{ config, pkgs, lib, materusArg, ... }:
{
  sops.templates."networkmanager.env".content = ''
    WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
  '';

  networking.useDHCP = lib.mkDefault true;
  networking.hostName = "Old-materusPC";
  networking.wireless.iwd.enable = true;
  networking.networkmanager.enable = true;
  # Open ports in the firewall.
  networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 
  22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port # Syncthing
  ];
  networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 
  22000 21027 # Syncthing
  ];
  # Or disable the firewall altogether.
  networking.firewall.enable = true;
  networking.networkmanager.settings = {
    connectivity = {
      uri = "http://nmcheck.gnome.org/check_network_status.txt";
    };
  };

  networking.networkmanager.ensureProfiles.environmentFiles = [
    config.sops.templates."networkmanager.env".path
  ];
  networking.networkmanager.ensureProfiles.profiles = {
    wg0 = {
      connection = {
        id = "wg0";
        type = "wireguard";
        interface-name = "wg0";
      };
      wireguard = {
        private-key = "$WIREGUARD_PRIVATEKEY";
      };
      "wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
        endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
        allowed-ips = "${materusArg.ip-masks.wireguard.general};";
        persistent-keepalive = "20";
      };
      ipv4 = {
        address1 = "${materusArg.ips.wireguard.Old-materusPC}/23";
        dns = "${materusArg.ips.wireguard.valkyrie};";
        method = "manual";
        never-default = "true";
      };
      ipv6 = {
        addr-gen-mode = "stable-privacy";
        method = "disabled";
      };
      proxy = { };
    };
  };
}