It's unclear to me how this project does anything to protect the identity of users or who is talking to whom. It's nice to know my messages can't be read, but if my ISP can see who I'm talking to and how often it's not doing much.
Also how to clients find one another? Tor and i2p sites are notoriously require friends or public wikis to share the addresses.
Here's an example of what I use across multiple networks, with roaming and static devices. They all use a common /24 subnet (that doesn't overlap with any of the common LAN subnets), and each gets it's one /32 address in that subnet. That way each one accepts traffic from any other WG clients in the same subnet as local traffic to the host device. Essentially each PC, server, or phone thinks it's on the same local network as every other WG client.
[Interface]
PrivateKey = XXX
ListenPort = 51820
Address = 10.172.43.11/24
### Every client gets an address in the 10.172.43.x network
[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.15/32
### This device is a roaming phone or laptop, so it will be able to talk to the server when it wants to, but must initiate all traffic.
[Peer]
PublicKey = XXXX
AllowedIPs = 10.172.43.11/32, 192.168.1.0/24
#### This device is a router which is configured to NAT any traffic from WG to the LAN, so any WG device can talk to the LAN as if it's local
Endpoint = my.dynamic.dns.addres:51820
#### Use dynamic dns for any device that has a semi-permanent public IP and hosts ANY amount of content, files, or needs to be accessible to SSH
WireGuard is **WAY ** faster than any other VPN I've tested, and much more flexible. But at the cost of a little extra setup.
I recommend Restic. It's fast, it supports snapshots and compression, written in Go so it's much quicker than most other solutions I've tested. It also supports multiple different backends for transporting and storing the files so you can use one you've already got or use the restic-server (which is pretty easy to setup).
Make sure the Allowed-IPs is as small a subnet as possible. Your device will only route traffic over your VPN that has a destination IP in that subnet.
That way you're only tunneling the traffic that needs to go over it. Everything else will go out the normal route.
Having your device package up and encrypt every packet takes some overhead and will inherently lower your bandwidth throughput, so it's worth minimizing the number of packets that have to go through that process.
They have a platform and process for selling digital access to audiobooks and ebooks. Selling access to that type of content in an way that circumvents those DRM requirements is against their Terms of Service.