Try tailscale

linux/nebula/network.nix

@@ -11,16 +11,6 @@ let const = config.constants; hn = config.networking.hostName; in {
     };
     nftables.enable = true;
     tempAddresses = "disabled";
-    wireguard.interfaces.wgn = {
-      ips = [ "10.32.54.3/32" ];
-      peers = [{
-        allowedIPs = [ "10.32.54.0/24" ];
-        endpoint = "${const.domain}:${toString const.port.wireguard-server}";
-        persistentKeepalive = 54;
-        publicKey = "0j8+alXU/f2UgWN61R6+Wjs9xelGRwpSbe5NyOwWlF4=";
-      }];
-      privateKeyFile = config.sops.secrets."wireguard/${hn}".path;
-    };
     wireless.iwd.enable = true;
   };
 
@@ -48,8 +38,5 @@ let const = config.constants; hn = config.networking.hostName; in {
     resolved.enable = true;
   };
 
-  sops.secrets = {
-    "cloudflare/${hn}" = { };
-    "wireguard/${hn}" = { };
-  };
+  sops.secrets."cloudflare/${hn}" = { };
 }