# install & configure wireguard

## install via apt
```
sudo apt install wireguard
```

## config
create config file with private key for our bridge:
```
cd /etc/wireguard/
(umask 077 && printf "[Interface]\nPrivateKey = " | sudo tee wg0.conf > /dev/null)
wg genkey | sudo tee -a wg0.conf | wg pubkey | sudo tee wg0.pubkey
```
open `wg0.conf` in a text editor and add the following lines:
```
ListenPort = ${wireguard_port:?}
SaveConfig = true
Address = ${wireguard_ip:?}/24
```
where `wireguard_ip` is the IP that computer should have in the WireGuard network.

## firewall
if the computer is using a firewall, don't forget to allow whatever port you chose through the firewall. If you are using `nftables` as your firewall, you will want to edit `/etc/nftables.conf`.

## start
to start wireguard, run the command:
```
sudo systemctl start wg-quick@wg0
```
to enable wireguard to automatically start this interface on boot, run the command:
```
sudo systemctl enable wg-quick@wg0
```
to see WireGuard's status and configuration, run:
```
wg
```