# Wireguard VPN client configuration
{ config, pkgs, lib, ... }:

let
  inherit (lib) mkOption mkDefault;

in
{
  options = {
    nixin.wg.client = {
      ipv4 = mkOption { type = lib.types.str; };
      ipv6 = mkOption { type = lib.types.str; };
    };
  };

  config = {
    networking = {
      wg-quick.interfaces = {
        wg0 = {
          address = [ config.nixin.wg.client.ipv4 config.nixin.wg.client.ipv6 ];
          dns = [ "80.67.169.12" "80.67.169.40" "2001:910:800::12" "2001:910:800::40" ];
          privateKeyFile = "/var/src/secrets/wg-private.key";

          peers = [
            {
              publicKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w=";
              allowedIPs = [ "0.0.0.0/0" "::/0" ];
              endpoint = "vpn.lab12.fr:51812";
              persistentKeepalive = 15;
            }
          ];
        };
      };
    };
  };

}