[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = WG0_SERVER_PRIVATE_KEY
SaveConfig = false

[Peer]
# client1
PublicKey = PUBKEY_FROM_CLIENT_ONE
AllowedIPs = 10.0.0.2/32

vim /etc/wireguard/wg1.conf

[Interface]
Address = 10.0.1.1/24
ListenPort = 51821
PrivateKey = WG1_SERVER_PRIVATE_KEY
SaveConfig = false

[Peer]
# client2
PublicKey = PUBKEY_FROM_CLIENT_TWO
AllowedIPs = 10.0.1.2/32

MacOS
brew install wireguard-tools

wg genkey | tee privatekey | wg pubkey > publickey

Server side:
/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.1/24
DNS = 1.1.1.1
PrivateKey = [ServerPrivateKey]
ListenPort = 51820
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o enp9s0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o enp9s0 -j MASQUERADE

[Peer]
#Peer #1
PublicKey = [Peer#1PublicKey]
AllowedIPs = 10.0.0.3/32

[Peer]
#Peer #2
PublicKey = [Peer#2PublicKey]
AllowedIPs = 10.0.0.10/32

[Peer]
#Peer #3
PublicKey = [Peer#3PublicKey]
AllowedIPs = 10.0.0.2/32

[Peer]
#Peer #4
PublicKey = [Peer#4PublicKey]
AllowedIPs = 10.0.0.11/32

Client side:
/etc/wireguard/wg0.conf

[Interface]
Address = 10.0.0.3/24
PrivateKey = [PrivateKeyPeer#1]

[Peer]
PublicKey = [ServerPublicKey]
Endpoint = some.domain.com:51820
AllowedIPs = 0.0.0.0/0

# This is for if you're behind a NAT and
# want the connection to be kept alive.
PersistentKeepalive = 25

Start/stop interface
wg-quick up wg0
wg-quick down wg0

Start/stop service
$ sudo systemctl stop [email protected]
$ sudo systemctl start [email protected]

Instead of having to modify the file for every client you want to add to the
server you could also use the wg tool instead:

# add peer
wg set wg0 peer allowed-ips 10.0.0.x/32

# verify connection
wg