{
  config,
  pkgs,
  lib,
  namespace,
  ...
}: let
  inherit (builtins) length;
  inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs;

  cfg = config.${namespace}.services.networking.wireguard;
  hasPeers = (cfg.peer |> attrNames |> length) > 0;
in {
  options.${namespace}.services.networking.wireguard = {
    # enable = mkEnableOption "enable wireguard" // {default = true;};

    peer = mkOption {
      type = types.attrsOf (types.submodule {
        options = {
          port = mkOption {
            type = types.port;
            description = '''';
          };

          address = mkOption {
            type = types.listOf types.str;
            default = [];
            description = '''';
          };
        };
      });
    };
  };

  config = mkIf hasPeers {
    networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port);
    networking.wq-quick = {
      # enable = cfg.enable;

      interfaces =
        cfg.peer
        |> attrsToList
        |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // {  }));
        |> listToAttrs
    };
  };
}