I use a wireguard VPN almost all the time on both my desktop (non-Framework) as well as my Framework 13 (1st gen). The canonical way to deal with this is to use the wg-quick@ template service to connect to a particular tunnel wg0 with the configuration in /etc/wireguard/wg0.conf (by doing systemctl start wg-quick@wg0).
However, I use systemd-networkd to manage my networking, and networkd has the ability to setup and manage wireguard tunnels itself through .netdev and .network files. This got me thinking about how to actually translate the config files from wg-quick’s format to systemd-networkd’s format.
Introducing wg2sd: a program to accomplish exactly this. If you have configuration files in /etc/wireguard, all you have to do is run wg2sd.hs (no arguments) as root and it will automatically create associated .network and .netdev files in /etc/systemd/network/ and set the appropriate owner/group and permissions. See the GitLab repo for more details on options you can pass, but two useful ones are -d and -r: the former lets you specify a tunnel that should be brought up by default (which sets ActivationPolicy = up for that interface rather than the default of ActivationPolicy = down) and the latter automatically reloads networkd’s configuration (saving a networkctl reload step).
I know there’s also wg2nd, but (a) I was having a bit of trouble getting that to work and (b) I mostly wrote this for myself to better understand what wg-quick does and suddenly found that adding a few options made it way more convenient than wg2nd for my usecase.