{
  config,
  pkgs,
  ...
}: let
  secrets = config.services.secrets.secrets;
in {
  environment.systemPackages = with pkgs; [wireguard-tools];
  networking.wg-quick.interfaces = {
    wg-harry-vpn = {
      autostart = false;
      address = ["185.186.9.71/26" "2a0b:6b84:2022:6::1/64"];
      dns = ["8.8.8.8"];
      mtu = 1280;
      privateKeyFile = "${secrets.wg_harry_priv.path}";

      peers = [
        {
          publicKey = "7B6KSFqTHM7A7Nv24GIeUhDDh2XnlT7UqG5U+Si+zmc=";
          presharedKeyFile = "${secrets.wg_harry_preshared.path}";
          allowedIPs = ["0.0.0.0/0" "::/0"];
          endpoint = "185.186.9.1:8081";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}