fix ese wireguard

hosts/quitte/network.nix

@@ -1,6 +1,8 @@
 { config, lib, ... }:
 {
-  sops.secrets."wg-ese" = { };
+  sops.secrets."wg-ese" = {
+    owner = config.users.users.systemd-network.name;
+  };
   networking = {
     # portunus module does weird things to this, so we force it to some sane values
     hosts = {
@@ -16,6 +18,7 @@
 
     firewall = {
       logRefusedConnections = false;
+      allowedUDPPorts = [ 10000 ];
     };
   };
 
@@ -44,36 +47,35 @@
         EmitLLDP = "nearest-bridge";
       };
     };
-  };
-  netdevs."30-wireguard-ese" = {
-    netdevConfig = {
-      Kind = "wireguard";
-      Name = "wg0";
+    netdevs."30-wireguard-ese" = {
+      netdevConfig = {
+        Kind = "wireguard";
+        Name = "wg0";
+      };
+      wireguardConfig = {
+        PrivateKeyFile = config.sops.secrets."wg-ese".path;
+        ListenPort = 10000;
+        RouteTable = "main";
+        RouteMetric = 30;
+      };
+      wireguardPeers = [
+
+        {
+          wireguardPeerConfig = {
+
+            PublicKey = "gTWcZ8dAb735kY0vs/LwnBdap5J6+eeHAsLXCu+C52M=";
+            AllowedIPs = "10.20.24.2/24";
+          };
+        }
+      ];
     };
-    wireguardConfig = {
-      PrivateKeyFile = config.sops.secrets."wg-ese".path;
-      ListenPort = 10000;
-      RouteTable = "main";
-      RouteMetric = 30;
+    networks."30-wireguard-ese" = {
+      matchConfig.Name = "wg0";
+      address = [ "10.20.24.1/24" ];
+      # networkConfig = {
+      #   DNSSEC = false;
+      #   BindCarrier = [ "ens3" ];
+      # };
     };
-    wireguardPeers = [
-      {
-        PublicKey = "";
-        AllowedIPs = "0.0.0.0/0";
-      }
-    ];
-  };
-  networks."30-wireguard-ese" = {
-    matchConfig.Name = "wg0";
-    addresses = [
-      {
-        Address = "10.20.24.1/24";
-        # AddPrefixRoute = false;
-      }
-    ];
-    # networkConfig = {
-    #   DNSSEC = false;
-    #   BindCarrier = [ "ens3" ];
-    # };
   };
 }