add how to reach local node with wg to docs

Author: Eslam-Nawara

docs/internals/network-light/readme.md

@@ -80,6 +80,52 @@ What happens now is:
 - VMs inside a single space can communicate directly over their bridge.
 - Different networks resource can (and well) have conflicting IP and ranges but with no issue since each network is completely isolated from the other ones.
 
+## Private Networks
+
+To reach vms on local nodes using wireguard you need to:
+
+- Deploy a networkwith valid pairs so you can be able to connect to the vm from your machine and add a container to this network.
+For example:
+
+```go
+WGPrivateKey: wgKey,
+WGListenPort: 3011,
+Peers: []zos.Peer{
+ {
+  Subnet:      gridtypes.MustParseIPNet("10.1.2.0/24"),
+  WGPublicKey: "4KTvZS2KPWYfMr+GbiUUly0ANVg8jBC7xP9Bl79Z8zM=",
+
+  AllowedIPs: []gridtypes.IPNet{
+   gridtypes.MustParseIPNet("10.1.2.0/24"),
+   gridtypes.MustParseIPNet("100.64.1.2/32"),
+
+```
+
+> **Note:** make sure to use valid two wg key pairs for the container and your local machine.
+
+- After the deployment the network can be accessed through wg with the following config.
+
+```conf
+[Interface]
+Address = 100.64.1.2/32
+PrivateKey = <your private key>
+
+[Peer]
+PublicKey = cYvKjMRBLj3o3e4lxWOK6bbSyHWtgLNHkEBxIv7Olm4=
+AllowedIPs = 10.1.1.0/24, 100.64.1.1/32
+PersistentKeepalive = 25
+Endpoint = 192.168.123.32:3011
+```
+
+- Bring wireguard interface up `wg-quick up <config file>`
+- Test the connection `wg`
+![image](https://github.com/user-attachments/assets/ca0d37e2-d586-4e0f-ae98-2d70188492bd)
+
+- Then you should be able to ping/access the container `ping 10.1.1.2`
+![image](https://github.com/user-attachments/assets/d625a573-3d07-4980-afc0-4570acd7a21f)
+
+- Then you should be able to ping to the container `ping 10.1.1.2`
+
 ### Full Picture
 
 ![full](png/full.png)