infrastructure/machines/vpn/configuration.nix

{ config, lib, pkgs, inputs, ... }:

with lib;

{
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets.wg_private = {};

  networking = {
    hostName = mkDefault "vpn";
    useDHCP = false;
    nameservers = [ "1.1.1.1" ];
    firewall = {
      allowedUDPPorts = [ 51821 ];
    };
  };

  imports = [
    ../modules/malobeo_user.nix
    ../modules/sshd.nix
    ../modules/minimal_tools.nix
  ];

  services.malobeo.vpn = {
    enable = true;
    name = "vpn";
    privateKeyFile = config.sops.secrets.wg_private.path;
  };

  system.stateVersion = "22.11"; # Did you read the comment?
}