From 2db1711373590c040b0bc1896efdda5d0b762ed3 Mon Sep 17 00:00:00 2001
From: Bun <bun@nixfox.ca>
Date: Wed, 16 Apr 2025 20:40:55 -0400
Subject: [PATCH] Experiment with Wireguard

---
 .../server/wireguard/client/default.nix       | 25 ++++++++-----------
 .../server/wireguard/server/default.nix       |  6 ++---
 2 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/modules/system/services/server/wireguard/client/default.nix b/modules/system/services/server/wireguard/client/default.nix
index 0846d079..a650537d 100644
--- a/modules/system/services/server/wireguard/client/default.nix
+++ b/modules/system/services/server/wireguard/client/default.nix
@@ -1,19 +1,14 @@
 { config, lib, ... }:
 {
-  config = lib.mkIf config.services.wireguard.client.enable {
-    networking = {
-      firewall.trustedInterfaces = [ "wgc" ];
-      wg-quick.interfaces.wgc = {
-        privateKey = config.secrets.wg.clientKey;
-        peers = [
-          { # Kitty server
-            publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
-            allowedIPs = [ "10.100.0.0/24" ];
-            endpoint = "sv.nixfox.ca:51820";
-            persistentKeepalive = 25;
-          }
-        ];
-      };
-    };
+  networking.wg-quick.interfaces.wgc = lib.mkIf config.services.wireguard.client.enable {
+    privateKey = config.secrets.wg.clientKey;
+    peers = [
+      { # Main home server
+        publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
+        allowedIPs = [ "11.0.0.0/8" ];
+        endpoint = "sv.nixfox.ca:51820";
+        persistentKeepalive = 25;
+      }
+    ];
   };
 }
diff --git a/modules/system/services/server/wireguard/server/default.nix b/modules/system/services/server/wireguard/server/default.nix
index c94d5b86..afcce487 100644
--- a/modules/system/services/server/wireguard/server/default.nix
+++ b/modules/system/services/server/wireguard/server/default.nix
@@ -10,17 +10,17 @@
       };
 
       wireguard.interfaces.wgs = {
-        ips = [ "10.100.0.1/24" ];
+        ips = [ "11.0.0.1/8" ];
         listenPort = 51820;
         privateKey = config.secrets.wg.serverKey;
         peers = [
           { # NixOS Config Key
             publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
-            allowedIPs = [ "10.100.0.16/28" ];
+            allowedIPs = [ "11.0.0.0/8" ];
           }
           { # Pixel 9
             publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
-            allowedIPs = [ "10.100.0.2/32" ];
+            allowedIPs = [ "11.1.0.2/32" ];
           }
         ];
       };