show status of wg0 interface in main status line

.i3/status.conf

@@ -65,7 +65,7 @@ run_watch DHCP {
 }
 
 path_exists VPN {
-	path = "/proc/sys/net/ipv4/conf/tun0"
+	path = "/proc/sys/net/ipv4/conf/wg0"
 }
 
 tztime local {

scripts/install.sh

@@ -39,6 +39,11 @@ deb-src http://deb.debian.org/debian ${DIST} main
 deb http://deb.debian.org/debian-security/ ${DIST}/updates main
 deb-src http://deb.debian.org/debian-security/ ${DIST}/updates main
 
+# backports for wireguard
+# https://www.wireguard.com/install/
+# https://backports.debian.org/Instructions/
+deb http://deb.debian.org/debian buster-backports main
+
 deb http://deb.debian.org/debian ${DIST}-updates main
 deb-src http://deb.debian.org/debian ${DIST}-updates main
 EOF
@@ -73,6 +78,7 @@ base_applications() {
         htop \
         iotop \
         locales \
+        linux-headers-$(uname -r) \
         make \
         mount \
         net-tools \
@@ -86,6 +92,7 @@ base_applications() {
         vim \
         vpnc \
         vpnc-scripts \
+        wireguard \
         zip \
         --no-install-recommends
 
@@ -93,6 +100,8 @@ base_applications() {
     $SUDO apt autoremove
     $SUDO apt autoclean
     $SUDO apt clean
+
+    $SUDO ip link add dev wg0 type wireguard
 }
 
 install_server_base() {
@@ -193,10 +202,8 @@ install_i3() {
 
     DEBIAN_FRONTEND=noninteractive
 
-
     # TODO add non-free to apt/sources.list
 
-
     apt update
     apt install -y \
         alsa-utils \
@@ -353,7 +360,6 @@ install_compose() {
     /usr/bin/docker-compose version
 }
 
-
 install_virtualbox() {
     # https://wiki.debian.org/VirtualBox#Installation_of_non-free_edition
     apt install -y \
@@ -416,7 +422,7 @@ main() {
     local cmd=$1
 
     if [[ -z "$cmd" ]]; then
-        echo "Usage: \n base | desktop | server | dotfiles | update-docker | go"
+        echo "Usage: \n base (includes docker+compose)| desktop | server | dotfiles | vscode | latex | update-docker | go"
     fi
 
     case "$cmd" in

wireguard/README.org

@@ -0,0 +1,58 @@
+* Wireguard Quick Start
+
+  https://www.wireguard.com/quickstart/
+
+  Level 3 VPN Protocol.
+  Designed for Linux (works on BSD, MacOS and Windows too).
+  Network Interface as most basic foundation of operation.
+
+** Linux CLI
+
+   Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4
+
+*** Setup the Interface
+
+   #+begin_src bash
+     # ip link add dev wg0 type wireguard
+     # ip address add dev wg0 10.1.0.2/24
+     # ip address add dev wg0 10.1.0.2 peer 10.1.0.1
+   #+end_src
+
+*** Create Keys
+
+    #+begin_src bash
+      $ umask 077
+      $ wg genkey > privatekey
+      $ wg pubkey < privatekey > publickey
+    #+end_src
+
+    or just
+
+    #+begin_src bash
+      $ wg genkey | tee privatekey | wg pubkey > publickey
+    #+end_src
+
+*** Add Peer To Server
+
+    #+begin_src bash
+      # add peer
+      wg set wg0 peer <client_pubkey> allowed-ips 10.0.0.x/32
+
+      # verify connection
+      wg
+
+      # save to config
+      wg-quick save wg0
+    #+end_src
+
+*** Start/Stop Interface
+
+    #+begin_src bash
+      # Start/stop interface
+      wg-quick up wg0
+      wg-quick down wg0
+
+      # Start/stop service
+      $ sudo systemctl stop wg-quick@wg0.service
+      $ sudo systemctl start wg-quick@wg0.service
+    #+end_src

wireguard/wg.conf.example

@@ -0,0 +1,9 @@
+[Interface]
+PrivateKey = 
+Address = 10.x.x.x/24
+
+[Peer]
+PublicKey = 
+Endpoint = 
+AllowedIPs = 10.x.x.x/32
+PersistentKeepalive = 25