{ config, hostsPath, ... }:

let
  serverData = import (hostsPath + "/tatos/data.secret.nix");
in
{
  age.secrets.wireguard-asus-gl553vd-private = {
    file = ./wireguard-asus-gl553vd-private.age;
    mode = "0400";
  };

  local.services.vpn.wireguard = {
    enable = true;
    ip = "10.20.30.4/24";
    privateKeyFile = config.age.secrets.wireguard-asus-gl553vd-private.path;
    server = {
      inherit (serverData) addr;
      inherit (serverData.wireguard) port publicKey;
    };
  };
}