{ pkgs, lib, config, ... }: {
  options.mods = {
    tailscale.enable = lib.mkEnableOption "enables tailscale";
    wireguard.enable = lib.mkEnableOption "enables wireguard client";
    openvpn.enable = lib.mkEnableOption "enables openvpn config";
    openvpn.config = let 
      username = "${config.mods.user.name}";
      folder = "${config.users.users.${username}.home}/documents/openvpn/";
      file = "${config.mods.user.name}.ovpn";
    in lib.mkOption {
      description = "the config location";
      default = "${folder}${file}";
    };
  };

  config = {
    networking.networkmanager.enable = true;

    services.tailscale.enable = config.mods.tailscale.enable;

    services.openvpn.servers = lib.mkIf config.mods.openvpn.enable {
      remote.config = ''config ${config.mods.openvpn.config}'';
    };


    networking = lib.mkIf config.mods.wireguard.enable {
      firewall = {
        allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
      };
      wireguard.interfaces = {
        wg0 = {
          ips = [ "10.100.0.2/24" ];
          listenPort = 51820;

          privateKeyFile = "/home/muon/wireguard-keys/private";

          peers = [
            {
              publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
              allowedIPs = [ "0.0.0.0/0" ];
              endpoint = "93.95.230.11:51820";
              persistentKeepalive = 25;
            }
          ];
        };
      };
    };

  };
}