From 5b844aab8d76969079dbd43cbc89c53ed58e48d2 Mon Sep 17 00:00:00 2001
From: Chris Kruining <c.kruining@4dotnet.nl>
Date: Mon, 23 Mar 2026 08:24:31 +0100
Subject: [PATCH] .

---
 .../nixos/services/media/glance/default.nix   |  6 +++
 .../services/networking/wireguard/default.nix | 47 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 modules/nixos/services/networking/wireguard/default.nix

diff --git a/modules/nixos/services/media/glance/default.nix b/modules/nixos/services/media/glance/default.nix
index c9da350..ec6e851 100644
--- a/modules/nixos/services/media/glance/default.nix
+++ b/modules/nixos/services/media/glance/default.nix
@@ -13,6 +13,12 @@ in {
   };
 
   config = mkIf cfg.enable {
+    ${namespace}.services.networking.caddy.hosts = {
+      "https://${config.networking.hostName}:443" = ''
+        reverse_proxy http://[::]:2000
+      '';
+    };
+
     services.glance = {
       enable = true;
       openFirewall = true;
diff --git a/modules/nixos/services/networking/wireguard/default.nix b/modules/nixos/services/networking/wireguard/default.nix
new file mode 100644
index 0000000..92bd803
--- /dev/null
+++ b/modules/nixos/services/networking/wireguard/default.nix
@@ -0,0 +1,47 @@
+{
+  config,
+  pkgs,
+  lib,
+  namespace,
+  ...
+}: let
+  inherit (builtins) length;
+  inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs;
+
+  cfg = config.${namespace}.services.networking.wireguard;
+  hasPeers = (cfg.peer |> attrNames |> length) > 0;
+in {
+  options.${namespace}.services.networking.wireguard = {
+    # enable = mkEnableOption "enable wireguard" // {default = true;};
+
+    peer = mkOption {
+      type = types.attrsOf (types.submodule {
+        options = {
+          port = mkOption {
+            type = types.port;
+            description = '''';
+          };
+
+          address = mkOption {
+            type = types.listOf types.str;
+            default = [];
+            description = '''';
+          };
+        };
+      });
+    };
+  };
+
+  config = mkIf hasPeers {
+    networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port);
+    networking.wq-quick = {
+      # enable = cfg.enable;
+
+      interfaces =
+        cfg.peer
+        |> attrsToList
+        |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // {  }));
+        |> listToAttrs
+    };
+  };
+}