Fix wireguard configuration

lib/wireguard.nix

@@ -12,18 +12,20 @@
     persistentKeepalive = hostconf.persistentKeepalive;
   });
 
-  makeInterface = (hostName: netname: netconfig: {
-    ips = [
-      "${netconfig.hosts.${hostName}.v4.ip}/${toString netconfig.v4.bitmask}"
-    ];
-    privateKeyFile = "/secrets/wireguard/private/${netname}";
-    generatePrivateKeyFile = true;
+  makeInterface = (hostName: netname: netconfig:
+    let isHub = netconfig.server.hostname == hostName;
+    in {
+      ips = [
+        "${netconfig.hosts.${hostName}.v4.ip}/${toString netconfig.v4.bitmask}"
+      ];
+      listenPort = if isHub then netconfig.server.port else null;
+      privateKeyFile = "/secrets/wireguard/private/${netname}";
+      generatePrivateKeyFile = true;
 
-    peers = let
-      reachablePeerHosts = lib.filterAttrs (host: hostconf:
-        host != hostName
-        && (hostconf.endpoint != null || netconfig.server == hostName))
-        netconfig.hosts;
-    in lib.mapAttrsToList (mapHostToPeerConfig netname) reachablePeerHosts;
-  });
+      peers = let
+        reachablePeerHosts = lib.filterAttrs (host: hostconf:
+          host != hostName && (hostconf.endpoint != null || isHub))
+          netconfig.hosts;
+      in lib.mapAttrsToList (mapHostToPeerConfig netname) reachablePeerHosts;
+    });
 }