{ config, pkgs, lib, ... }: { networking.useDHCP = false; networking.bridges = { "br0" = { interfaces = [ "eno2" "enp23s0" ]; }; }; networking.interfaces.br0.ipv4.addresses = [ { address = "192.168.0.42"; prefixLength = 22; } ]; networking.defaultGateway = "192.168.0.1"; networking.nameservers = [ "192.168.0.1" ]; networking.nat = { enable = true; internalInterfaces = ["ve-+"]; externalInterface = "wg0"; enableIPv6 = true; }; boot.extraModulePackages = [config.boot.kernelPackages.wireguard]; systemd.network = { enable = true; netdevs = { "10-wg0" = { netdevConfig = { Kind = "wireguard"; Name = "wg0"; MTUBytes = "1300"; }; wireguardConfig = { PrivateKeyFile = "/run/secrets/services/wireguard/airvpn.private"; ListenPort = 9918; }; wireguardPeers = [ { wireguardPeerConfig = { PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; PresharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk"; AllowedIPs = ["10.128.0.1/32"]; Endpoint = "134.19.179.213:1637"; }; } ]; }; }; networks.wg0 = { matchConfig.Name = "wg0"; address = [ "10.175.197.82/32" ]; DHCP = "no"; dns = [ "10.128.0.1" ]; gateway = [ "10.128.0.1" ]; networkConfig = { IPv6AcceptRA = false; }; }; }; }