how to add external private services to a wireguard network

Is there a good way to add a private service, e.g. on a laptop or in a private cloud to an existing wireguard network? The desired end-result is that I can add any service I want to a private network with a dns entry available to other members of this network over a secure connection. I could imagine running one or more tunnel daemons inside fly and the corresponding tunnel clients outside to reverse proxy the traffic. The tunnel client could then expose itself on the internal network with the internal domain name. However, this sounds a bit complicated so maybe you have better ideas on how to do this.

Does this guide do what you need? Private Networking · Fly

Almost. I think, Kurt said that wireguard connections are not possible when I use a custom network. I have to use a custom network to isolate tenants. Is there a way to use wireguard peering with custom networks?

Hey, I asked a question on the other thread:

(I’ll read any reply in either place).

Depending on what you’re looking for this might be an easy change I can roll out in a couple of days, or a more involved project.