Fix selene

systems/macbook/macbook.nix

@@ -4,7 +4,8 @@ nix-darwin.lib.darwinSystem {
     { system.primaryUser = "maxiemgeldhof"; }
     (import ../../modules/usermodules/darwinsettings.nix self)
     home-manager.darwinModules.home-manager
-    (import ./users.nix)
+    import ./users.nix
+    ./wireguard.nix
     agenix.darwinModules.default
   ];
 

systems/macbook/wireguard.nix

@@ -0,0 +1,42 @@
+{ config, ... }:
+{
+  age.secrets.wg-private.file = "../../keys/wg-macbook";
+  services.wg-quick.interfaces.wg0 = {
+    # Add a name for your interface here, e.g., wg0
+    enable = true;
+    # Path to your WireGuard config file
+    # e.g., /etc/wireguard/wg0.conf
+
+    privateKeyFile = config.age.secrets.wg-private.path;
+
+    # The internal IP address assigned to this client by the server.
+    # The /24 subnet mask is important for knowing the VPN's local network.
+    address = [ "10.100.0.2/32" ];
+
+    # DNS server(s) to use when the tunnel is active.
+    # This is critical for resolving hostnames when all traffic is routed.
+    dns = [
+      "1.1.1.1"
+      "1.0.0.1"
+    ]; # Cloudflare DNS, or use your preferred one like 8.8.8.8
+
+    peers = [
+      {
+        # Public key of the SERVER.
+        publicKey = builtins.readFile ../../../keys/wg-selene.pub;
+
+        # The server's public IP address and listening port.
+        endpoint = "37.27.207.39:51820";
+
+        # This is the most important part for a "VPN" setup.
+        # 0.0.0.0/0 tells your Mac to route all IPv4 traffic through the tunnel.
+        # Add "::/0" if your server and network support IPv6.
+        allowedIPs = [ "10.100.0.1/24" ];
+
+        # Optional but highly recommended for clients behind NAT.
+        # It sends a packet every 25 seconds to keep the connection open.
+        persistentKeepalive = 25;
+      }
+    ];
+  };
+}