{ config, ... }:
{
  networking.firewall = {
    allowedUDPPorts = [ 51820 ];
  };

  networking.wireguard.interfaces = {
    "${config.ips.wgInt}" = {
      # Define IP of client in per device config
      listenPort = 51820;
      privateKeyFile = config.age.secrets.wgClientPriv.path;
      peers = [
        {
          publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
          allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
          endpoint = "sv.${config.domains.jim1}:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}