{
  config,
  lib,
  inputs,
  ...
}: {
  networking.firewall = {
    allowedUDPPorts = [51820];
  };

  networking.wireguard.interfaces = {
    wg0 = {
      ips = [
        /*
        "2a0f:be01:fe:fa1::1/64"
        */
        "2a01:4f8:10a:1aab:f000::1/80"
      ];

      listenPort = 51820;

      privateKeyFile = "/home/xqtc/wireguard-keys/private";

      peers = [
        {
          #anner
          publicKey = "5ar4lh3Ra4TRmUJeeBtPgDvZnAkGssJDUN53y9oa3So=";
          allowedIPs = [
            "2a0f:be01:0:100::/64"
            "2a0f:be01:0:200::/64"
            "2a0f:be01:fe:f00::/56"
          ];
          endpoint = "[2a0f:be01::1]:51822";
          persistentKeepalive = 15;
        }
      ];
    };
  };
}