implement wireguard

[billimek]

It is more appropriate to leverage wireguard to access (most) of the services currently facing the internet.

Consider running wireguard server on the edgerouter, pi docker container, or as a helm chart:

• Edgerouter: https://github.com/Lochnair/vyatta-wireguard
• Helm chart: https://github.com/gravitational/wormhole/ ??
• pi docker container: TBD

[billimek]

Wireguard implemented on edgerouter and iOS.

Next step (not for this issue) is to figure out what things currently exposed to the internet via ingress should be limited to VPN instead.

Current list (bolded items are probably safe to expose to internet):

• external-nvr
• rook-ceph-mgr-dashboard
• unifi
• sonarr
• plex-kube-plex
• radarr
• home-assistant
• minio
• rabbitmq-ha
• prometheus-operator-grafana
• oauth2-proxy
• external-hackintosh-nd
• external-lb-nd
• external-pihole-nd
• external-proxmox-b-nd
• external-proxmox-c-nd
• external-proxmox-nd
• external-prox
• home-assistant-vscode
• frigate
• prometheus-operator-alertmanager
• prometheus-operator-prometheus
• chronograf-chronograf
• external-k8s-4-nd
• external-pi4-b-nd
• external-pi4-a-nd
• external-pi4-c-nd
• nzbget
• rtorrent-flood
• node-red
• goldilocks-dashboard