{
  config,
  pkgs,
  ...
}: {
  networking.wireguard.interfaces = {
    wg0 = {
      ips = ["10.0.0.3/32"];
      listenPort = 5553;
      privateKeyFile = "/etc/wireguard/wg0.key";
      peers = [
        {
          # cloudhaus
          publicKey = "SOqdU6uku2t0l8lGBDEnwDNHrb5Nk/64qA6++mGa+CI=";
          allowedIPs = ["10.0.0.1/32"];
          endpoint = "46.62.255.194:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };
  networking.firewall.allowedTCPPorts = [9100];
  networking.firewall.interfaces = {
    wg0.allowedTCPPorts = [9100];
  };
}