# WireGuard config for HOME SERVER (Vigilar host)
# Install: cp wg0-home.conf /etc/wireguard/wg0.conf
# Start:   systemctl enable --now wg-quick@wg0

[Interface]
# Home server's WireGuard IP on the tunnel
Address = 10.99.0.2/32
# Generate with: wg genkey | tee /etc/wireguard/home_private.key | wg pubkey > /etc/wireguard/home_public.key
PrivateKey = <HOME_PRIVATE_KEY>
# Keep the tunnel alive through NAT (home router)
# Send keepalive every 25s so the NAT mapping doesn't expire

[Peer]
# Digital Ocean droplet
PublicKey = <DROPLET_PUBLIC_KEY>
# Route all tunnel traffic to the droplet
AllowedIPs = 10.99.0.1/32
# Droplet's public IP + WireGuard port
Endpoint = <DROPLET_PUBLIC_IP>:51820
# Critical: keeps tunnel alive through home router NAT
PersistentKeepalive = 25