{ config, pkgs, lib, ... }:
{
  networking.wireguard.interfaces = 
  let
#    homeip = lib.fileContents config.age.secrets.lab-ip.path;
#    homeip = lib.fileContents ../../sensitives/homeip;
    homeip = config.wireguard.lab.remote;
  in {
#    server = {
#      ips = [ "10.0.0.2/32" ];
#      listenPort = 2751;
#
#      privateKeyFile = config.age.secrets.serverwg-priv.path;
#
#      peers = [
#        {
#          publicKey = "Lk+EHt6+6HPUeXigdBTbv/j4yAcs2MyGumbgrOD5WTA=";
#          allowedIPs = [ "10.0.0.1/32" ];
#          endpoint = homeip + ":2751";
#          persistentKeepalive = 25;
#        }
#      ];
#    };

    lab = {
      ips = [ config.wireguard.lab.ip ];
      listenPort = 2752;

      privateKeyFile = config.wireguard.lab.privateKeyFile; #config.age.secrets.vpnboxwg-priv.path;

      peers = [
        {
          publicKey = "JTHjRp35MUbNSMOQnuE99mg0D0tyiprhH1KgIIQQLmg=";
          allowedIPs = [ "10.0.1.1/32" "192.168.87.0/24" ];
          endpoint = homeip + ":2752";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}