{
  vpn,
  username,
  ...
}: {
  networking.wg-quick.interfaces = {
    biscuit-default = {
      address = ["10.2.0.2/32"];
      # listenPort = 51820;
      # FIXME change privateKey to variable and add env (make sure it is inaccessible!)
      privateKeyFile = vpn.vpnSecretFile;
      dns = ["10.2.0.1"];
      peers = [
        {
          publicKey = "KkUoHrIzkuQ4msZulqCFyRC1Gqcx8oMgbDFRn8wW1X8=";
          allowedIPs = ["0.0.0.0/0"];
          endpoint = "95.173.221.65:51820";
          # persistentKeepAlive = 25;
        }
      ];
    };
  };
}