{outputs, ...}: {
  networking.firewall = {
    allowedUDPPorts = [ 51820 ];
  };

  networking.wireguard.interfaces = {
    "${outputs.ips.wgInt}" = {
      # Define IP of client in per device config
      listenPort = 51820;
      privateKey = outputs.secrets.wgClientPriv;
      peers = [
        { # 0.0.0.0 makes wg act like a traditional VPN
          publicKey = outputs.secrets.wgServerPub;
          allowedIPs = [ "0.0.0.0/0" ];
          endpoint = "other.${outputs.secrets.cornDomain}:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}