{ config, ... }: {
  networking = {
    domain = config.constants.domain;
    hostId = "30f8f777";
    networkmanager = {
      enable = true;
      wifi.backend = "iwd";
    };
    nftables.enable = true;
    wireguard.interfaces.wgb = {
      ips = [ "10.32.54.2/32" ];
      peers = [{
        allowedIPs = [ "10.32.54.0/24" ];
        publicKey = "0j8+alXU/f2UgWN61R6+Wjs9xelGRwpSbe5NyOwWlF4=";
        endpoint = "${config.constants.domain}:45556";
      }];
      privateKeyFile = config.sops.secrets."wireguard/${config.networking.hostName}".path;
    };
    wireless.iwd.enable = true;
  };
  services.resolved.enable = true;
  sops.secrets."wireguard/${config.networking.hostName}" = { };
}