Dropping back into wireguard for a part 2 on configuration. Last I left wireguard, everything was configured and working. Now notice there I didn’t say it was configured well or to any standard. Keys were generated on the fly and added to servers on a whim to prove a proof-of-concept.
This post goes into greater detail on getting the Wireguard configuration correct, getting daemons up and running, getting DNS configured, and getting a decent minimal pk infrastructure setup.