Add wireguard config

hosts/apollo/configuration.nix

@@ -3,7 +3,8 @@
 # You need pw-files for every configured user in ./secret/pw-useralias for login to work.
 
 let
-  inherit (config.m-0.private) me;
+  inherit (config.m-0.private) me wireguard;
+  inherit (config.m-0) hosts;
 in {
 
 imports = [
@@ -16,6 +17,20 @@ imports = [
 
 networking = {
   hostName = "apollo";
+  wireguard.interfaces = {
+    wireguard = {
+      ips = [ "${hosts.apollo}/128" ];
+      privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
+      peers = [
+        {
+          publicKey = wireguard.pub.hera;
+          allowedIPs = [ "::/0" ];
+          endpoint = "hera.m-0.eu:${wireguard.port}";
+          presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
+        }
+      ];
+    };
+  };
 };
 
 m-0 = {

hosts/hera/configuration.nix

@@ -3,7 +3,8 @@
 # You need pw-files for every configured user in ./secret/pw-useralias for login to work.
 
 let
-  me = config.m-0.private.me;
+  inherit (config.m-0.private) me wireguard;
+  inherit (config.m-0) hosts;
   unstable-pkgs = import <unstable> {};
 in {
 
@@ -31,6 +32,20 @@ networking = {
     ipv6.addresses = [{ address = config.m-0.hosts.hera-intern; prefixLength = 112; }];
   };
   nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
+  wireguard.interfaces = {
+    wireguard = {
+      ips = [ "${hosts.hera}/128" ];
+      privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
+      listenPort = wireguard.port;
+      peers = [
+        {
+          publicKey = wireguard.pub.apollo;
+          allowedIPs = [ "${hosts.apollo}::/120" ];
+          presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
+        }
+      ];
+    };
+  };
 };
 
 nixpkgs.config.packageOverrides = pkgs: {