Hi Jason,

So: things won't be too big of a pain, and at some point, there won't be
any possibility of pains.

Great to hear that!

What precisely are you doing that you think might be easier with JSON?

I did look at wg-json. I was wondering more about /etc/wireguard/*.conf and the possibility of using json config there. I am trying to parse wgX.conf so that we can quickly add and remove peers and subnets. Currently I am dumping it into a python dict keyed with the pubkeys

In this sense, on outgoing, it's sort of like a routing table. on incoming, it's sort of like an IP access control list.

That's a pretty succinct way of putting it. It does sounds simple put that way.

You don't have to run WireGuard in a star topology. You can do full mesh
if you want, or whatever other topology. One interface can have multiple
peers, so you can connect things together any which way you like.

As Jonathan mentioned he is running a mesh. And it does open up possibilities in terms of access control that I haven't fully considered. But how do we scale a mesh? For a number of hosts lets say 20+ with 20 container subnets or more to share, one would imagine managing a peer to peer configuration as the network scales up and down can become a chore.

A client server with let's say a /16 shared may be more feasible, as then all the client's acceptedIPs can be the single /16 subnet, while the individual client subnets are added to the server for routing as they are added. I will think about this some more.

Once again this is really impressive and valuable.

Thanks!

Raul