{ pkgs, lib, config, hostName, inputs, ... }:
let
  iface = "wg-intra";
  wg-intra-peers = import (inputs.julm-nix + "/nixos/profiles/wireguard/${iface}/peers.nix");
in
{
imports = [
  (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
];
config = {
networking.wireguard.${iface}.peers = {
  aubergine.enable = true;
  losurdo.enable = true;
  oignon.enable = true;
  patate.enable = true;
};
networking.nftables.ruleset = ''
  add rule inet filter fw2intra counter accept

  add rule inet filter intra2fw ip saddr ${wg-intra-peers.losurdo.ipv4} counter accept comment "losurdo"
'';
};
}