Fixed typos in scripts

main.tf

@@ -6,22 +6,12 @@ resource "digitalocean_ssh_key" "default" {
 
 # Create a new Web Droplet in the nyc2 region
 resource "digitalocean_droplet" "web" {
-  image    = "ubuntu-22-04-x64"
+  image     = "ubuntu-22-04-x64"
-  name     = "wireguard"
+  name      = "wireguard"
-  region   = "nyc1"
+  region    = "nyc1"
-  size     = "s-2vcpu-4gb"
+  size      = "s-2vcpu-4gb"
-  ssh_keys = [digitalocean_ssh_key.default.fingerprint]
+  ssh_keys  = [digitalocean_ssh_key.default.fingerprint]
   user_data = file("setup.sh")
-  connection {
-    host = digitalocean_droplet.web.ipv4_address
-    type = "ssh"
-    user = "root"
-    private_key = "${file("./tf-digitalocean")}"
-  }
-
-  provisioner "remote-exec" {
-    inline = [ "cat /root/wireguard-conf/client-config.conf" ]
-  }
 }
 
 output "droplet_output" {

setup.sh

@@ -1,50 +1,55 @@
-#!/bin/bash
+#!/usr/bin/env sh
-apt update
+set -e
+set -u
+# Set the listen port used by Wireguard, this is the default so feel free to change it.
+LISTENPORT=51820
+CONFIG_DIR=/root/wireguard-conf
+umask 077
+mkdir -p $CONFIG_DIR/client
 
 # Install wireguard
-apt install -y wireguard
+apt update && apt install -y wireguard
 
-LISTENPORT=51820
+# Generate public/private key for the "server".
-umask 077
+wg genkey > $CONFIG_DIR/privatekey
-# Generate public and private key
+wg pubkey < $CONFIG_DIR/privatekey > $CONFIG_DIR/publickey
-mkdir /root/wireguard-conf
-cd /root/wireguard-conf
 
-wg genkey > privatekey
+# Generate public/private key for the "client"
-wg pubkey < privatekey > publickey
+wg genkey > $CONFIG_DIR/client/privatekey
-mkdir client
+wg pubkey < $CONFIG_DIR/client/privatekey > $CONFIG_DIR/client/publickey
-
-wg genkey > client/privatekey
-wg pubkey < client/privatekey > client/publickey
 
 
+# Generate server config
 echo "[Interface]
 Address = 10.66.66.1/24,fd42:42:42::1/64
 ListenPort = $LISTENPORT
-PrivateKey = $(cat privatekey)
+PrivateKey = $(cat $CONFIG_DIR/privatekey)
 
-### Client mike-home
+### Client config
 [Peer]
-PublicKey = $(cat client/publickey)
+PublicKey = $(cat $CONFIG_DIR/client/publickey)
 AllowedIPs = 10.66.66.2/32,fd42:42:42::2/128
 " > /etc/wireguard/do.conf
 
-wg-quick up do
 
+# Generate client config.  This will need to be copied to your machine.
 echo "[Interface]
-PrivateKey = $(cat client/privatekey)
+PrivateKey = $(cat $CONFIG_DIR/client/privatekey)
 Address = 10.66.66.2/32,fd42:42:42::2/128
 DNS = 1.1.1.1,1.0.0.1
 
 [Peer]
-PublicKey = $(cat publickey)
+PublicKey = $(cat $CONFIG_DIR/publickey)
 Endpoint = $(curl icanhazip.com):$LISTENPORT
 AllowedIPs = 0.0.0.0/0,::/0
-" > client-config.conf
+" > $CONFIG_DIR/client-config.conf
+
+wg-quick up do
 
 # Add iptables rules to forward internet traffic through this box
 # We are assuming our Wireguard interface is called do and our
 # primary public facing interface is called eth0.
+
 iptables -I INPUT -p udp --dport 51820 -j ACCEPT
 iptables -I FORWARD -i eth0 -o do -j ACCEPT
 iptables -I FORWARD -i do -j ACCEPT
@@ -56,6 +61,3 @@ ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 echo "net.ipv4.ip_forward = 1
       net.ipv6.conf.all.forwarding = 1" >/etc/sysctl.d/wg.conf
 sysctl --system
-
-
-cat client-config.conf