alessionossa/wgsd-server-setup.sh

## wgsd-server-setup.sh
#!/bin/bash

apt update -qq

wget -q https://github.com/jwhited/wgsd/releases/download/v0.3.1/wgsd_0.3.1_linux_amd64.tar.gz
mkdir wgsd
tar -xzf wgsd_0.3.1_linux_amd64.tar.gz -C ./wgsd
mv wgsd/coredns /usr/bin/

apt install -y wireguard

PRIVATE_KEY=$(wg genkey)
PUB_KEY=$(echo "$PRIVATE_KEY" | wg pubkey)

cat > /etc/wireguard/wg0.conf <<EOF
[Interface]
PrivateKey = $PRIVATE_KEY
ListenPort = 51820
Address = 10.180.0.254/32

# Client 1
[Peer]
PublicKey = your_public_key1
AllowedIPs = 10.180.0.3/32

# Client2
[Peer]
PublicKey = your_public_key2
AllowedIPs = 10.180.0.4/32
EOF

systemctl enable wg-quick@wg0.service

useradd coredns -s /sbin/nologin -c 'coredns user'

# The following file is hardcoded because of the error reported at https://github.com/coredns/deployment/issues/207 . Ptherwise, the following command could be used
# (curl https://raw.githubusercontent.com/coredns/deployment/master/systemd/coredns.service) > /etc/systemd/system/coredns.service
cat > /etc/systemd/system/coredns.service <<EOF
[Unit]
Description=CoreDNS DNS server
Documentation=https://coredns.io
After=network.target

[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=coredns
ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOF

mkdir /etc/coredns/
cat > /etc/coredns/Corefile <<EOF
.:5353 {
    debug
    # bind 10.180.0.254
    wgsd yourdomain.com wg0
}
EOF

systemctl daemon-reload
systemctl enable coredns.service
systemctl start coredns.service
systemctl --no-pager status coredns.service
# /usr/bin/coredns -conf /etc/coredns/Corefile

ufw allow OpenSSH
ufw allow 51820/udp
ufw allow in on wg0 to any
ufw --force enable

printf "\n\nPubkey:"
# echo $PUB_KEY

printf "\nAll setup. Reboot..."
sleep 2
reboot
	#!/bin/bash

	apt update -qq

	wget -q https://github.com/jwhited/wgsd/releases/download/v0.3.1/wgsd_0.3.1_linux_amd64.tar.gz
	mkdir wgsd
	tar -xzf wgsd_0.3.1_linux_amd64.tar.gz -C ./wgsd
	mv wgsd/coredns /usr/bin/

	apt install -y wireguard

	PRIVATE_KEY=$(wg genkey)
	PUB_KEY=$(echo "$PRIVATE_KEY" \| wg pubkey)

	cat > /etc/wireguard/wg0.conf <<EOF
	[Interface]
	PrivateKey = $PRIVATE_KEY
	ListenPort = 51820
	Address = 10.180.0.254/32

	# Client 1
	[Peer]
	PublicKey = your_public_key1
	AllowedIPs = 10.180.0.3/32

	# Client2
	[Peer]
	PublicKey = your_public_key2
	AllowedIPs = 10.180.0.4/32
	EOF

	systemctl enable wg-quick@wg0.service

	useradd coredns -s /sbin/nologin -c 'coredns user'

	# The following file is hardcoded because of the error reported at https://github.com/coredns/deployment/issues/207 . Ptherwise, the following command could be used
	# (curl https://raw.githubusercontent.com/coredns/deployment/master/systemd/coredns.service) > /etc/systemd/system/coredns.service
	cat > /etc/systemd/system/coredns.service <<EOF
	[Unit]
	Description=CoreDNS DNS server
	Documentation=https://coredns.io
	After=network.target

	[Service]
	PermissionsStartOnly=true
	LimitNOFILE=1048576
	LimitNPROC=512
	CapabilityBoundingSet=CAP_NET_BIND_SERVICE
	AmbientCapabilities=CAP_NET_BIND_SERVICE
	NoNewPrivileges=true
	User=coredns
	ExecStart=/usr/bin/coredns -conf=/etc/coredns/Corefile
	ExecReload=/bin/kill -SIGUSR1 $MAINPID
	Restart=on-failure

	[Install]
	WantedBy=multi-user.target
	EOF

	mkdir /etc/coredns/
	cat > /etc/coredns/Corefile <<EOF
	.:5353 {
	debug
	# bind 10.180.0.254
	wgsd yourdomain.com wg0
	}
	EOF

	systemctl daemon-reload
	systemctl enable coredns.service
	systemctl start coredns.service
	systemctl --no-pager status coredns.service
	# /usr/bin/coredns -conf /etc/coredns/Corefile

	ufw allow OpenSSH
	ufw allow 51820/udp
	ufw allow in on wg0 to any
	ufw --force enable

	printf "\n\nPubkey:"
	# echo $PUB_KEY

	printf "\nAll setup. Reboot..."
	sleep 2
	reboot