{
  config,
  lib,
  inputs,
  ...
}: {
  # networking.nat.enable = true;
  # networking.nat.externalInterface = "enp0s31f6";
  # networking.nat.internalInterfaces = "wg0";
  networking.firewall = {
    allowedUDPPorts = [51820];
  };

  networking.wireguard.interfaces = {
    wg0 = {
      ips = [/* "2a0f:be01:fe:fa1::1/64" */ "2a01:4f8:10a:1aab:f000::1/80"];

      listenPort = 51820;

      privateKeyFile = "/home/xqtc/wireguard-keys/private";

      peers = [
        {
          #anner
          publicKey = "5ar4lh3Ra4TRmUJeeBtPgDvZnAkGssJDUN53y9oa3So=";
          allowedIPs = ["2a0f:be01::/40"];
          endpoint = "[2a0f:be01::1]:51822";
	  persistentKeepalive = 15;
        }
      ];
    };
  };
}