$ wg-confgen
usage: wg-confgen.sh (defaultconf | network | srvinit | peeradd | srvconf | srvdeploy) <arguments...>
defaultconf
    create a default wg-confgen.conf file
network
    display summary of server and peers IP addressing
srvinit <ipaddress>/<subnet>
    initialize server keys (local files)
peeradd <peername> "<ipaddress>/<subnet> [<ipaddress/subnet>]" [user_email]
    create a configuration file for a peer (local file)
srvconf
    generate server configuration with all peers (local file)
srvdeploy
    (active action) deploy server configuration and restart wg
help
    shows extended help

$ wg-confgen defaultconf

# this is a configuration file for wg-confgen,
# a Wireguard configuration management script
# https://github.com/looran/wg-confgen

# vpn arbitrary name
VPNNAME="Wireguard VPN"
# name for the wg interface
VPNIFACE="wgvpn"
# wg server IP and port
VPNSERVER_ENDPOINT="A.B.C.D:51820"
# used only for 'wg-confgen srvdeploy'
VPNSERVER_SSH_HOST="A.B.C.D|ssh-alias"
# included in wg server configuration
VPNSERVER_EXTRACONF=""
# included in each wg client configuration
VPNCLIENT_ALLOWEDIPS="172.16.99.0/24"
# included in each wg client configuration
VPNCLIENT_EXTRACONF="Table = off"
# included wg client server peer configuration
VPNCLIENT_PERSISTENTKEEPALIVE="0"
# email template body content, generated for new clients
EMAIL_BODY=""
# email template signature, generated for new clients
EMAIL_FOOTER="Enjoy,
the admin"

# example : use the VPN as internet gateway for clients:
# VPNSERVER_EXTRACONF="PostUp = sysctl -w net.ipv4.conf.%i.forwarding=1
# PostUp = sysctl -w net.ipv4.conf.<internet_interface>.forwarding=1
# PostUp = iptables -t nat -A POSTROUTING -o <internet_interface> -j MASQUERADE
# PreDown = iptables -t nat -D POSTROUTING -o <internet_interface> -j MASQUERADE"
# VPNCLIENT_ALLOWEDIPS="0.0.0.0/0"
# VPNCLIENT_EXTRACONF=""

# example : set MTU on all peers:
# VPNSERVER_EXTRACONF="MTU = 1300"
# VPNCLIENT_EXTRACONF="MTU = 1300"

# example : ensure peers don't timeout behind NAT
# VPNCLIENT_PERSISTENTKEEPALIVE="25"

$ wg-confgen help
Extended help:

'wg-confgen defaultconf' will generate a default wg-confgen.conf file in your current directory.
Edit this file with your VPN settings.
Then use wg-confgen to generate wireguard configuration for server and clients, as explained bellow.

'wg-confgen srvinit' will initialize wireguard server keys and store ip address in the following local files:
./server
./server/publickey
./server/privatekey
./server/ip

'wg-confgen peeradd' will create the following local configuration files for a new peer:
./peer_<peer-name>
./peer_<peer-name>/vpn-name.conf       # wg configuration
./peer_<peer-name>/vpn-name.conf.asc   # GPG encrypted wg configuration, only created if user_email argument was present
./peer_<peer-name>/instructions.txt    # instructions to be sent to the user on how to use the wg configuration
./peer_<peer-name>/serveraddition.conf
./peer_<peer-name>/publickey
./peer_<peer-name>/psk
./peer_<peer-name>/privatekey

'wg-confgen srvconf' will generate the wg server configuration in this local file:
./server/<vpn-name>.conf

'wg-confgen srvdeploy' (optional) will:
* scp ./server/<vpn-name>.conf to wg server host in /etc/wireguard/vpn-name.conf
* restart wg interface on wg server host using wg-quick

For example:
$ wg-confgen defaultconf
# go and edit wg-confgen.conf
$ wg-confgen srvinit 172.16.99.1/24
$ wg-confgen peeradd user1 172.16.99.2/24
$ wg-confgen peeradd user2 172.16.99.3/24 [email protected]
$ wg-confgen srvconf
$ wg-confgen srvdeploy 
wireguard is up and running on the server !