{
  config,
  pkgs,
  ...
}: {
  environment.systemPackages = with pkgs; [
    wireguard-tools
  ];

  networking.wg-quick.interfaces = {
    freyanet = {
      address = ["10.2.0.2/32" "fd:cafe:dead:bee::2/128" "fe80::2/128"];
      dns = ["10.3.0.138"];
      privateKeyFile = config.sops.secrets.freyanetWg.path;
      autostart = false;

      peers = [
        {
          publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk=";
          allowedIPs = ["10.0.0.0/14" "fd:cafe::/32"];
          endpoint = "cid.freya.cat:3000";
          persistentKeepalive = 25;
        }
      ];
    };

    tinternet = {
      address = ["69.0.0.2/32" "cafe::2/128" "fe80::2/128"];
      dns = ["1.1.1.1"];
      privateKeyFile = config.sops.secrets.tinternetWg.path;
      autostart = false;

      peers = [
        {
          publicKey = "8Ice49Yc7N75OYJW59ohDbfUjgrkwIuGWKWocJQGgzI=";
          allowedIPs = ["0.0.0.0/0" "::/0"];
          endpoint = "freya.cat:51282";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}