There's some *very* sketchy notes at https://hackmd.io/CIR3ALlmS1SEJa9fgXBFRw as I work my
way through first time using wireguard. I expect the config format below to be insufficient
for moderate use cases, but should be good enough for a base 13.0R to have a simple config
/etc/rc.conf.d/wireguard like below, and for it to be functional enough to get started.
wireguard_enable=YES # you can share the entire config file across servers and just rely on # wireguard_local_hostname to avoid adding this node as a peer # wireguard_local_hostname=wintermute wireguard_local_route="-net 10.0.0.0/24" # the private key will be created on first use # the public key will be derived from the private key on first load # peers go here wireguard_peers="wintermute straylight continuity flatline" # each peer has mandatory, and optional parameters # mandatory: public_key # optional: allowed_ips, endpoint, ... pre / post scripts wireguard_peer_continuity_allowed_ips="10.0.0.8/32" wireguard_peer_continuity_endpoint="172.16.1.8:54321" wireguard_peer_continuity_public_key="T9mxK11y7Vbaqv4lA3Af6G7KE0qT2B322btrfmQwC3w=" wireguard_peer_flatline_allowed_ips="10.0.0.1/32" wireguard_peer_flatline_endpoint="172.16.1.1:54321" wireguard_peer_flatline_public_key="Vjp1YrfPRie2tTeN8Ik4CdyHnc9eL/zlXTKquhsTKDU=" wireguard_peer_straylight_allowed_ips="10.0.0.5/32" wireguard_peer_straylight_endpoint="172.16.1.5:54321" wireguard_peer_straylight_public_key="UNxuh/5EQVE42DoaC5G14WkycL8oi3H114Bg+Q9qPxY=" wireguard_peer_wintermute_allowed_ips="10.0.0.4/32" wireguard_peer_wintermute_endpoint="172.16.1.4:54321" wireguard_peer_wintermute_public_key="MN/o29krOyJBgnhi3Vgt4weGceCU4dROR4wRIyOr7C8="