{ config, pkgs, ... }: {

  networking.nat.enable = true;
  networking.nat.externalInterface = "enp1s0";
  networking.nat.internalInterfaces = [ "wg0" ];
  
  networking.wg-quick.interfaces = {
    wg0 = {
      address = [config.vars.wg_adress];
      mtu = 1350;
      autostart = true;
      postUp = ''
        ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
      '';
      postDown = ''
        ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp1s0
      '';
      privateKey = config.vars.wg_privateKey;
      peers = [{
        publicKey = config.vars.wg_publicKey;
        presharedKey = config.vars.wg_presharedKey;
        allowedIPs = [ "10.6.0.0/24" ];
        endpoint = config.vars.wg_endpoint;
        persistentKeepalive = 25;
      }];
    };
  };
}