[14:46] <ahasenack> when someone has some time, I'm writing wireguard docs for the ubuntu server guide
[14:46] <ahasenack> it's not finished already,
[14:46] <ahasenack> but I could use a quick glance at these: 
[14:47] <ahasenack> introduction: https://git.launchpad.net/~ahasenack/+git/serverguide/tree/wireguard/introduction.md?h=wireguard
[14:47] <ahasenack> peer to site: https://git.launchpad.net/~ahasenack/+git/serverguide/tree/wireguard/peer-to-site-wg-on-router.md?h=wireguard
[14:47] <ahasenack> once I start writing the other bits (site to site, peer to peer), I might decide there is too much in common between these chapters and change the layout
[14:48] <ahasenack> I don't think a full review is warranted at this point, when it's unfinished, but a quick glance and telling me about obvious spots would help
[18:04] <sarnold> ahasenack: I suggest changing the apt install wireguard to install wireguard-tools instead -- the 'wireguard' package is a metapackage that depends on dkms | kernel module; I think it's more useful in a debian context than ubuntu context
[18:08] <sarnold> ahasenack: consider 'according to the host' in 'name the key files according to the peer they were generated for'
[18:09] <sarnold> ahasenack: in the "putting it all together" section, we've jumped from having generated keys to having configured interfaces, but the commands to make that interface and configure it have been skipped entirely; perhaps this is just the "unfinished" bit you've mentioned :)
[18:09] <sarnold> ahasenack: ooh pretty diagrams! :D
[21:11] <sarnold> ahasenack: very nice :) my last few thoughts: it might be worth saying that wg-quick is just one way to bring up the interfaces, it can be managed via other tools if desired. also, I was left very curious which interfaces / addresses wireguard is listening on, when it's "listening". Does that show up in `ss` output? can it be configured to listen to thousands of ports? (hotel and airport wifi can 
[21:11] <sarnold> be brutal)
[23:47] <sarnold> ahasenack: ooh ooh a new question! :D  I could imagine some people want an sshd or apache or nginx or samba or similar to listen ONLY on the wireguard interface, or interfaces, and not listen to the 'standard' addresses at all