{ config, outputs, ... }: { virtualisation.oci-containers.containers."wireguard" = { image = "weejewel/wg-easy"; environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1"; }; ports = [ "3007:51821/tcp" "51820:51820/udp" ]; volumes = [ "wireguard_data:/etc/wireguard" ]; extraOptions = [ "--cap-add=NET_ADMIN" "--cap-add=SYS_MODULE" "--sysctl=net.ipv4.conf.all.src_valid_mark=1" "--sysctl=net.ipv4.ip_forward=1" ]; }; }