update

system/optional/default.nix

@@ -6,7 +6,7 @@
     ./desktop.nix
     ./gaming.nix
     ./stylix.nix
-    ./ollama.nix
+    ./wireguard.nix
     ./sdr.nix
   ];
 }

system/optional/ollama.nix

@@ -1,20 +0,0 @@
-{ config, lib, ... }:
-{
-  options.ollama.enable = lib.mkEnableOption "Enable Ollama server /w GPU acceleration";
-
-  config.services.ollama = lib.mkIf config.ollama.enable {
-    enable = true;
-    host = "0.0.0.0";
-    acceleration = "rocm";
-    rocmOverrideGfx = "11.0.0";
-  };
-  config.networking.firewall = lib.mkIf config.ollama.enable { allowedTCPPorts = [ 11434 ]; };
-  config.environment.persistence."/persist/cache".directories = lib.mkIf config.ollama.enable [
-    {
-      directory = "/var/lib/private/ollama";
-      user = "nouser";
-      group = "nogroup";
-      mode = "u=rwx,g=,o=";
-    }
-  ];
-}

system/optional/wireguard.nix

@@ -0,0 +1,31 @@
+{ lib, config, ... }:
+{
+  options.wireguard.enable = lib.mkEnableOption "Enable wireguard";
+  options.wireguard.ip = lib.mkOption {
+    type = with lib.types; uniq string;
+    descriptions = "Wireguard ip";
+  };
+
+  config = lib.mkIf config.wireguard.enable {
+    sops.secrets."wireguard/private" = {
+      sopsFile = ../../hosts/${config.networking.hostname}/secrets/networking.yaml;
+    };
+
+    networking.wireguard.interfaces = {
+      server-wg = {
+        ips = [ config.wireguard.ip ];
+        listenPort = 51821;
+        privateKeyFile = config.sops.secrets."wireguard/private".path;
+
+        peers = [
+          {
+            publicKey = "kYJn39tFStvzJ6QOMy3NabNWrJREaYdxwo/GdYD0MRk=";
+            allowedIPs = [ "10.0.1.2/32" ];
+            endpoint = "95.217.79.106:51821";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+  };
+}