{ ... }:
{
  _class = "clan.service";
  manifest.name = "yggdrasil";
  manifest.description = "An in scalable routing as an encrypted IPv6 overlay network";
  manifest.categories = [ "System" ];

  roles.default = {
    perInstance.nixosModule =
      {
        lib,
        config,
        pkgs,
        ...
      }:
      let
        user = "yggdrasil";
      in
      {
        clan.core.vars.generators.yggdrasil = {
          files = {
            yggdrasil-secret = {
              secret = true;
              owner = user;
              group = user;
            };
            yggdrasil-ip.secret = false;
          };
          runtimeInputs = with pkgs; [
            yggdrasil
            jq
          ];
          script = ''
            yggdrasil -genconf -json | jq {PrivateKey} > $out/yggdrasil-secret
            cat $out/yggdrasil-secret | yggdrasil -useconf -address | tr -d "\n" > $out/yggdrasil-ip
          '';
        };

        services.yggdrasil = {
          enable = lib.mkDefault true;
          # configFile = config.clan.core.vars.generators.yggdrasil.files.yggdrasil-secret.path;
          settings = {
            Peers = [
              # US Peers
              "tls://ygg.jjolly.dev:3443"
              "tls://[2602:fc24:18:7a42::1]:993"
              "tcp://leo.node.3dt.net:9002"
              "tcp://ygg-kcmo.incognet.io:8883"
            ];
          };
        };
      };
  };
}