{
  vpn,
  username,
  ...
}: {
  networking.wg-quick.interfaces = {
    biscuit-default = {
      address = ["10.2.0.2/32"];
      # listenPort = 51820;
      # FIXME change privateKey to variable and add env (make sure it is inaccessible!)
      privateKeyFile = vpn.vpnSecretFile;
      dns = ["10.2.0.1"];
      peers = [
        {
          publicKey = "GbuOJ8Dho0iXlS0+ma2teQ4RxhBALWK6RB94qA1GZDA=";
          allowedIPs = ["0.0.0.0/0"];
          endpoint = "79.127.147.2:51820";
          # persistentKeepAlive = 25;
        }
      ];
    };
  };
}