class profiles::wireguard_peer (
  Variant[String,Sensitive[String]] $private_key,
  Array[Hash] $peers,
  Stdlib::IP::Address $network_address,
  String $ifname = 'wg0',
) {
  include ::profiles::wireguard

  networking::networkd_instance { $ifname:
    type    => 'netdev',
    content => {
      'NetDev'        => {
        'Name'        => $ifname,
        'Kind'        => 'wireguard',
        'Description' => "WireGuard tunnel ${ifname}"
      },
      'WireGuard'     => {
        'PrivateKey' => $private_key,
      },
      'WireGuardPeer' => $peers,
    }
  }

  networking::networkd_instance { "${ifname}-network":
    type    => 'network',
    content => {
      'Match'   => {
        'Name' => $ifname,
      },
      'Network' => {
        'Address' => $network_address,
      },
    }
  }
}