feat: wireguard test

modules/config/instances/config/wireGuard.nix

@@ -14,6 +14,7 @@ in
     path0 = "${sopsPath}/${name}";
   };
   ports = {
-    port0 = 51821;
+    port0 = 51820;
+    port1 = 51821;
   };
 }

modules/nixos/services/searx/default.nix

@@ -49,8 +49,11 @@ in
                   @allowed_ips {
                     remote_ip ${mars.wireguard.ip0}
                   }
+
                   handle @allowed_ips {
-                    reverse_proxy unix//run/searx/searx.sock
+                    redir /.well-known/carddav /remote.php/dav/ 301
+                    redir /.well-known/caldav /remote.php/dav/ 301
+                    reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0}
                   }
                   handle {
                     respond "Access Denied" 403

systems/ceres/config/wireguard.nix

@@ -1,6 +1,6 @@
 { config, flake, ... }:
 let
-  inherit (flake.config.services.instances) wireGuard web;
+  inherit (flake.config.services.instances) wireGuard;
   inherit (flake.config.machines.devices) mars ceres;
   service = wireGuard;
 in
@@ -10,11 +10,12 @@ in
       allowedUDPPorts = [
         53
         service.ports.port0
+        service.ports.port1
       ];
       interfaces.wg0.allowedTCPPorts = [
         80
         443
-        8080
+        8888
       ];
     };
 
@@ -28,7 +29,7 @@ in
     wireguard.interfaces = {
       wg0 = {
         ips = [ "${ceres.wireguard.ip0}/24" ];
-        listenPort = service.ports.port0;
+        listenPort = service.ports.port1;
         privateKeyFile = config.sops.secrets."${service.name}-private".path;
         peers = [
           {

systems/mars/config/wireguard.nix

@@ -1,27 +1,26 @@
 { config, flake, ... }:
 let
   inherit (flake.config.services.instances) wireGuard web;
-  inherit (flake.config.machines.devices) mars;
+  inherit (flake.config.machines.devices) ceres mars;
   service = wireGuard;
 in
 {
   networking = {
-    wg-quick.interfaces = {
-      wg0 = {
-        address = [ "${mars.wireguard.ip0}/24" ];
-        privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
-        peers = [
-          {
-            publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
-            allowedIPs = [
-              "10.100.0.0/24"
-              "192.168.1.0/24"
-            ];
-            endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port0}";
-            persistentKeepalive = 25;
-          }
-        ];
-      };
+    wireguard.interfaces.wg0 = {
+      ips = [ "${mars.wireguard.ip0}/24" ];
+      privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
+      peers = [
+        {
+          publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
+          allowedIPs = [
+            "10.100.0.0/24"
+            "${ceres.wireguard.ip0}/24"
+            "192.168.1.0/24"
+          ];
+          endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
+          persistentKeepalive = 25;
+        }
+      ];
     };
   };