{
    config,
    pkgs,
    inputs,
    ...
}: {
    networking.nat = {
        enable = true;
        externalInterface = "enp6s0";
        internalInterfaces = [ "wg0" ];
    };

    networking.firewall = {
        allowedUDPPorts = [ 51820 ];
    };

    networking.wireguard.interfaces = {
        wg0 = {
            ips = [ "192.168.15.1/24" ];
            listenPort = 51820;
            postSetup = ''
                ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.15.0/24 -o enp6s0 -j MASQUERADE
            '';
            postShutdown = ''
                ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.15.0/24 -o enp6s0 -j MASQUERADE
            '';

            privateKeyFile = "/home/chmura/.wg/private";

            peers = [
                {
                    # main laptop
                    publicKey = "y+bdB0CdX6xm4vK2p2+5vQey9gEDphBf8V/DFt1oaC0=";
                    allowedIPs = [ "192.168.15.0/24" ];
                }
            ];
        };
    };
}