feat: added wireguard

modules/nixos/default.nix

@@ -17,6 +17,7 @@ in
           flatpak
           plasma
           sddm
+          wireGuard
           ;
       };
     };

modules/nixos/services/wireGuard/default.nix

@@ -0,0 +1,67 @@
+{ config, flake, ... }:
+let
+  inherit (flake.config.services.instances) wireGuard;
+  service = wireGuard;
+
+  wireGuardInterface =
+    {
+      secret,
+      publicKey,
+      endpoint,
+    }:
+    {
+      name = "Proton-${secret}";
+      value = {
+        autostart = false;
+        address = [ "10.2.0.2/32" ];
+        dns = [ "10.2.0.1" ];
+        privateKeyFile = config.sops.secrets."${service.name}-${secret}".path;
+        peers = [
+          {
+            inherit publicKey endpoint;
+            allowedIPs = [ "0.0.0.0/0,::/0" ];
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+
+  interfaces = [
+    {
+      secret = "CA363";
+      publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
+      endpoint = "149.88.97.110:51820";
+    }
+    {
+      secret = "CA220";
+      publicKey = "UR8vjVYrrWYadCwLKiAabKTIdxM4yikmCXnvKWm89D8=";
+      endpoint = "139.28.218.130:51820";
+    }
+    {
+      secret = "CA358";
+      publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
+      endpoint = "149.88.97.110:51820";
+    }
+    {
+      secret = "CA627";
+      publicKey = "xLFgU430Tt7PdHJydVbIKvtjXJodoPpGKW7fhF7XE2k=";
+      endpoint = "139.28.218.130:51820";
+    }
+  ];
+
+  sopsPath = secret: {
+    path = "${service.sops.path0}/${service.name}-${secret}";
+    owner = "root";
+    mode = "600";
+  };
+in
+{
+  networking.wg-quick.interfaces = builtins.listToAttrs (map wireGuardInterface interfaces);
+
+  sops.secrets = builtins.listToAttrs (
+    map (interface: {
+      name = "${service.name}-${interface.secret}";
+      value = sopsPath interface.secret;
+    }) interfaces
+  );
+}