From 84a50618daa8125a79ce1f302b1146cf7d3dc172 Mon Sep 17 00:00:00 2001
From: jkaplon <1953657+jkaplon@users.noreply.github.com>
Date: Tue, 11 Mar 2025 14:51:03 -0400
Subject: [PATCH] Initial commit of README and functioning script.

---
 README.md       |  3 +++
 wg-qr-client.sh | 52 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)
 create mode 100644 README.md
 create mode 100755 wg-qr-client.sh

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..494103b
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+Bash script for use on wireguard hub/server to auto-configure new clients.
+Output displays a QR code on the terminal for easy setup of wireguard mobile or PC apps.
+Script must be run on central wireguard hub/server, but resulting QR works on a mobile terminal app or ssh-client (tested with Termux on android).
diff --git a/wg-qr-client.sh b/wg-qr-client.sh
new file mode 100755
index 0000000..8afd4d3
--- /dev/null
+++ b/wg-qr-client.sh
@@ -0,0 +1,52 @@
+#! /bin/bash
+
+# Require descriptive device name arg from user.
+device_name=$1
+if [ -z "$device_name" ]; then
+    echo 'Missing device name arg' >&2
+    exit 1 
+fi
+
+# Want this script to be executed w/`sudo` so don't need it anywhere in here.
+wg genkey | tee /etc/wireguard/clients/${device_name}.key | wg pubkey | tee /etc/wireguard/clients/${device_name}.key.pub
+
+priv_key=$(cat /etc/wireguard/clients/${device_name}.key)
+pub_key=$(cat /etc/wireguard/clients/${device_name}.key.pub)
+
+# start client numbering at 150, store next value in ~/bin/wg-qr-client-nxt-ip.conf
+nxt_ip=$(cat /home/jody/bin/wg-qr-client-nxt-ip.conf)
+echo $((nxt_ip+1)) > /home/jody/bin/wg-qr-client-nxt-ip.conf
+
+# IPv4 & Public key for primary wireguard hub/server (assuming this script is running on that machine...look them up to avoid hard-coding so this script can be shared).
+hub_ip_addr=$(ifconfig eth0 | grep 'inet ' | cut -d' ' -f10)
+hub_pub_key=$(wg | grep public | cut -d' ' -f5)
+
+cat > /etc/wireguard/clients/${device_name}.conf <<EOL
+[Interface]
+Address = 10.0.0.${nxt_ip}/32
+ListenPort = 61666
+PrivateKey = ${priv_key}
+DNS = 10.0.0.143
+
+[Peer]
+PublicKey = ${hub_pub_key}
+AllowedIPs = 10.0.0.0/24
+Endpoint = ${hub_ip_addr}:61666
+EOL
+
+# Append new peer to ISH-VPS server in /etc/wireguard/wg0.conf
+cat >> /etc/wireguard/wg0.conf <<EOL
+
+[Peer]
+# ${device_name}
+PublicKey = ${pub_key}
+AllowedIPs = 10.0.0.${nxt_ip}/32
+EOL
+
+# Restart wg0 interface to finalize changes.
+systemctl restart wg-quick@wg0
+
+# Output QR-code to the terminal
+# (YAGNI, also output to PNG file for later use...maybe could send to ntfy).
+cat /etc/wireguard/clients/${device_name}.conf | qrencode -t ansiutf8
+