{
  config,
  lib,
  pkgs,
  ...
}:
let
  activatedWg = name: {
    networking.wg-quick.interfaces."${name}".configFile = "/persist/manual/wireguard/${name}.conf";
    systemd.services."wg-quick-${name}" = {
      after = [
        "network-online.target"
        "nss-lookup.target"
      ];
      preStart = "${pkgs.toybox}/bin/sleep 3";
    };
  };
  deactivatedWg = name: {
    networking.wg-quick.interfaces."${name}" = {
      configFile = "/persist/manual/wireguard/${name}.conf";
      autostart = false;
    };
  };
  wireguard_enable = (config.me.wireguard.activated != [ ] || config.me.wireguard.deactivated != [ ]);
in
{
  imports = [ ];

  options.me = {
    wireguard.activated = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = false;
      example = true;
      description = "List of wireguard config names that should be activated at boot.";
    };
    wireguard.deactivated = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = false;
      example = true;
      description = "List of wireguard config names that are not activated at boot but can be manually activated later.";
    };
  };

  config = lib.mkIf wireguard_enable (
    lib.mkMerge [
      {
        networking.firewall.allowedUDPPorts = [ 51821 ];
        networking.wireguard.enable = true;
      }
      (activatedWg "drmario")
      (activatedWg "wgh")
      (activatedWg "colo")
      (deactivatedWg "wgf")
    ]
  );
}