{ pkgs, lib, config, hostName, inputs, ... }:
let
  inherit (config.security) gnupg;
  iface = "wg-intra";
in
{
imports = [
  (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
];
networking.wireguard.${iface}.peers = {
  losurdo.enable = true;
  oignon.enable = true;
};
networking.wireguard.interfaces.${iface} = {
  privateKeyFile = gnupg.secrets."wireguard/${iface}/privateKey".path;
};
security.gnupg.secrets."wireguard/${iface}/privateKey" = {
/*
  systemdConfig.serviceConfig = {
    before     = [ "wireguard-${iface}.service" ];
    wantedBy   = [ "wireguard-${iface}.service" ];
    requiredBy = [ "wireguard-${iface}.service" ];
  };
*/
};
systemd.services."wireguard-${iface}" = {
  after    = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
  requires = [ gnupg.secrets."wireguard/${iface}/privateKey".service ];
};
}