Add two ios peers to wireguard

README.md

@@ -898,6 +898,8 @@ sudo chmod 600 /etc/borg-passphrase
 ### Network Architecture:
 - **VPS (Hub)**: 10.2.2.1/24 - Central WireGuard server with public endpoint
 - **HS (Spoke)**: 10.2.2.20/24 - Home server connecting through VPS
+- **iPhone**: 10.2.2.30/24 - iOS device (mobile connectivity)
+- **iPad**: 10.2.2.31/24 - iOS device (tablet connectivity)
 - **LAN Access**: HS remains accessible at 10.1.1.152 on local network
 - **DNS Setup**: hs.yanlincs.com resolves to 10.1.1.152 (LAN) with 10.2.2.20 (WireGuard) fallback
 
@@ -940,6 +942,7 @@ sudo wg pubkey < /etc/wireguard/private.key
 ### Configuration Details:
 - **Server Mode**: Configured on VPS with NAT forwarding and firewall rules
 - **Client Mode**: Configured on HS with persistent keepalive to VPS
+- **iOS Devices**: iPhone and iPad configurations available in `wireguard-configs/`
 - **Automatic Startup**: Enabled via systemd wg-quick service
 - **Key Storage**: Private keys stored in `/etc/wireguard/private.key` with 600 permissions
 - **Port**: Default UDP 51820 (configurable)
@@ -950,6 +953,18 @@ sudo wg pubkey < /etc/wireguard/private.key
 3. Update peer configurations with actual public keys and VPS endpoint IP
 4. Restart WireGuard services to establish connection
 
+### iOS Device Setup:
+1. Install WireGuard app from App Store on your iPhone/iPad
+2. Configuration files are available in `wireguard-configs/`:
+   - `iphone.conf` - iPhone configuration (10.2.2.30)
+   - `ipad.conf` - iPad configuration (10.2.2.31)
+3. Import configuration to WireGuard app:
+   - Option 1: Generate QR code: `qrencode -t ansiutf8 < wireguard-configs/iphone.conf`
+   - Option 2: Email/AirDrop the .conf file to your device
+   - Option 3: Manually enter configuration in the app
+4. Enable the VPN connection in WireGuard app
+5. Test connectivity: Access internal services at 10.2.2.1 (VPS) or 10.2.2.20 (HS)
+
 ## 🏠 Home Server (`hs` Host)
 
 The `hs` NixOS configuration provides a comprehensive home server solution with enterprise-grade storage, containerized services, and automated monitoring.

config/wireguard/ipad.conf

@@ -0,0 +1,12 @@
+[Interface]
+# iPad WireGuard Configuration
+PrivateKey = QDFSzR43DSxQ4RFL2zZR5DfZ1aDhuR9myvDxUT4OjWU=
+Address = 10.2.2.31/24
+DNS = 1.1.1.1, 8.8.8.8
+
+[Peer]
+# VPS Server
+PublicKey = 46QHjSzAas5g9Hll1SCEu9tbR5owCxXAy6wGOUoPwUM=
+Endpoint = 91.98.84.215:51820
+AllowedIPs = 10.2.2.0/24
+PersistentKeepalive = 25

config/wireguard/iphone.conf

@@ -0,0 +1,12 @@
+[Interface]
+# iPhone WireGuard Configuration
+PrivateKey = iCm5JgLs0ErUsEC3BaoB89L4hZn9gz41fFaV8SETRHg=
+Address = 10.2.2.30/24
+DNS = 1.1.1.1, 8.8.8.8
+
+[Peer]
+# VPS Server
+PublicKey = 46QHjSzAas5g9Hll1SCEu9tbR5owCxXAy6wGOUoPwUM=
+Endpoint = 91.98.84.215:51820
+AllowedIPs = 10.2.2.0/24
+PersistentKeepalive = 25

hosts/nixos/vps/system.nix

@@ -148,6 +148,16 @@
           publicKey = "HZY7V8QlnFvY6ZWNiI0WgUgWUISnEqUdzXi7Oq9M1Es=";
           allowedIPs = [ "10.2.2.20/32" ];
         }
+        {
+          name = "iphone";
+          publicKey = "mK4zGcytZP0Jane7kE36milpcWERWzYZKZyrbUlNFFg=";
+          allowedIPs = [ "10.2.2.30/32" ];
+        }
+        {
+          name = "ipad";
+          publicKey = "f/+Jyz4CpD5uyaZox77IuD9mI/KU9QOiK6tLMcbVGTE=";
+          allowedIPs = [ "10.2.2.31/32" ];
+        }
       ];
     };
   };