I've read some articles online, but I still haven't managed to understand the hype around wireguard. It's lighter than OpenVPN, but has more obscure primitives? Doesn't seem like a great trade off...
Wireguard is your plumbing layer. OpenVPN is an entire application stack. Wireguard is super simple because it's low level. If you wanted to compare something (as a user in terms of feature parity, etc.) to OpenVPN a more accurate comparison would probably be nebula or tailscale (private/mesh network management tools that are built atop wireguard). I'm a wireguard fan and it's true that its crypto is much simpler, smaller, and harder to fuck up than OpenVPN but that is really only something that matters to the security hats.
It's not hub and spoke. Any existing network topology can be mirrored essentially 1:1 with wireguard. With hub and spoke VPNs the model constrains your deployment somewhat. Now I'm not saying key distribution with wireguard is easy, that's a different problem. But wireguard is literally like "let's take your existing network interface and give it modern fast impossible to fuck up encryption".
Traditionally you have a server and all clients connect to this server (Hub and spoke). Wireguard can connect clients like you would in your network. You can mesh clients if you like. The hard part is getting the keys to all peers in the network.