Fix selene

systems/macbook/macbook.nix

@@ -4,7 +4,8 @@ nix-darwin.lib.darwinSystem {
     { system.primaryUser = "maxiemgeldhof"; }
     (import ../../modules/usermodules/darwinsettings.nix self)
     home-manager.darwinModules.home-manager
-    (import ./users.nix)
+    import ./users.nix
+    ./wireguard.nix
     agenix.darwinModules.default
   ];
 

systems/macbook/wireguard.nix

@@ -0,0 +1,42 @@
+{ config, ... }:
+{
+  age.secrets.wg-private.file = "../../keys/wg-macbook";
+  services.wg-quick.interfaces.wg0 = {
+    # Add a name for your interface here, e.g., wg0
+    enable = true;
+    # Path to your WireGuard config file
+    # e.g., /etc/wireguard/wg0.conf
+
+    privateKeyFile = config.age.secrets.wg-private.path;
+
+    # The internal IP address assigned to this client by the server.
+    # The /24 subnet mask is important for knowing the VPN's local network.
+    address = [ "10.100.0.2/32" ];
+
+    # DNS server(s) to use when the tunnel is active.
+    # This is critical for resolving hostnames when all traffic is routed.
+    dns = [
+      "1.1.1.1"
+      "1.0.0.1"
+    ]; # Cloudflare DNS, or use your preferred one like 8.8.8.8
+
+    peers = [
+      {
+        # Public key of the SERVER.
+        publicKey = builtins.readFile ../../../keys/wg-selene.pub;
+
+        # The server's public IP address and listening port.
+        endpoint = "37.27.207.39:51820";
+
+        # This is the most important part for a "VPN" setup.
+        # 0.0.0.0/0 tells your Mac to route all IPv4 traffic through the tunnel.
+        # Add "::/0" if your server and network support IPv6.
+        allowedIPs = [ "10.100.0.1/24" ];
+
+        # Optional but highly recommended for clients behind NAT.
+        # It sends a packet every 25 seconds to keep the connection open.
+        persistentKeepalive = 25;
+      }
+    ];
+  };
+}

systems/selene/basesettings.nix

@@ -1,7 +1,7 @@
 { ... }:
 {
   imports = [
-    ./hardware-configuration.nix
+    ./hardware.nix
     ./networking.nix # generated at runtime by nixos-infect
   ];
 

systems/selene/system.nix

@@ -1,18 +1,23 @@
 { agenix, jellyfin-exporter, nixpkgs, self, ... }:
+let 
+  system = "aarch64-linux";
+in
 nixpkgs.lib.nixosSystem {
-  system = "x86_64-linux";
+  system = system;
   specialArgs = {
     # This selects the package for the current system and passes it
-    exporter-pkg = jellyfin-exporter.packages.${self.system}.default;
+    exporter-pkg = jellyfin-exporter.packages.${system}.default;
+    system = system;
   };
 
   modules = [
     ./basesettings.nix
     ./users.nix
     ../../modules/servermodules/packages.nix
-    (import ./nginx.nix "maxiemgeldhof.com")
-    ../../modules/servermodules/grafana.nix
-    ../../modules/servermodules/jellyfin.nix
+    (import ../../modules/servermodules/nginx.nix "maxiemgeldhof.com")
+    ../../modules/servermodules/grafana/grafana.nix
+    ../../modules/servermodules/jellyfin/jellyfin.nix
+    ../../modules/servermodules/wireguard/wireguard-server.nix
     ./volumes.nix
     agenix.nixosModules.default
   ];

systems/selene/users.nix

@@ -6,7 +6,7 @@
     openssh.authorizedKeys.keys = [
       (builtins.readFile ../../keys/hetzner.pub)
       (builtins.readFile ../../keys/asus.pub)
-      (builtins.readFile "../../keys/pacbook.pub")
+      (builtins.readFile ../../keys/macbook.pub)
     ];
 
     extraGroups = [