{
  config,
  pkgs,
  extraInfo,
  ...
}:
{
  environment.systemPackages = with pkgs; [ wireguard-tools ];

  networking.firewall.allowedUDPPorts = [ 51820 ];
  networking.wg-quick.interfaces.wg0 = {
    address = [ "10.100.0.1/8" ];

    listenPort = 51820;
    privateKeyFile = config.sops.secrets.wg0_private.path;

    peers = [
      {
        # PC Portable
        publicKey = "maCF41/gOh5p0BBgOh0x9S/ourGSM7qrFfEgmB+XGHY=";
        allowedIPs = [ "10.100.0.3" ];
      }

      {
        # london
        publicKey = extraInfo.wireguard.londonPublicKey;
        allowedIPs = [ "10.100.0.4" ];
      }

      {
        # Mate 20 Pro
        publicKey = "JoW+Iwysip46WWKJINneXWWG2YszzKEKlI3dW4SIjg0=";
        allowedIPs = [ "10.100.0.5" ];
      }
      # Camelot
      {
        publicKey = "lDGxdsruARpkOlZHCkdkNg4v+eEU9m+jt0VO0v747gk=";
        allowedIPs = [ "10.100.0.6" ];
      }
    ];
  };
}