{ config, pkgs, ... }:

{
  environment.systemPackages = with pkgs; [
    wireguard-tools
  ];

  networking.wg-quick.interfaces = {
    freyanet = {
      address = [ "10.2.0.2/32" "fd:cafe:dead:bee::2/128" "fe80::2/128" ];
      dns = [ "10.3.0.138" ];
      privateKeyFile = config.sops.secrets.freyanetWg.path;

      peers = [{
        publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk=";
        allowedIPs = [ "10.0.0.0/14" "fd:cafe::/32" ];
        endpoint = "cid.freya.cat:3000";
        persistentKeepalive = 25;
      }];
    };

    #tinternet = {
    #  address = [ "69.0.0.2/32" "cafe::2/128" "fe80::2/128" ];
    #  dns = [ "1.1.1.1" ];
    #  privateKeyFile = config.sops.secrets.tinternetWg.path;

    #  peers = [{
    #    publicKey = "8Ice49Yc7N75OYJW59ohDbfUjgrkwIuGWKWocJQGgzI=";
    #    allowedIPs = [ "0.0.0.0/0" "::/0" ];
    #    endpoint = "freya.cat:51282";
    #    persistentKeepalive = 25;
    #  }];
    #};
  };
}