diff --git a/docs/posts/wireguard-on-nspawn.md b/docs/posts/wireguard-on-nspawn.md
new file mode 100644
index 0000000..2f666ff
--- /dev/null
+++ b/docs/posts/wireguard-on-nspawn.md
@@ -0,0 +1,38 @@
+---
+title: "Wireguard on Nspawn"
+date: 2025-01-30
+draft: false
+tags: ["Wireguard", "linux", "nspawn", "container", "systemd", "Debian", "bookworm", "Arch"]
+authors: ["trent"]
+post: 35
+---
+date: 2025-01-30
+
+## Introduction
+Have you ever been thinking about `systemd-nspawn` containers and thought wouldn't
+it be awesome if you could just wireguard outa there as easily as you can with a
+virtual machine?
+
+You can do it!
+
+I have tested this with a Debian 12 `nspawn` container on a Debian 12 host, as well
+as both Arch Linux and Debian 12 containers on an Arch Linux host.
+
+## install wireguard-tools in container
+*mask unwanted dependencies with a trailing `-`*
+
+`apt install wireguard-tools linux-base-`
+
+You can now configure with `wg-quick` and start using `wireguard`.
+
+## unpacking the install
+The trick is to avoid installing the dependencies of `wireguard` that you
+don't need inside a container.  You don't need a kernel, busybox,
+initramfs, wireguard-modules, or dkms.
+
+We mask `linux-base-` by adding a `-` after it, and the result is that only
+`wireguard-tools` are installed, without `wireguard` or a bunch of other dependencies.
+
+## what about LXD containers?
+I'm curious if this will work in LXD containers, but don't really have
+a testing environment set up for that right now.
diff --git a/mkdocs.yml b/mkdocs.yml
index 1faa4cd..7a1b494 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -24,6 +24,7 @@ markdown_extensions:
 nav:
   - Home:
     - Home: index.md
+    - "Wireguard on Nspawn": posts/wireguard-on-nspawn.md
     - "Sandbox IOT Network": posts/sandbox-iot-network.md
     - "QuasselCore on Debian 11": posts/quasselcore-on-debian-11.md
     - "Forklift Upgrade Arch Linux To A Dell Precision 3561": posts/forklift-upgrade-arch-linux-precision-3561.md
@@ -72,6 +73,7 @@ nav:
     - FreeCodeCampChallenges: https://trentspalmer.github.io/fcc-challenges/
     - DeviceLayout: https://trentpalmer.work/6a57bbe24d8244289610bf57533d6c6f/
   - Posts:
+    - "Wireguard on Nspawn": posts/wireguard-on-nspawn.md
     - "Sandbox IOT Network": posts/sandbox-iot-network.md
     - "QuasselCore on Debian 11": posts/quasselcore-on-debian-11.md
     - "Forklift Upgrade Arch Linux To A Dell Precision 3561": posts/forklift-upgrade-arch-linux-precision-3561.md