working on wireguard instructions

linux/wireguard/add-peer.md

@@ -0,0 +1,10 @@
+# add a peer
+
+Say we want to connect two computers via wireguard. We will call them **one** and **two**.
+
+## one
+on one, run the following command to add a new host:
+```
+sudo wg set wg0 peer ${two_pubkey:?} endpoint ${two_public_ip:?}:${two_port:?} allowed-ips ${two_wg_ip:?}/32
+```
+if we also want to be able to refer to the host by an easy to remember name rather than just an IP, we can also add it to `/etc/hosts`

linux/wireguard/install.md

@@ -0,0 +1,38 @@
+# install & configure wireguard
+
+## install via apt
+```
+sudo apt install wireguard
+```
+
+## config
+create config file with private key for our bridge:
+```
+cd /etc/wireguard/
+(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null)
+wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey
+```
+open `wg0.conf` in a text editor and add the following lines:
+```
+ListenPort = $port
+SaveConfig = true
+Address = ${wireguard_ip:?}/24
+```
+where `wireguard_ip` is the IP that computer should have in the WireGuard network.
+
+## firewall
+if the computer is using a firewall, don't forget to allow whatever port you chose through the firewall. If you are using `nftables` as your firewall, you will want to edit `/etc/nftables.conf`.
+
+## start
+to start wireguard, run the command:
+```
+sudo systemctl start wg-quick@wg0
+```
+to enable wireguard to automatically start this interface on boot, run the command:
+```
+sudo systemctl enable wg-quick@wg0
+```
+to see WireGuard's status and configuration, run:
+```
+wg
+```