feat: wireguard test

systems/mars/config/wireguard.nix

@@ -1,11 +1,15 @@
 { config, flake, ... }:
 let
   inherit (flake.config.services.instances) wireGuard web;
+  inherit (flake.config.services) instances;
   inherit (flake.config.machines.devices) ceres mars;
   service = wireGuard;
 in
 {
   networking = {
+    hosts = {
+      ${ceres.wireguard.ip0} = [ instances.searx.domains.url0 ];
+    };
     wireguard.interfaces = {
       wg0 = {
         ips = [ "${mars.wireguard.ip0}/32" ];
@@ -16,7 +20,6 @@ in
             allowedIPs = [
               "${ceres.wireguard.ip0}/32"
               "${web.localhost.address4}/24"
-              "${web.remotehost.address0}/32"
             ];
             endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
             persistentKeepalive = 25;