Add thinkpad to wireguard subnet

hosts/nixos/thinkpad/system.nix

@@ -1,6 +1,7 @@
 { config, pkgs, lib, ... }: {
   imports = [
     ./hardware-configuration.nix
+    ../../../modules/wireguard.nix
   ];
 
   # Bootloader - standard UEFI setup
@@ -319,6 +320,19 @@
   # Apply XKB config to console (TTY) as well
   console.useXkbConfig = true;
 
+  # WireGuard VPN configuration (ThinkPad as client/spoke)
+  services.wireguard-custom = {
+    enable = true;
+    mode = "client";
+    privateKeyFile = "/etc/wireguard/thinkpad_private.key";
+    clientConfig = {
+      address = "10.2.2.30/24";
+      serverPublicKey = "46QHjSzAas5g9Hll1SCEu9tbR5owCxXAy6wGOUoPwUM=";
+      serverEndpoint = "91.98.84.215:51820";
+      allowedIPs = [ "10.2.2.0/24" ];
+    };
+  };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken.

hosts/nixos/vps/system.nix

@@ -147,6 +147,11 @@
           publicKey = "HZY7V8QlnFvY6ZWNiI0WgUgWUISnEqUdzXi7Oq9M1Es=";
           allowedIPs = [ "10.2.2.20/32" ];
         }
+        {
+          name = "thinkpad";
+          publicKey = "p3442J2HBGY5Pksu+0F4SFkBGjG99KIgwyk8eAt4YmA=";
+          allowedIPs = [ "10.2.2.30/32" ];
+        }
       ];
     };
   };

modules/plasma.nix

@@ -15,7 +15,7 @@
     profiles.Main = {
       font = {
         name = "JetBrainsMono Nerd Font";
-        size = 14;
+        size = 13;
       };
       colorScheme = "Breeze";
       extraConfig = {