### on server:
cd /etc/wireguard
umask 077
wg genkey | tee server_private.key | wg pubkey > server_public.key
sudo nano /etc/wireguard/wg0.conf

paste:
	[Interface]
	Address = 10.0.0.1/24
	ListenPort = 51820
	PrivateKey = SERVER_PRIVATE_KEY

	# If IP forward needed
	PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o NETWORK_INTERFACE -j MASQUERADE
	PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o NETWORK-INTERFACE -j MASQUERADE

if IP forward needed:
sudo nano /etc/sysctl.d/wg.conf
paste:
	net.ipv4.ip_forward = 1

sudo sysctl --system

sudo systemctl enable --now wg-quick@wg0

### on client:
wg genkey | tee client_private.key | wg pubkey > client_public.key

### on server:
sudo nano /etc/wireguard/wg0.conf

paste:
	[Peer]
	PublicKey = CLIENT_PUBLIC_KEY
	AllowedIPs = 10.0.0.2/32
	# if IP forward needed
	# AllowedIPs = 10.0.0.2/32, 0.0.0.0/0

sudo systemctl restart wg-quick@wg0
sudo nano /etc/wireguard/client.conf

paste:
	[Interface]
	PrivateKey = CLIENT_PRIVATE_KEY
	Address = 10.0.0.2/32
	DNS = 8.8.8.8
	
	[Peer]
	PublicKey = SERVER_PUBLIC_KEY
	Endpoint = PUBLIC_IP:51820
	AllowedIPs = 10.0.0.0/24
	# if IP forward needed
	# AllowedIPs = 0.0.0.0/0
        PersistentKeepalive = 25
qr:
qrencode -t ansiutf8 -r client.conf 

or just copy .conf to /etc/wireguard/wg0.conf
then:
sudo wg-quick up wg0