{
  config,
  pkgs,
  lib,
  ...
}: {
  boot.extraModulePackages = [config.boot.kernelPackages.wireguard];
  systemd.network = {
    enable = true;
    netdevs = {
      "10-wg0" = {
        netdevConfig = {
          Kind = "wireguard";
          Name = "wg0";
          MTUBytes = "1300";
        };
        # See also man systemd.netdev (also contains info on the permissions of the key files)
        wireguardConfig = {
          # Don't use a file from the Nix store as these are world readable. Must be readable by the systemd.network user
          PrivateKeyFile = "/run/keys/wireguard-privkey";
          ListenPort = 9918;
        };
        wireguardPeers = [          
          # configuration since nixos-unstable/nixos-24.11
          {
            PublicKey = "Vhv/4oTMt5YYHFm3PpNC/3po1/kmjo2p8Jnk2O5zAFk=";
            AllowedIPs = ["fc00::1/64" "10.100.0.1"];
            Endpoint = "138.199.7.251:51820"; # SET TO SERVER IP, port 51820 usually iwth wg
          }
          # configuration for nixos 24.05
          #{
          #  wireguardPeerConfig = {
          #    PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=";
          #    AllowedIPs = ["fc00::1/64" "10.100.0.1"];
          #    Endpoint = "{set this to the server ip}:51820";
          #  };
          #}
        ];
      };
    };
    networks.wg0 = {
      # See also man systemd.network
      matchConfig.Name = "wg0";
      # IP addresses the client interface will have
      address = [
        "fe80::3/64"
        "fc00::3/120"
        "10.100.0.2/24"
      ];
      DHCP = "no";
      dns = ["fc00::53"];
      ntp = ["fc00::123"];
      gateway = [
        "fc00::1"
        "10.100.0.1"
      ];
      networkConfig = {
        IPv6AcceptRA = false;
      };
    };
  };
}