feat: wireguard test

systems/ceres/config/wireguard.nix

@@ -1,6 +1,6 @@
 { config, flake, ... }:
 let
-  inherit (flake.config.services.instances) wireGuard web;
+  inherit (flake.config.services.instances) wireGuard;
   inherit (flake.config.machines.devices) mars ceres;
   service = wireGuard;
 in
@@ -10,11 +10,12 @@ in
       allowedUDPPorts = [
         53
         service.ports.port0
+        service.ports.port1
       ];
       interfaces.wg0.allowedTCPPorts = [
         80
         443
-        8080
+        8888
       ];
     };
 
@@ -28,7 +29,7 @@ in
     wireguard.interfaces = {
       wg0 = {
         ips = [ "${ceres.wireguard.ip0}/24" ];
-        listenPort = service.ports.port0;
+        listenPort = service.ports.port1;
         privateKeyFile = config.sops.secrets."${service.name}-private".path;
         peers = [
           {