define a new "vpn-servo" which allows routing all traffic out of servo, via wireguard

hosts/common/vpn.nix

@@ -8,14 +8,9 @@
 # - copy the Address, PublicKey, Endpoint from OVPN's config
 # N.B.: maximum interface name in Linux is 15 characters.
 let
-  def-ovpn = name: { endpoint, publicKey, address }: {
-    networking.wg-quick.interfaces."ovpnd-${name}" = {
-      inherit address;
-      privateKeyFile = config.sops.secrets."wg/ovpnd_${name}_privkey".path;
-      dns = [
-        "46.227.67.134"
-        "192.165.9.158"
-      ];
+  def-wg-vpn = name: { endpoint, publicKey, address, dns, privateKeyFile }: {
+    networking.wg-quick.interfaces."${name}" = {
+      inherit address privateKeyFile dns;
       peers = [
         {
           allowedIPs = [
@@ -25,11 +20,28 @@ let
           inherit endpoint publicKey;
         }
       ];
-      # to start: `systemctl start wg-quick-ovpnd-${name}`
+      # to start: `systemctl start wg-quick-${name}`
       autostart = false;
     };
   };
+  def-ovpn = name: { endpoint, publicKey, address }: def-wg-vpn "ovpnd-${name}" {
+    inherit endpoint publicKey address;
+    privateKeyFile = config.sops.secrets."wg/ovpnd_${name}_privkey".path;
+    dns = [
+      "46.227.67.134"
+      "192.165.9.158"
+    ];
+  };
+
+  def-servo = def-wg-vpn "vpn-servo" {
+    endpoint = config.sane.hosts.by-name."servo".wg-home.endpoint;
+    publicKey = config.sane.hosts.by-name."servo".wg-home.pubkey;
+    address = [ config.sane.services.wg-home.ip ];
+    dns = [ "10.78.79.1" ];
+    privateKeyFile = config.networking.wireguard.interfaces.wg-home.privateKeyFile;
+  };
 in lib.mkMerge [
+  (def-servo)
   (def-ovpn "us" {
     endpoint = "vpn31.prd.losangeles.ovpn.com:9929";
     publicKey = "VW6bEWMOlOneta1bf6YFE25N/oMGh1E1UFBCfyggd0k=";