```
   1   │ { config, lib, pkgs, ... }:
   2   │ {
   3   │   networking.firewall = {
   4   │     allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
   5   │   };
   6   │ 
   7   │   networking.wireguard.interfaces = {
   8   │ 
   9   │     wg0 = {
  10   │       ips = [ "<wg-private-client-ip>/32" ];
  11   │       allowedIPsAsRoutes = true;
  12   │       listenPort = 51820;
  13   │ 
  14   │       privateKeyFile = "/private/wireguard/private_key";
  15   │ 
  16   │       peers = [
  17   │         {
  18   │           publicKey = "..." ;
  19   │ 
  20   │           allowedIPs = [ "0.0.0.0/0" ];
  21   │ 
  22   │           endpoint = "<wg-public-ip>:51820"; 
  23   │ 
  24   │           persistentKeepalive = 25;
  25   │         }
  26   │       ];
  27   │     };
  28   │   };
  29   │ }
```