#/bin/bash
# install wireguard as the VPN server

# install wireguard
dnf install elrepo-release epel-release
dnf install kmod-wireguard wireguard-tools

# setup port forwarding
cat << EOF >> /etc/systctl.d/99-custom.conf
# IPv4 Forwarding
net.ipv4.ip_forward = 1
# IPv6 Forwarding
#net.ipv6.conf.all.forwarding = 1
EOF

sysctl -p /etc/sysctl.d/99-custom.conf

cat << EOF >> /etc/firewalld/services/wireguard.xml
<?xml version="1.0" encoding="utf-8"?>
    <service>
        <short>wireguard</short>
        <description>wireguard vpn</description>
        <port protocol="udp" port="51820"/>
    </service>
EOF    

sleep 5

sudo firewall-cmd --add-service wireguard --permanent
sudo firewall-cmd --add-masquerade --permanent
sudo firewall-cmd --reload

sudo mkdir /etc/wireguard
# make private and public keys
wg genkey | tee /etc/wireguard/<hostname>.wg0.key | wg pubkey > /etc/wireguard/<hostname>.wg0.pub

# example of wg0.conf file
: '
[Interface]
Address = 10.12.0.1/29
PrivateKey = <Private Key>
ListenPort = 51820
PostUp   = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o <INTERFACE> -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o <INTERFACE> -j MASQUERADE

# iPhone
[Peer]
PublicKey = <Public Key>
AllowedIPs = 10.12.0.2/32

# GauntLaptop
[Peer]
PublicKey = <Public Key>
AllowedIPs = 10.12.0.3/32

# GauntMTA
[Peer]
PublicKey = <Public Key>
AllowedIPs = 10.12.0.4/32 

'