From 60b39441967ab241e4383583b84699e40c2c5970 Mon Sep 17 00:00:00 2001
From: Mario Alegre <mario@git.alemor.org>
Date: Fri, 18 Dec 2020 19:48:34 -0500
Subject: [PATCH] working on wireguard instructions

---
 linux/wireguard/add-peer.md | 10 ++++++++++
 linux/wireguard/install.md  | 38 +++++++++++++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)
 create mode 100644 linux/wireguard/add-peer.md
 create mode 100644 linux/wireguard/install.md

diff --git a/linux/wireguard/add-peer.md b/linux/wireguard/add-peer.md
new file mode 100644
index 0000000..d0f010a
--- /dev/null
+++ b/linux/wireguard/add-peer.md
@@ -0,0 +1,10 @@
+# add a peer
+
+Say we want to connect two computers via wireguard. We will call them **one** and **two**.
+
+## one
+on one, run the following command to add a new host:
+```
+sudo wg set wg0 peer ${two_pubkey:?} endpoint ${two_public_ip:?}:${two_port:?} allowed-ips ${two_wg_ip:?}/32
+```
+if we also want to be able to refer to the host by an easy to remember name rather than just an IP, we can also add it to `/etc/hosts`
diff --git a/linux/wireguard/install.md b/linux/wireguard/install.md
new file mode 100644
index 0000000..12dca07
--- /dev/null
+++ b/linux/wireguard/install.md
@@ -0,0 +1,38 @@
+# install & configure wireguard
+
+## install via apt
+```
+sudo apt install wireguard
+```
+
+## config
+create config file with private key for our bridge:
+```
+cd /etc/wireguard/
+(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null)
+wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey
+```
+open `wg0.conf` in a text editor and add the following lines:
+```
+ListenPort = $port
+SaveConfig = true
+Address = ${wireguard_ip:?}/24
+```
+where `wireguard_ip` is the IP that computer should have in the WireGuard network.
+
+## firewall
+if the computer is using a firewall, don't forget to allow whatever port you chose through the firewall. If you are using `nftables` as your firewall, you will want to edit `/etc/nftables.conf`.
+
+## start
+to start wireguard, run the command:
+```
+sudo systemctl start wg-quick@wg0
+```
+to enable wireguard to automatically start this interface on boot, run the command:
+```
+sudo systemctl enable wg-quick@wg0
+```
+to see WireGuard's status and configuration, run:
+```
+wg
+```