added wireguard nixos module

modules/features/wireguard.nix

@@ -0,0 +1,46 @@
+{ self, inputs, ... }: {
+  flake.modules.nixos.wireguard = { config, inputs, pkgs, ... }: {
+    environment.systemPackages = with pkgs; [
+      wireguard-tools
+      wg-netmanager
+      (pkgs.writeShellScriptBin "wg-connect" ''
+        service="wg-quick-lola"
+        sudo systemctl start "$service.service"
+        start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
+        sudo journalctl -u "$service.service" --since "$start_time" --no-pager
+      '')
+      (pkgs.writeShellScriptBin "wg-disconnect" ''
+        service="wg-quick-lola"
+        sudo systemctl stop "$service.service"
+        start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
+        sudo journalctl -u "$service.service" --no-pager --since "$start_time"
+      '')
+    ];
+
+    networking.extraHosts = ''
+      192.168.1.100 john-nas
+      192.168.1.130 pve5070
+      192.168.1.201 ad-nix
+    '';
+
+    sops.secrets.wireguard_private_key = { };
+    networking.wg-quick.interfaces = {
+      lola = {
+        # autostart = true;
+        postUp = "echo 'Post up command'";
+        address = [ "192.168.3.5/32" ];
+        # dns = [ "192.168.1.182" ];
+        privateKeyFile = config.sops.secrets.wireguard_private_key.path;
+        
+        peers = [
+          {
+            publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
+            allowedIPs = [ "192.168.1.0/24" ];
+            endpoint = "wg.john-stream.com:51830";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+  };
+}

modules/hosts/john-p14s/default.nix

@@ -23,6 +23,7 @@
       john
       gnome
       steam
+      wireguard
       # greetd
       # niri
     ]);