{ pkgs, ... }:
{
  boot.loader.grub = {
    enable = true;
    device = "/dev/vda";
  };

  systemd.network = {
    enable = true;
    networks = {
      "enp6s18" = {
        matchConfig.Name = "enp6s18";
        address = [
          "10.201.41.100/24"
        ];
        routes = [
          {
            routeConfig = {
              Gateway = "10.201.41.1";
              Destination = "10.201.0.0/16";
            };
          }
          {
            routeConfig = {
              Gateway = "10.201.41.1";
              Destination = "10.202.0.0/16";
            };
          }
          {
            routeConfig = {
              Gateway = "10.201.41.1";
              Destination = "172.21.87.0/24";
            };
          }
          {
            routeConfig = {
              Gateway = "10.201.41.1";
              Destination = "217.160.117.160/32";
            };
          }
        ];
        linkConfig.RequiredForOnline = "routable";
      };
      "wg0" = {
        matchConfig.Name = "wg0";
        address = [
          "172.18.50.2/24"
        ];
        DHCP = "no";
        gateway = [
          "172.18.50.1"
        ];
      };
    };
    netdevs = {
      "wg0" = {
        netdevConfig = {
          Kind = "wireguard";
          Name = "wg0";
        };
        wireguardConfig = {
          PrivateKeyFile = "/secrets/wireguard-mail-2-wg0-privatekey.secret";
        };
        wireguardPeers = [{
          wireguardPeerConfig = {
            PublicKey = "Nnf7x+Yd+l8ZkK2BTq1lK3iiTYgdrgL9PQ/je8smug4=";
            PresharedKeyFile = "/secrets/wireguard-lifeline-mail-2-mail-2-psk.secret";
            Endpoint = "217.160.117.160:51820";
            AllowedIPs = [ "0.0.0.0/0" ];
            PersistentKeepalive = 25;
          };
        }];
      };
    };
  };

  networking = {
    hostName = "mail-2";
    useDHCP = false;
    firewall = {
      enable = true;
      allowedTCPPorts = [ 25 80 ];
    };
  };

  environment.systemPackages = with pkgs; [
    wireguard-tools
  ];

  system.stateVersion = "23.05";
}