# upstream prefers the less-user-friendly locked-down /etc/wireguard by default
# to avoid leaking local system secrets.  I've adjusted the Debian package to follow its lead.
# see also https://bugs.debian.org/902831
wireguard-tools: non-standard-dir-perm 0700 != 0755 [etc/wireguard/]