# WireGuard config for DIGITAL OCEAN DROPLET (reverse proxy)
# Install: cp wg0-droplet.conf /etc/wireguard/wg0.conf
# Start:   systemctl enable --now wg-quick@wg0

[Interface]
# Droplet's WireGuard IP on the tunnel
Address = 10.99.0.1/32
ListenPort = 51820
# Generate with: wg genkey | tee /etc/wireguard/droplet_private.key | wg pubkey > /etc/wireguard/droplet_public.key
PrivateKey = <DROPLET_PRIVATE_KEY>

[Peer]
# Home server
PublicKey = <HOME_PUBLIC_KEY>
# Home server's tunnel IP — traffic to this IP goes through WireGuard
AllowedIPs = 10.99.0.2/32
# No Endpoint needed — home server initiates the connection (NAT traversal)
# No PersistentKeepalive needed — home server sends keepalives