoxP8hgzJIIeLGks4Te9HrKkQGoaobholM=";
+	presharedKey = "Z3pRS99HKCOuQV7az2GqlR3X4XbX3PlfQrC5AoT3XkA=";
+        allowedIPs = [ "10.100.0.0/24" ];
+        endpoint = "moms_wg.wg.stitchy.moe:47111";
+        persistentKeepalive = 25;
+      }];
+    };
+  };
+
 
   system.stateVersion = "23.05"; # Did you read the comment?
 }

packages/default.nix

@@ -12,6 +12,7 @@
     pinentry
     wget
     python3
+    cyrus-sasl-xoauth2
     libnotify
     networkmanager-openvpn
     eza