From 1c2f3eb1c6570a765aa7c225c05835cffbb50642 Mon Sep 17 00:00:00 2001
From: Cilly Leang <me@lava.moe>
Date: Thu, 14 Aug 2025 11:18:11 +1000
Subject: [PATCH] system/wireguard: add local-only peer

---
 modules/system/wireguard.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix
index 04770ee..dbc8938 100644
--- a/modules/system/wireguard.nix
+++ b/modules/system/wireguard.nix
@@ -28,6 +28,7 @@ let
       interfaces = {
         wg0 = { peers = [ server6OnlyPeer ]; };
         wg1 = { peers = [ serverPeer ]; autostart = false; };
+        wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
       };
     };
     anemone = {
@@ -36,6 +37,7 @@ let
       interfaces = {
         wg0 = { peers = [ server6OnlyPeer ]; };
         wg1 = { peers = [ serverPeer ]; autostart = false; };
+        wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
       };
     };
     hibiscus = {
@@ -44,6 +46,7 @@ let
       interfaces = {
         wg0 = { peers = [ server6OnlyPeer ]; };
         wg1 = { peers = [ serverPeer ]; autostart = false; };
+        wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
       };
     };
     hazel = {
@@ -52,7 +55,7 @@ let
       interfaces = {
         wg0 = {
           dns = [ "::1" "127.0.0.1" ];
-          peers = [ (serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ]) ];
+          peers = [ serverLocalOnlyPeer ];
         };
       };
     };
@@ -67,6 +70,7 @@ let
   };
   serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ];
   server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ];
+  serverLocalOnlyPeer = serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ];
 
   serverConfig = {
     nat = {