From f4a48bca84f2a359c9a5ec6d7685056628bfe8ed Mon Sep 17 00:00:00 2001
From: Alexander Wainwright <code@figtree.dev>
Date: Mon, 14 Jul 2025 16:22:22 +1000
Subject: [PATCH] Add wireguard to home connection

---
 hosts/case/configuration.nix | 28 ++++++++++++++++++++++++++++
 hosts/modules/base.nix       |  1 +
 2 files changed, 29 insertions(+)

diff --git a/hosts/case/configuration.nix b/hosts/case/configuration.nix
index 030216d..9c54396 100644
--- a/hosts/case/configuration.nix
+++ b/hosts/case/configuration.nix
@@ -19,6 +19,34 @@
   networking.hostName = "case"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
+  # Enable WireGuard
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+  };
+  networking.wireguard.enable = true;
+  networking.wg-quick.interfaces = {
+    wg-home = {
+      autostart = false;
+      address = [ "10.10.10.2/32" ];
+      listenPort = 51820;
+
+      privateKeyFile = "/home/alex/.config/wireguard/home.private.key";
+
+      peers = [
+        {
+          publicKey = "63/c6q5Jv4hNy5zC2psiBNEoAXsxKO4QsPPxrJSZXSk=";
+          allowedIPs = [ "0.0.0.0/0" "::/0" ];
+          endpoint = "figtree.dev:51820";
+        }
+      ];
+
+      dns = [
+        "192.168.1.20"
+        "192.168.1.80"
+      ];
+    };
+  };
+
   # run locutus every hour
   services.cron = {
     enable = true;
diff --git a/hosts/modules/base.nix b/hosts/modules/base.nix
index 36383c1..7b706e2 100644
--- a/hosts/modules/base.nix
+++ b/hosts/modules/base.nix
@@ -110,6 +110,7 @@
     unzip
     uv
     wget
+    wireguard-tools
     zip
 
     binutils