{ pkgs, lib, config, inputs, ... }:
let
  wgIface = "wg-intra";
in
{
imports = [
  (inputs.julm-nix + "/nixos/profiles/wireguard/${wgIface}.nix")
];
config = {
networking.wireguard.${wgIface}.peers = {
  aubergine.enable = true;
  losurdo.enable = true;
  oignon.enable = true;
  patate.enable = true;
};
networking.nftables.ruleset = ''
  table inet filter {
    chain input-intra {
      tcp dport ssh counter accept comment "SSH"
      udp dport 60000-60100 counter accept comment "Mosh"
    }
    chain output-intra {
      tcp dport ssh counter accept comment "SSH"
      udp dport 60000-60100 counter accept comment "Mosh"
      counter accept
    }
  }
'';
};
}