sneeuwvlok/modules/nixos/services/networking/wireguard/default.nix

{
  config,
  pkgs,
  lib,
  namespace,
  ...
}: let
  inherit (builtins) length;
  inherit (lib) mkIf mkEnableOption mkOption types attrNames attrsToList listToAttrs;

  cfg = config.${namespace}.services.networking.wireguard;
  hasPeers = (cfg.peer |> attrNames |> length) > 0;
in {
  options.${namespace}.services.networking.wireguard = {
    # enable = mkEnableOption "enable wireguard" // {default = true;};

    peer = mkOption {
      type = types.attrsOf (types.submodule {
        options = {
          port = mkOption {
            type = types.port;
            description = '''';
          };

          address = mkOption {
            type = types.listOf types.str;
            default = [];
            description = '''';
          };
        };
      });
    };
  };

  config = mkIf hasPeers {
    # networking.firewall.allowedUDPPorts = cfg.peer |> lib.attrValues |> lib.map (p: p.port);
    # networking.wq-quick = {
    #   # enable = cfg.enable;

    #   interfaces =
    #     cfg.peer
    #     |> attrsToList
    #     |> imap0 (i: { name, value }: (namevaluepair "wg${i}" (value // {})))
    #     |> listToAttrs;
    # };
  };
}