{ pkgs, lib, config, ... }: {
  options.mods = {
    i2p.enable = lib.mkEnableOption "enables i2p network";
    tailscale.enable = lib.mkEnableOption "enables tailscale";
    wireguard.enable = lib.mkEnableOption "enables wireguard client";
    openvpn.enable = lib.mkEnableOption "enables openvpn config";
    openvpn.config = let
      username = "${config.mods.user.name}";
      folder = "${config.users.users.${username}.home}/documents/openvpn/";
      file = "${config.mods.user.name}.ovpn";
    in lib.mkOption {
      description = "the config location";
      default = "${folder}${file}";
    };
  };

  config = {
    networking.networkmanager.enable = true;
    services.resolved.enable = true;

    services.tailscale.enable = config.mods.tailscale.enable;

    services.openvpn.servers = lib.mkIf config.mods.openvpn.enable {
      remote.config = "config ${config.mods.openvpn.config}";
    };

    networking.firewall.allowedTCPPorts = [
      7656 # default proto sam port
      7070 # default web interface port
      4447 # default socks proxy port
      4444 # default http proxy port
    ];
    services.i2pd = lib.mkIf config.mods.i2p.enable {
      enable = true;
      proto.sam.enable = true;
      address = "127.0.0.1";
      proto = {
        http.enable = true;
        socksProxy.enable = true;
        httpProxy.enable = true;
      };
    };

    networking.firewall.allowedUDPPorts = [ 51820 ];
    networking.wg-quick.interfaces = lib.mkIf config.mods.wireguard.enable {
      wg0 = {
        address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ];
        dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
        mtu = 1500;
        privateKeyFile = "/home/muon/wireguard-keys/private";

        peers = [{
          publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
          presharedKeyFile = "/home/muon/wireguard-keys/psk-muon";
          allowedIPs = [ "0.0.0.0/0" "::/0" ];
          # ip route add 93.95.230.11 via 192.168.0.1
          endpoint = "93.95.230.11:51820";
          persistentKeepalive = 25;
        }];
      };
    };

    # networking.wireguard.interfaces = lib.mkIf config.mods.wireguard.enable {
    #   wg0 = {
    #     ips = [ "10.100.0.2/24" ];
    #     listenPort = 51820;

    #     privateKeyFile = "/home/muon/wireguard-keys/private";

    #     peers = [
    #       {
    #         publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
    #         allowedIPs = [ "0.0.0.0/0" ];
    #         # ip route add 93.95.230.11 via 192.168.0.1
    #         endpoint = "93.95.230.11:51820";
    #         persistentKeepalive = 25;
    #       }
    #     ];
    #   };
    # };

  };
}