Fix: read WG server IP and subnet from live API instead of hardcoding 10.0.0.x

test_wg_connect_and_ping_server and the connected_peer fixture hardcoded
10.0.0.1 / 10.0.0.0/24 as the server VPN address. This breaks when the
server uses a different subnet (e.g. pic1 uses 10.0.1.1/24). Now both
read 'address' from /api/wireguard/status at session start and pass the
live server_ip / server_network through wg_server_info and connected_peer.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/e2e/wg/conftest.py

@@ -39,10 +39,27 @@ def wg_server_info(admin_client, pic_host):
     except Exception:
         pass
 
+    # Server VPN IP (e.g. '10.0.0.1') and subnet (e.g. '10.0.0.0/24') from status
+    server_address = '10.0.0.1/24'
+    try:
+        server_address = admin_client.get('/api/wireguard/status').json().get('address', server_address)
+    except Exception:
+        pass
+    import ipaddress as _ip
+    try:
+        iface = _ip.ip_interface(server_address)
+        server_ip = str(iface.ip)
+        server_network = str(iface.network)
+    except Exception:
+        server_ip = '10.0.0.1'
+        server_network = '10.0.0.0/24'
+
     return {
         'public_key': server_pubkey,
         'endpoint': pic_host,
         'port': int(port),
+        'server_ip': server_ip,
+        'server_network': server_network,
     }
 
 
@@ -65,7 +82,7 @@ def connected_peer(make_peer, wg_server_info, tmp_path):
         server_pubkey=wg_server_info['public_key'],
         server_endpoint=wg_server_info['endpoint'],
         server_port=wg_server_info['port'],
-        allowed_ips='10.0.0.0/24',
+        allowed_ips=wg_server_info['server_network'],
     )
 
     # Write config with restricted permissions
@@ -78,6 +95,7 @@ def connected_peer(make_peer, wg_server_info, tmp_path):
         iface.bring_up()
         peer['iface'] = iface
         peer['conf_path'] = conf_path
+        peer['server_ip'] = wg_server_info['server_ip']
         yield peer
     finally:
         iface.bring_down()