{
  povSelf,
  pkgs,
  lib,
  config,
  hostConfig,
  ...
}:
let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
  };

  config = lib.mkIf cfg.enable {
    sops.secrets."environments/networkManagerProfiles/dn42" = { };

    networking.networkmanager.ensureProfiles = {
      environmentFiles = [ config.sops.secrets."environments/networkManagerProfiles/dn42".path ];
      profiles.dn42 = {
        connection = {
          id = "dn42";
          interface-name = "dn42";
          type = "wireguard";
          uuid = "b7df0547-e13b-4f28-86de-2b738a36d167";
        };
        ipv4 = {
          method = "disabled";
        };
        ipv6 = {
          addr-gen-mode = "default";
          address1 = "fd6b:6174:6a61::3/128";
          dns = "fd6b:6174:6a61::1;";
          dns-search = "~dn42;";
          method = "manual";
        };
        proxy = { };
        wireguard = {
          fwmark = "1718";
          listen-port = "51820";
          mtu = "1280";
          private-key = "$DN42_WG_PRIVATE_KEY";
        };
        "wireguard-peer.MRXPP//j+BDCiUyrYHdXtdULAsCZyfgumas8pxp6oiE=" = {
          allowed-ips = "fd00::/8;";
          endpoint = "router-a.dn42.zaphyra.eu:1718";
          persistent-keepalive = "10";
        };
      };
    };
  };

}