Simple Wireguard Server Config

wireguard-howto.md

Wireguard auf dem Server

apt update
apt upgrade
apt install wireguard

cd /etc/wireguard
umask 077
wg genkey | tee server.priv | wg pubkey > server.pub
wg genkey | tee client1.priv | wg pubkey > client1.pub
wg genkey | tee client2.priv | wg pubkey > client2.pub

cat > /etc/wireguard/server.conf << EOF
[Interface]
Address = 172.17.172.254/24
ListenPort = 51820
PrivateKey = $(cat server.priv)

[Peer]
AllowedIps = 172.17.172.1/32
PublicKey = $(cat client1.pub)
[Peer]

AllowedIps = 172.17.172.2/32
PublicKey = $(cat client2.pub)
EOF

cat > /etc/wireguard/client1.conf << EOF
[Interface]
Address = 172.17.172.1/24
PrivateKey = $(cat client1.priv)

[Peer]
PublicKey = $(cat server.pub)
Endpoint = $(ip -4 -o a l dev eth0 | awk '{ print $4; }' | sed -e 's_/.*$__'):51820
AllowedIps = 172.17.172.0/24
EOF

cat > /etc/wireguard/client2.conf << EOF
[Interface]
Address = 172.17.172.2/24
PrivateKey = $(cat client2.priv)

[Peer]
PublicKey = $(cat server.pub)
Endpoint = $(ip -4 -o a l dev eth0 | awk '{ print $4; }' | sed -e 's_/.*$__'):51820
AllowedIps = 172.17.172.0/24
EOF

systemctl enable [email protected]
systemctl start [email protected]

Auto-Upgrades

apt install unattended-upgrades
cat << 'EOF' > /etc/apt/apt.conf.d/10periodic
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF

cat << 'EOF' > /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "05:00";

Unattended-Upgrade::Mail "[email protected]";
Unattended-Upgrade::MailOnlyOnError "true";

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
        "Docker:${distro_codename}";
};

Unattended-Upgrade::Package-Blacklist{
}
EOF