add ipv6 support, net module and wireguard vpn

sys/platforms/vps/default.nix

@@ -13,6 +13,7 @@ with lib; {
     flakes.impermanence.nixosModule
     ./hardware-configuration.nix
     ./srv
+    ./networkMap.nix
   ];
 
   local.sys = {
@@ -50,9 +51,67 @@ with lib; {
     };
   };
 
-  systemd.extraConfig = ''
-    DefaultTimeoutStartSec=900s
-  '';
+  networking.firewall.allowedUDPPorts = [51820]; #TODO
+
+  systemd = {
+    extraConfig = ''
+      DefaultTimeoutStartSec=900s
+    '';
+
+    network = let
+      inherit (config.local.sys) nets;
+    in {
+      enable = true;
+
+      netdevs = {
+        wg-vpn = {
+          netdevConfig = {
+            Name = "wg-vpn";
+            Kind = "wireguard";
+          };
+
+          wireguardConfig = {
+            PrivateKeyFile = "/var/trust/wg/vpn/key.priv";
+            ListenPort = "51820";
+          };
+
+          wireguardPeers = [
+            {
+              PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU=";
+              PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk";
+              AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"];
+            }
+            {
+              PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks=";
+              PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk";
+              AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"];
+            }
+          ];
+        };
+      };
+
+      networks = {
+        wg-vpn = {
+          name = "wg-vpn";
+
+          networkConfig = {
+            Address = [
+              nets.vpn-vps.hosts.vps.v6.cidr
+            ];
+          };
+
+          routes = [
+            {
+              Destination = nets.vpn.v6.cidr;
+            }
+            {
+              Source = nets.vpn.v6.cidr;
+            }
+          ];
+        };
+      };
+    };
+  };
 
   time.timeZone = "Europe/Amsterdam";
 }