From ad0c74b801af11f98e3808cbdf30ff10ad2c7a34 Mon Sep 17 00:00:00 2001
From: Ellie <6687206+wizzeh@users.noreply.github.com>
Date: Tue, 24 Feb 2026 21:44:37 -0800
Subject: [PATCH] yay

---
 common.nix                   |  2 +-
 flake.nix                    |  1 -
 services/wireguard-outer.nix | 13 +++++++++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/common.nix b/common.nix
index 1f5cef1..82c30e3 100644
--- a/common.nix
+++ b/common.nix
@@ -24,7 +24,7 @@
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
       PermitRootLogin = "no";
-      AllowUsers = [ "ellie" "forgejo" ];
+      AllowUsers = [ "ellie" "forgejo" "borg" ];
     };
     extraConfig = ''
       Match User forgejo Address 10.10.0.1
diff --git a/flake.nix b/flake.nix
index 215818c..ab82480 100644
--- a/flake.nix
+++ b/flake.nix
@@ -86,7 +86,6 @@
           ./services/coturn.nix
           ./services/wireguard-outer.nix
           ./services/borgbackup-vps.nix
-          ./services/syncthing-relay.nix
         ];
       };
 
diff --git a/services/wireguard-outer.nix b/services/wireguard-outer.nix
index 03957ec..c4b80bc 100644
--- a/services/wireguard-outer.nix
+++ b/services/wireguard-outer.nix
@@ -1,6 +1,8 @@
 { lib, pkgs, config, ... }:
 
 {
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
   sops.secrets."wireguard/private_key" = {
     sopsFile = ./secrets/wireguard_vps.yaml;
     mode = "0400";
@@ -21,9 +23,20 @@
 
     peers = [
       {
+        # Home server
         publicKey = "s2plHABMTF83iqrCHlQ+o5ieJSAfudx3upm3v77y1DI=";
         allowedIPs = [ "10.10.0.2/32" ];
       }
+      {
+        # Desktop
+        publicKey = "nMQY5RsyTkUi3p6i8pElY9b2Z0vFEeSUdqtw7eQnbQM=";
+        allowedIPs = [ "10.10.0.3/32" ];
+      }
+      {
+        # Phone
+        publicKey = "4MDcBaF7oafv5ZC2fjgFHuXnrpwaRglM7fmSw7zo6CQ=";
+        allowedIPs = [ "10.10.0.4/32" ];
+      }
     ];
   };