Since I already had a working Wireguard setup, this essentially means: All the benefits of Tailscale, without Tailscale. All local devices are discoverable and remotely reachable via their own DHCP hostnames + the tld. In case it’s needed, I can use any old acme client and put a valid SSL certificate in front of them.

I’m in awe.