{ lib, config, ... }:
with lib;
{

  options.wireguard = {
    wg0 = {
      subnet = mkOption {
        type = types.str;
        default = "10.100.0.1/24";
      };
    };
  };

  # todo: use networking.wireguard  instead of networking wg-quick
  # with dynamicEndpointRefreshSeconds
  #config = {
  #  systemd.services.wg-quick-wg0.serviceConfig = {
  #    Restart = "always";
  #    RestartSec = 50;
  #    Type = mkForce "simple";
  #    RemainAfterExit = mkForce false;
  #  };
  #};

  config = {
    networking.extraHosts = ''
      10.100.0.1 cache.orbi.wg0
      10.100.0.1 orbi.wg0
      10.100.0.2 chungus.wg0
    '';
  };

}