diff --git a/step3_node_setup_as_user_with_sudo.sh b/step3_node_setup_as_user_with_sudo.sh
new file mode 100644
index 0000000..fcb5ce4
--- /dev/null
+++ b/step3_node_setup_as_user_with_sudo.sh
@@ -0,0 +1,113 @@
+#!/bin/bash -eu
+############################################################################
+#                                                                          #
+# Run this as the Linux user with sudo (but NOT as root)                   #
+#                                                                          #
+############################################################################
+# Input variables
+read -p "Enter a domain name for our internal API to find you.  End users won't see this domain, just our API and the SSL renewal. For example, \"example.com\": " PUBLIC_DOMAIN
+export PUBLIC_DOMAIN=$PUBLIC_DOMAIN
+read -p "Enter an email for SSL renewal errors. For example, \"you@example.com\": " PUBLIC_EMAIL
+export PUBLIC_EMAIL=$PUBLIC_EMAIL
+############################################################################
+#                                                                          #
+# Setup UFW                           #
+#                                                                          #
+############################################################################
+sudo apt install ufw
+sudo ufw default deny incoming
+sudo ufw allow OpenSSH
+sudo ufw allow 20203
+sudo ufw allow 51820
+sudo ufw allow 8080
+sudo ufw allow 8081
+sudo ufw allow 53
+sudo ufw allow 1080
+sudo ufw allow 443
+sudo ufw allow 80
+sudo ufw show added
+echo "Enabling the Firewall"
+sudo ufw enable -y
+sleep 2
+#sudo ufw status verbose
+############################################################################
+#                                                                          #
+# Installation of docker and it's dependencies                           #
+#                                                                          #
+############################################################################
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+# Add the repository to Apt sources:
+echo \
+"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
+$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt update && apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+sleep 2
+############################################################################
+#                                                                          #
+# Setup HydraVeil                           #
+#                                                                          #
+############################################################################
+# Install git & Generate API token
+sudo apt install git pwgen -y
+export API_TOKEN=$(pwgen -s 48 1)
+### Get it:
+read -p "are you doing IPv6 or IPv4? say '6' or '4' (6/4): " ARE_THEY_USING_IPV6
+# Check the user's answer
+if [[ "$ARE_THEY_USING_IPV6" == "6" ]]; then
+    REPO_URL="git@git.simplifiedprivacy.is:codeking/sp-env-wireguard-ipv6.git"
+    #git clone git@git.simplifiedprivacy.is:codeking/sp-env-wireguard-ipv6.git wireguard
+elif [[ "$ARE_THEY_USING_IPV6" == "4" ]]; then
+    REPO_URL="git@git.simplifiedprivacy.is:codeking/sp-env-wireguard-ipv4.git"
+    #git clone git@git.simplifiedprivacy.is:codeking/sp-env-wireguard-ipv4.git wireguard
+else
+    echo "Please answer with 'yes' or 'no'."
+fi
+
+
+# deal with permissions issue of user
+if [ "$EUID" -eq 0 ]; then
+    # Output the original user who invoked sudo
+    export original_user=$SUDO_USER
+    echo "The script is being run as root. The original user is: $original_user"
+else
+    # Output the current user (not root)
+    export original_user=$(whoami)
+    echo "The current user is: $original_user"
+fi
+# Clone the repository while trusting the fingerprint
+sudo -u $original_user GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no' git clone "$REPO_URL" wireguard
+cd wireguard
+# make config file:
+echo "
+SERVER_URL=$PUBLIC_DOMAIN
+API_TOKEN=$API_TOKEN
+
+COMPOSE_PROFILES=dedicated
+
+# Dedicated
+CERTBOT_EMAIL=$PUBLIC_EMAIL
+
+# Shared
+API_TLS_CERTIFICATE=
+API_TLS_PRIVATE_KEY=
+" > .env
+sudo docker compose up -d --force-recreate
+sleep 3
+PUB_WIREGUARD_KEY=$(sudo docker exec -it wireguard wg | grep public)
+echo
+echo
+echo
+echo "
+Give these TWO things to Simplified Privacy,
+
+1) WireGuard Public Key is:
+$PUB_WIREGUARD_KEY
+(This is what you're signing, it should not be be blank ABOVE this line)
+
+2) API TOKEN PASS is:
+$API_TOKEN
+"
+