{ config, pkgs, ... }:
{
  networking.wireguard.interfaces = 
  let
    homeip = builtins.readFile ../../sensitives/homeip;
  in {
    server = {
      ips = [ "10.0.0.2/32" ];
      listenPort = 2751;

      privateKeyFile = config.age.secrets.serverwg-priv.path;

      peers = [
        {
          publicKey = "Lk+EHt6+6HPUeXigdBTbv/j4yAcs2MyGumbgrOD5WTA=";
          allowedIPs = [ "10.0.0.1/32" ];
          endpoint = homeip + ":2751";
          persistentKeepalive = 25;
        }
      ];
    };

    vpnbox = {
      ips = [ "10.0.1.4/32" ];
      listenPort = 2752;

      privateKeyFile = config.age.secrets.vpnboxwg-priv.path;

      peers = [
        {
          publicKey = "JTHjRp35MUbNSMOQnuE99mg0D0tyiprhH1KgIIQQLmg=";
          allowedIPs = [ "10.0.1.1/32" "192.168.87.0/24" ];
          endpoint = homeip + ":2752";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}