{ config, lib, ... }:
{
  config = lib.mkIf config.services.wireguard.client.enable {
    networking = {
      firewall.trustedInterfaces = [ "wgc" ];
      wg-quick.interfaces.wgc = {
        privateKey = config.secrets.wg.clientKey;
        peers = [
          { # Kitty server
            publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
            allowedIPs = [ "10.100.0.0/24" ];
            endpoint = "sv.nixfox.ca:51820";
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
}