Set up wireguard.

nix/configuration/configuration.nix

@@ -35,6 +35,7 @@
     ./roles/gpg
     ./roles/waybar
     ./roles/qemu
+    ./roles/wireguard
   ];
 
   nix.settings.experimental-features = [

nix/configuration/network.nix

@@ -16,7 +16,7 @@
   ];
   services.resolved = {
     enable = true;
-    dnssec = "true";
+    # dnssec = "true";
     domains = [ "~." ];
     fallbackDns = [ ];
     dnsovertls = "true";

nix/configuration/roles/wireguard/default.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  networking.firewall.allowedUDPPorts = [ 51821 ];
+  networking.wireguard.enable = true;
+  networking.wg-quick.interfaces.wg0.configFile = "/persist/manual/wireguard/drmario.conf";
+  systemd.services."wg-quick-wg0".after = [
+    "nss-lookup.target"
+    "systemd-resolved.service"
+    "multi-user.target"
+  ];
+
+  systemd.services."wg-quick-wg0".preStart = "${pkgs.toybox}/bin/sleep 10";
+
+  # environment.systemPackages = with pkgs; [
+  #   wireguard-tools
+  # ];
+
+}