{ self, inputs, ... }: {
  flake.modules.nixos.wireguard = { config, inputs, pkgs, ... }: {
    environment.systemPackages = with pkgs; [
      wireguard-tools
      wg-netmanager
      (pkgs.writeShellScriptBin "wg-connect" ''
        service="wg-quick-lola"
        sudo systemctl start "$service.service"
        start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
        sudo journalctl -u "$service.service" --since "$start_time" --no-pager
      '')
      (pkgs.writeShellScriptBin "wg-disconnect" ''
        service="wg-quick-lola"
        sudo systemctl stop "$service.service"
        start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
        sudo journalctl -u "$service.service" --no-pager --since "$start_time"
      '')
    ];

    networking.extraHosts = ''
      192.168.1.100 john-nas
      192.168.1.130 pve5070
      192.168.1.201 ad-nix
    '';

    sops.secrets.wireguard_private_key = { };
    networking.wg-quick.interfaces = {
      lola = {
        # autostart = true;
        postUp = "echo 'Post up command'";
        address = [ "192.168.3.5/32" ];
        # dns = [ "192.168.1.182" ];
        privateKeyFile = config.sops.secrets.wireguard_private_key.path;
        
        peers = [
          {
            publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
            allowedIPs = [ "192.168.1.0/24" ];
            endpoint = "wg.john-stream.com:51830";
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
}