{ pkgs, lib, config, hostName, private, ... }: let inherit (config.services) wireguard; domain = "sourcephile.fr"; iface = "wg-intra"; peer = { publicKey = "tE4fzqDrr7BgfOo9tWgGnpu3v0JRDEUZbJnm9e2F/GA="; allowedIPs = [ "192.168.42.3/32" ]; }; in { services.openssh.listenAddresses = map (ip: {addr=lib.removeSuffix "/32" ip;}) peer.allowedIPs; networking.firewall.extraCommands = '' ip46tables -A nixos-fw -i ${iface} -p tcp -m tcp --dport 22 -j ACCEPT ''; networking.hosts = builtins.listToAttrs (lib.concatMap (peer: let host = lib.removeSuffix ".${domain}:43642" peer.endpoint + ".wg"; in map (ip: lib.nameValuePair (lib.removeSuffix "/32" ip) [host]) peer.allowedIPs ) config.networking.wireguard.interfaces.${iface}.peers); networking.wireguard.interfaces.${iface} = { ips = peer.allowedIPs; privateKeyFile = "${private}/${hostName}/wireguard/${iface}/privateKey"; peers = [ { publicKey = "xsFFep3k8z0pXgUOz4aryOF8l/KPBSOd4WQA26BkXy0="; endpoint = "losurdo.${domain}:43642"; allowedIPs = [ "192.168.42.2/32" ]; persistentKeepalive = 25; } ]; }; }