{ lib, config, ... }:
{
  networking = {
    firewall = {
      allowedUDPPorts = [ 51820 ];
      trustedInterfaces = [ "wgc" ];
    };

    wireguard.interfaces.wgc = {
      ips = [ "${config.ips.wgSpan}.18/24" ];
      listenPort = 51820;
      privateKey = config.secrets.wgClientPriv;
      peers = [
        { # Cyberspark Server
          publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
          allowedIPs = [ "10.100.0.0/24" ];
          endpoint = "sv.${config.domains.jim1}:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}