{ config, pkgs, ... }:
let secrets = config.services.secrets.secrets;
in {
  environment.systemPackages = with pkgs; [ wireguard-tools ];
  networking.wg-quick.interfaces = {
    wg-harry-vpn = {
      autostart = false;
      address = [ "185.186.9.71/26" "2a0b:6b84:2022:6::1/64" ];
      dns = [ "8.8.8.8" ];
      mtu = 1280;
      privateKeyFile = "${secrets.wg_harry_priv.path}";

      peers = [{
        publicKey = "7B6KSFqTHM7A7Nv24GIeUhDDh2XnlT7UqG5U+Si+zmc=";
        presharedKeyFile = "${secrets.wg_harry_preshared.path}";
        allowedIPs = [ "0.0.0.0/0" "::/0" ];
        endpoint = "185.186.9.1:8081";
        persistentKeepalive = 25;
      }];
    };
  };
}