From 7e43d3400a15c6a177e5e03610dc9517b7b359df Mon Sep 17 00:00:00 2001
From: Kar <kar@siliconpin.com>
Date: Sat, 26 Apr 2025 15:46:13 +0000
Subject: [PATCH] wireguard

---
 wireguard.sh | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 95 insertions(+)
 create mode 100644 wireguard.sh

diff --git a/wireguard.sh b/wireguard.sh
new file mode 100644
index 0000000..e9dcbb9
--- /dev/null
+++ b/wireguard.sh
@@ -0,0 +1,95 @@
+#!/bin/bash
+
+set -e
+
+# Remove unattended-upgrades
+apt remove --purge -y unattended-upgrades
+
+# Update and upgrade
+apt update && apt upgrade -y
+
+# Install basic tools and WireGuard
+apt install -y git curl wget tmux nano net-tools unzip zip gnupg tzdata qrencode wireguard
+
+# Setup WireGuard directory
+WG_DIR="/etc/wireguard"
+mkdir -p "$WG_DIR/self"
+cd "$WG_DIR/self"
+
+# Generate server keys
+wg genkey | tee private | wg pubkey > public
+
+# Enable IP forwarding
+echo "net.ipv4.ip_forward=1" | tee -a /etc/sysctl.conf
+echo "net.ipv6.conf.all.forwarding=1" | tee -a /etc/sysctl.conf
+sysctl -p
+
+# Create basic wg0.conf if it doesn't exist
+WG_CONF="$WG_DIR/wg0.conf"
+if [ ! -f "$WG_CONF" ]; then
+  SERVER_PRIVATE_KEY=$(cat private)
+  SERVER_PUBLIC_KEY=$(cat public)
+  SERVER_PORT=51820
+  SERVER_INTERFACE=$(ip route get 8.8.8.8 | awk '{print $5; exit}') # Detect network interface (e.g., eth0, ens3, etc.)
+
+  cat > "$WG_CONF" <<EOF
+[Interface]
+Address = 10.0.0.1/24
+ListenPort = $SERVER_PORT
+PrivateKey = $SERVER_PRIVATE_KEY
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_INTERFACE -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_INTERFACE -j MASQUERADE
+EOF
+fi
+
+# Enable and start WireGuard
+systemctl enable wg-quick@wg0
+systemctl start wg-quick@wg0
+
+# Detect public IP
+PUBLIC_IP=$(curl -s ifconfig.me)
+
+# Setup Mobile Peer
+MOBILE_DIR="$WG_DIR/mobile_1"
+mkdir -p "$MOBILE_DIR"
+cd "$MOBILE_DIR"
+
+# Generate mobile peer keys
+wg genkey | tee private | wg pubkey > public
+
+MOBILE_PRIVATE_KEY=$(cat private)
+MOBILE_PUBLIC_KEY=$(cat public)
+
+# Create peer config for mobile
+cat > mobile.conf <<EOF
+[Interface]
+PrivateKey = $MOBILE_PRIVATE_KEY
+Address = 10.0.0.2/24
+DNS = 1.1.1.1
+
+[Peer]
+PublicKey = $(cat "$WG_DIR/self/public")
+Endpoint = $PUBLIC_IP:51820
+AllowedIPs = 0.0.0.0/0, ::/0
+PersistentKeepalive = 25
+EOF
+
+# Add mobile peer to server config
+cat >> "$WG_CONF" <<EOF
+
+[Peer]
+PublicKey = $MOBILE_PUBLIC_KEY
+AllowedIPs = 10.0.0.2/32
+EOF
+
+# Restart WireGuard to apply new peer
+systemctl restart wg-quick@wg0
+
+# Generate QR code for mobile
+qrencode -t ansiutf8 < mobile.conf
+
+echo
+echo "✅ WireGuard server setup complete!"
+echo "📱 Scan the above QR code from your mobile WireGuard app!"
+echo
+echo "If needed, your mobile config is saved here: $MOBILE_DIR/mobile.conf"