#!/bin/bash ### References # https://wiki.archlinux.org/title/WireGuard ### Installation # Install wireguard tools and QR-Code generator and local dns unbound apt-get install --yes wireguard qrencode ### Variables hostname="blue.s-up.net" server_ip='192.168.130.1/24' network='192.168.130.0/24' confdir='/etc/wireguard' interface='ens3' ### Create key material cd $confdir wgkeypair() { wg genkey | (umask 0077 && tee $1.key) | wg pubkey > $1.pub; } wgpsk() { wg genpsk | (umask 0077 && cat > $1.psk) } wgkeypair host peers="dspx4 zino2" for peer in $peers; do wgkeypair $peer && wgpsk $peer; done ### Configuration # Setup wireguard network interface ip link add dev wg0 type wireguard ip addr add $server_ip dev wg0 wg set wg0 listen-port 51871 private-key $confdir/host.key wgsetpeer() { peer=$1 ip=$2 wg set wg0 \ peer `cat $confdir/$peer.pub` \ preshared-key $confdir/$peer.psk \ allowed-ips $ip ip link set wg0 up cat >$confdir/$peer.conf <