{
  hosts = {
    "10.0.0.42" = [ "nomad.service.consul" ];
    "10.0.0.48" = [ "consul.service.consul" ];
    "10.0.0.49" = [ "vault.service.consul" ];
  };

  wireguard.enable = true;
  wg-quick.interfaces = {
    wg0 = {
      address = [ "5.0.0.6/32" ];
      privateKeyFile = "/etc/wireguard/wg0.privatekey";

      peers = [
        {
          publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
          allowedIPs = [ "5.0.0.16/32" "10.0.0.0/24" "10.88.88.0/24" ];
          endpoint = "85.88.23.16:51820";
          persistentKeepalive = 25;
        }
      ];
    };
    wg1 = {
      address = [ "10.13.0.1/32" ];
      privateKeyFile = "/etc/wireguard/wg1.privatekey";
      mtu = 1412;

      peers = [
        {
          publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs=";
          allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ];
          endpoint = "[2a00:6020:409d:bb00:dea6:32ff:fe85:3306]:51820";
          persistentKeepalive = 25;
        }
      ];
    };
    wg2 = {
      address = [ "10.6.6.4/32" ];
      privateKeyFile = "/etc/wireguard/wg2.privatekey";

      peers = [
        {
          publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
          presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
          allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ];
          endpoint = "85.88.23.127:51820";
          persistentKeepalive = 16;
        }
      ];
    };
  };
}