{ pkgs, ... }: {
  environment.systemPackages = with pkgs; [ wireguard-tools ];
  networking.wg-quick.interfaces = {
    wg-harry-vpn = {
      autostart = false;
      address = [ "185.186.9.71/26" "2a0b:6b84:2022:6::1/64" ];
      dns = [ "8.8.8.8" ];
      mtu = 1280;
      privateKeyFile = "/secrets/harry_vpn_wg_priv";

      peers = [{
        publicKey = "7B6KSFqTHM7A7Nv24GIeUhDDh2XnlT7UqG5U+Si+zmc=";
        allowedIPs = [ "0.0.0.0/0" "::/0" ];
        endpoint = "185.186.9.1:8081";
        persistentKeepalive = 25;
      }];
    };
  };
}