{ pkgs, ... }: { boot.loader.grub = { enable = true; device = "/dev/vda"; }; systemd.network = { enable = true; networks = { "enp6s18" = { matchConfig.Name = "enp6s18"; address = [ "10.202.41.123/24" ]; routes = [ { routeConfig = { Gateway = "10.202.41.1"; Destination = "10.201.0.0/16"; }; } { routeConfig = { Gateway = "10.202.41.1"; Destination = "10.202.0.0/16"; }; } { routeConfig = { Gateway = "10.202.41.1"; Destination = "172.21.87.0/24"; }; } { routeConfig = { Gateway = "10.202.41.1"; Destination = "212.53.203.19/32"; }; } ]; linkConfig.RequiredForOnline = "routable"; }; "wg0" = { matchConfig.Name = "wg0"; address = [ "172.18.50.2/24" ]; DHCP = "no"; gateway = [ "172.18.50.1" ]; }; }; netdevs = { "wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; }; wireguardConfig = { PrivateKeyFile = "/secrets/wireguard-mail-1-wg0-privatekey.secret"; }; wireguardPeers = [{ wireguardPeerConfig = { PublicKey = "ik480irMZtGBs1AFpf1KGzDBekjdziD3ck7XK8r1WXQ="; PresharedKeyFile = "/secrets/wireguard-valkyrie-mail-1-mail-1-psk.secret"; Endpoint = "212.53.203.19:51822"; AllowedIPs = [ "0.0.0.0/0" ]; PersistentKeepalive = 25; }; }]; }; }; }; networking = { hostName = "mail-1"; useDHCP = false; firewall = { enable = true; allowedTCPPorts = [ 25 465 993 ]; }; }; environment.systemPackages = with pkgs; [ wireguard-tools ]; system.stateVersion = "23.05"; }