WireGuard is a opensource VPN using cryptography.
It uses a virtual network interface.

In this case, RockyLinux 8.6 is used, therefore the same steps can be done on CentOS 8.
Make sure the latest kernel is installed and sudo rights are given. Install epel and elrepo:

sudo yum install epel-release elrepo-release 

After this install WireGuard packages:

sudo yum install kmod-wireguard wireguard-tools

Now with Wireguard installed we start creating the folder structure:

sudo mkdir /etc/wireguard/

A configuration file aswell as the public and privatekey will be stored there.
Next step is to create both keys and store them at /etc/wireguard/

wg genkey | sudo tee /etc/wireguard/privatekey | wg pubkey | sudo tee /etc/wireguard/publickey

The key files can only be accessed with root user privileges.
There are two options to set up a WireGuard interface, half automated with a configuration file or completely manually.
In this case a configuration file is used - because we are lazy.

sudo vi /etc/wireguard/wg0.conf 

wg0 is the name of the interface, which will be created. The file contents this:

[Interface]
Address = 192.168.2.1/24
SaveConfig = true
PostUp = firewall-cmd --zone=public --add-port 51820/udp && firewall-cmd --zone=public --add-masquerade
PostDown = firewall-cmd --zone=public --remove-port 51820/udp && firewall-cmd --zone=public --remove-masquerade
ListenPort = 51820
PrivateKey =  YOUR_SERVER_PRIVATEKEY

MacOs and Linux are similar configured as clients.
The installation is similar as for the server. Also the folder structure and the keys are generated similar as on the server.