class profiles::wireguard_peer (
  Variant[String,Sensitive[String]] $private_key,
  Array[Hash] $peers,
  String $ifname = 'wg0',
) {
  include ::profiles::wireguard

  networking::networkd_instance { $ifname:
    type              => 'netdev',
    content           => {
      'NetDev'        => {
        'Name'        => $ifname,
        'Kind'        => 'wireguard',
        'Description' => "WireGuard tunnel ${ifname}"
      },
      'WireGuard'    => {
        'PrivateKey' => $private_key,
      },
      'WireGuardPeer' => $peers,
    }
  }

  networking::networkd_instance { "${ifname}-network":
    type      => 'network',
    content   => {
      'Match' => {
        'Name' => $ifname,
      },
      'Network'   => {
        'Address' => '2001:9b1:eff:a600:22cf:30ff:fe45:629e/128',
      },
    }
  }
}