# WIP
# The script is compatible with Canonical Ubuntu (Always Free Eligible) Minimal

sudo apt update
sudo apt install wireguard

# ifconfig to check your interfae
# for Ubuntu 20.04 Minimal 2021.03.25-0 it's ens3

# Generate keys (WIP)

sudo echo '
[Interface]
PrivateKey = server.key
Address = 192.168.16.1/24
ListenPort = 51820
PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE

[Peer]
PublicKey = client.pub
PresharedKey = shared.psk
AllowedIPs = 192.168.16.0/24
PersistentKeepalive = 25
' > /etc/wireguard/wg0.conf

# Firewall settings
# https://stackoverflow.com/a/54835902
# WireGuard uses udp.
sudo firewall-cmd --zone=public --permanent --add-port=51820/udp
sudo firewall-cmd --reload