nix-conf/system/wireguard.nix

{
  networking.wireguard = {
    enable = true;
    interfaces.home = {
      privateKeyFile = "/home/chief/stuff/wireguard/key";
      allowedIPsAsRoutes = true;
      ips = ["10.0.0.3/32"];
      peers = [{
        allowedIPs = [
          # Local LAN
          "10.0.0.0/24"
          "10.13.37.0/24"
          "10.111.111.0/24"

          # Route all:
          #"0.0.0.0/5"
          #"8.0.0.0/7"
          #"11.0.0.0/8"
          #"12.0.0.0/6"
          #"16.0.0.0/4"
          #"32.0.0.0/3"
          #"64.0.0.0/2"
          #"128.0.0.0/3"
          #"160.0.0.0/5"
          #"168.0.0.0/6"
          #"172.0.0.0/12"
          #"172.32.0.0/11"
          #"172.64.0.0/10"
          #"172.128.0.0/9"
          #"173.0.0.0/8"
          #"174.0.0.0/7"
          #"176.0.0.0/4"
          #"192.0.0.0/9"
          #"192.128.0.0/11"
          #"192.160.0.0/13"
          #"192.169.0.0/16"
          #"192.170.0.0/15"
          #"192.172.0.0/14"
          #"192.176.0.0/12"
          #"192.192.0.0/10"
          #"193.0.0.0/8"
          #"194.0.0.0/7"
          #"196.0.0.0/6"
          #"200.0.0.0/5"
          #"208.0.0.0/4"
        ];

        endpoint = "x.hamacher.cc:46339";
        publicKey = "et6qSKmlsQIupUdMrG0ExqT8wb21qo9Q+3pkCYYr1AE=";
      }];
    };
  };
}