{ config, lib, pkgs, ... }:
let
  port = (import ../data/aliases.nix).services.wireguard.port;
in
{
  networking.wireguard = {
    interfaces = {
      wg0 = {
        ips = [ "10.35.190.2/23" ];
	privateKeyFile = "/opt/secret/wireguard/wg0.key";
	listenPort = port;
	allowedIPsAsRoutes = false;
	peers = [
	  {
	    publicKey = "KT4sWKnlvPebJh0pYhGpiZksn4cCwKreB6fQCJV49F8=";
	    endpoint = "dragon.orbekk.com:${toString port}";
	    allowedIPs = ["0.0.0.0/0" "::/0"];
	  }
	];
      };
    };
  };
}