add networking through secrets

modules/nixos/networking.nix

@@ -13,6 +13,11 @@ in
       type = lib.types.str;
       default = "nixos";
       };
+
+    nix-config.networking.vpn = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+    };
   };
 
   config = {
@@ -30,6 +35,60 @@ in
     #   enable = false;
     # };
 
-  };
+    # # VPN setup
+    networking.networkmanager.ensureProfiles = {
+      environmentFiles = [ config.sops.secrets.vpnEnvironment.path ];
+      profiles.wg-home = {
+        connection = {
+          id = "wg-home";
+          type = "wireguard";
+          interface-name = "wgh";
+          autoconnect = false;
+        };
 
+        ipv4 = {
+          address = "10.0.0.2/32";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$HOME_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.y/TBD/c0GkrRtekDkCb8TUnYYil8bSRPIjPDY650pz8=" = {
+          endpoint = "$HOME_ENDPOINT";
+          allowed-ips = "192.168.1.0/16";
+        };
+      };
+
+
+
+      profiles.wg-fritzbox = {
+        connection = {
+          id = "wg-fritzbox";
+          type = "wireguard";
+          interface-name = "wgfb";
+          autoconnect = false;
+        };
+
+        ipv4 = {
+          address = "192.168.178.201/24";
+          dns = "192.168.178.1";
+          method = "manual";
+        };
+
+        wireguard = {
+          listen-port = 51820;
+          private-key = "$FRITZBOX_PRIVATE_KEY";
+        };
+
+        "wireguard-peer.Jf/seKAL7kWm2qX9gf5Ln8FiN7OlPQB3CyRovDIOEHw=" = {
+          endpoint = "$FRITZBOX_ENDPOINT";
+          allowed-ips = "192.168.178.0/24;fd73:ea00:5841::/64";
+          preshared-key = "$FRITZBOX_PRESHARED_KEY";
+        };
+      };
+    };
+  };
 }