I don't like how the setup procedure for the WireGuard part is simply "Download this script from the internet and run it with sudo".
Sounds not very secure and prone to breaking etc.
It's using some sort of a custom installer that also downloads Cloudflare's BoringTun (https://github.com/cloudflare/boringtun) directly from the author's website (nyr[.]be), since Cloudflare doesn't seem to offer it as a binary release. Example:
{ wget -qO- https://wg.nyr[.]be/1/latest/download 2>/dev/null || curl -sL https://wg.nyr.be/1/latest/download ; } | tar xz -C /usr/local/sbin/ --wildcards 'boringtun-*/boringtun' --strip-components 1
I don't have time to go through it in more details, but I would definitely recommend an alternative way of installing it.