Nomad on Edge with Wireguard or equivalent

I am using the native service discovery for my edge servers without consul. What is the best way to have secure node to node communication without using consul service mesh? Any pointers on how to setup wireguard or equivalent with nomad without consul?

All the tutorials and talks are using public IPs for node to node communication (perhaps for simplicity)

Not sure if this is relevant to your case, but I played around a bit with Tailscale, which works like a charm, and also Cloudflare Tunnel.

The “Hashicorp” way is probably to set up clusters across the various Edge sites and then federate them, then do service discovery with Consul. If you want to forego Consul I’ve always gone with the overlay network (again, either Tailscale or Cloudflare) and relied on that for zero trust controls.

However you’re likely to lose things you care about like topology (knowing which service is running in which edge location), etc.

Thanks for your answer, now that nomad has built in service discovery would I still lose things like topology? it sounds like i can do basic service discovery without consul