Thor: wg-quick and simpler key deployment

instances/thor/configuration.nix

@@ -3,6 +3,7 @@ with lib; {
 
   age.secrets = {
     garage_bertof_thor_key = { file = ../../secrets/garage_bertof_thor_key.age; owner = "bertof"; };
+    thor_wg_priv = { file = ../../secrets/thor_wg_priv.age; };
   };
 
   boot = {
@@ -87,6 +88,44 @@ with lib; {
   networking = {
     hostName = "thor"; # Define your hostname.
     networkmanager.enable = true;
+
+    wg-quick.interfaces = {
+      wg0 = {
+        autostart = false;
+        address = [ "10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/64" ];
+        dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
+        privateKeyFile = config.age.secrets.thor_wg_priv.path;
+
+        peers = [
+          {
+            # baldur
+            # allowedIPs = [ "10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128" ];
+            allowedIPs = [ "0.0.0.0/0" "::/0" ];
+            endpoint = "baldur.bertof.net:51820";
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            publicKey = "K57ikgFSR1O0CXWBxfQEu7uxSOsp3ePj/NMRets5pVc=";
+          }
+          {
+            # odin
+            publicKey = "LDBhvzeYmHJ0z5ch+N559GWjT3It1gZvGR/9WtCfURw=";
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            allowedIPs = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/128" ];
+          }
+          {
+            # oppo
+            publicKey = "OBk6bHKuIYLwD7cwjmAuMn57jXqbDwCL52jhQxiHnnA=";
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            allowedIPs = [ "10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/128" ];
+          }
+          {
+            # thor
+            publicKey = "rpwR6n4IE96VZAmQDBufsWE/a9G7d8fpkvY1OwsbOhk=";
+            presharedKeyFile = config.age.secrets.wg_psk.path;
+            allowedIPs = [ "10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/128" ];
+          }
+        ];
+      };
+    };
   };
 
   time.timeZone = "Europe/Rome";