Add WireGuard TUI implementation

- Add Go TUI with bubbletea for WireGuard management
- Implement client CRUD operations with QR code generation
- Add configuration and validation modules
- Install/update scripts for client setup
- Update Makefile to build binaries to bin/ directory
- Add .gitignore for Go projects

README.md

@@ -3,23 +3,89 @@
 ## Overview
 Personal WireGuard VPN server with IPv4/IPv6 support, client management via `wireguard.sh`, designed for 1 CPU / 1GB RAM VPS.
 
+## Development & Issue Tracking
+
+This project uses **beads** (`bd` CLI) for issue tracking and **Gitea** for external issue tracking.
+
+- **Agent instructions**: See `AGENTS.md` and `.agent/` directory for project-specific guidance
+- **Issue tracking**: Use `bd ready` to find available work
+- **External issues**: Gitea at https://gitea.calmcacil.dev
+
 ## Configuration
-- **Server Domain**: velkhana.calmcacil.dev
-- **Port**: 51820
-- **VPN IPv4 Range**: 10.10.69.0/24
-- **VPN IPv6 Range**: fd69:dead:beef:69::/64
-- **DNS**: 8.8.8.8, 8.8.4.4 (Google)
-- **Server-side peer configs**: /etc/wireguard/conf.d/client-*.conf (loaded dynamically)
-- **Client-side configs**: /etc/wireguard/clients/*.conf (for distribution)
+
+Configuration is managed through `/etc/wg-admin/config.conf`. Copy `config.example` to this location and customize for your environment.
+
+### Creating Configuration File
+
+```bash
+sudo mkdir -p /etc/wg-admin
+sudo cp config.example /etc/wg-admin/config.conf
+sudo nano /etc/wg-admin/config.conf
+```
+
+### Configuration Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `SERVER_DOMAIN` | *Required* | Server domain or IP address (e.g., `vpn.example.com`) |
+| `WG_PORT` | 51820 | WireGuard UDP port |
+| `VPN_IPV4_RANGE` | 10.10.69.0/24 | VPN IPv4 address range |
+| `VPN_IPV6_RANGE` | fd69:dead:beef:69::/64 | VPN IPv6 address range |
+| `WG_INTERFACE` | wg0 | WireGuard interface name |
+| `DNS_SERVERS` | 8.8.8.8, 8.8.4.4 | DNS servers for clients |
+| `LOG_FILE` | /var/log/wireguard-admin.log | Log file location |
+
+### Example Configuration
+
+```ini
+# Server domain or IP address (required)
+SERVER_DOMAIN=vpn.example.com
+
+# WireGuard UDP port (optional, default: 51820)
+WG_PORT=51820
+
+# VPN IPv4 range (optional, default: 10.10.69.0/24)
+VPN_IPV4_RANGE=10.10.69.0/24
+
+# VPN IPv6 range (optional, default: fd69:dead:beef:69::/64)
+VPN_IPV6_RANGE=fd69:dead:beef:69::/64
+
+# DNS servers (optional, default: 8.8.8.8, 8.8.4.4)
+DNS_SERVERS=8.8.8.8, 8.8.4.4
+```
+
+**Note**: All values are optional except `SERVER_DOMAIN`. The script will use defaults if not specified.
+
+### Configuration Priority
+
+1. `/etc/wg-admin/config.conf` file (highest priority)
+2. Environment variables (e.g., `SERVER_DOMAIN=vpn.example.com ./wireguard.sh install`)
+3. Built-in defaults (lowest priority)
+
+### Other Directories
+- **Server-side peer configs**: `/etc/wireguard/conf.d/client-*.conf` (loaded dynamically)
+- **Client-side configs**: `/etc/wireguard/clients/*.conf` (for distribution)
 
 ## Installation
 
 ### 1. Upload script to VPS
 ```bash
-scp wireguard.sh calmcacil@velkhana.calmcacil.dev:~/
+scp wireguard.sh calmcacil@your-vps.com:~/
+scp config.example calmcacil@your-vps.com:~/
 ```
 
-### 2. Run installation
+### 2. Configure the script
+```bash
+# Copy example config and customize
+sudo mkdir -p /etc/wg-admin
+sudo cp ~/config.example /etc/wg-admin/config.conf
+sudo nano /etc/wg-admin/config.conf
+
+# Set at minimum:
+# SERVER_DOMAIN=vpn.yourdomain.com
+```
+
+### 3. Run installation
 ```bash
 chmod +x ~/wireguard.sh
 sudo ~/wireguard.sh install