add ddns, wireguard server

hosts/fw.cloonar.com/modules/wireguard.nix

@@ -0,0 +1,22 @@
+{ ... }: {
+  sops.secrets.wg0_key = {};
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.42.98.1/24" ];
+      listenPort = 51820;
+      # publicKey: TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=
+      privateKeyFile = config.sops.secrets.wg0_key.path;
+      peers = [
+        { # Notebook
+          publicKey = "YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8=";
+          allowedIPs = [ "10.42.98.201/32" ];
+        }
+        { # iPhone
+          publicKey = "nkm10abmwt2G8gJXnpqel6QW5T8aSaxiqqGjE8va/A0=";
+          allowedIPs = [ "10.42.98.202/32" ];
+        }
+      ];
+    };
+  };
+}