{ config, inputs, ... }:
let
  jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
  jupiterVpsPublicIPv4 = "51.75.170.190";
  wireguardPort = jupiterVpsConfig.networking.wireguard.interfaces.wg0.listenPort;
in
{
  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;

  sops.secrets."wireguard" = { };

  networking = {
    firewall.allowedUDPPorts = [ wireguardPort ];

    wireguard.interfaces.wg0 = {
      ips = [ "10.0.0.2/24" ];
      listenPort = wireguardPort;
      privateKeyFile = config.sops.secrets."wireguard".path;

      peers = [
        {
          name = "jupiter-vps";
          allowedIPs = [ "10.0.0.1/32" ];
          publicKey = "BCTr2uWYFr5nAy+VxVQ5SIly6w60dOXY91DpXAMiHjI=";
          endpoint = "${jupiterVpsPublicIPv4}:${builtins.toString wireguardPort}";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}