From effd46ba4dfb92eb17eb933fb9b674dcbbb754d4 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Thu, 2 Jan 2020 21:16:52 +0100 Subject: [PATCH 01/12] update arduino and audacity --- .dockerfunc | 46 ++++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/.dockerfunc b/.dockerfunc index b5955e4..4562135 100755 --- a/.dockerfunc +++ b/.dockerfunc @@ -100,34 +100,32 @@ ant() { arduino() { docker run \ - -it \ - --rm \ - --network=host \ - --privileged \ - -e DISPLAY=$DISPLAY \ - -v /tmp/.X11-unix:/tmp/.X11-unix \ - -v /dev/ttyUSB0:/dev/ttyUSB0 \ - -v $HOME/topics:/topics \ - -v $HOME/projects:/projects \ - tombenke/darduino:latest \ - arduino + -it \ + --network=host \ + --privileged \ + -e DISPLAY=$DISPLAY \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -v /dev/ttyUSB0:/dev/ttyUSB0 \ + -v $HOME/topics:/topics \ + -v $HOME/projects:/home/developer/projects \ + fschl/darduino:1.8.10 \ + arduino } audacity(){ - del_stopped audacity - # -e QT_DEVICE_PIXEL_RATIO \ + del_stopped audacity - docker run -d \ - -v /etc/localtime:/etc/localtime:ro \ - -v /tmp/.X11-unix:/tmp/.X11-unix \ - -e "DISPLAY=unix${DISPLAY}" \ - -v $HOME/Downloads:/root/Downloads \ - -v $HOME/Documents:/root/Documents \ - -v $HOME/Music:/root/Music \ - --device /dev/snd \ - --group-add audio \ - --name audacity \ - jess/audacity + docker run -d \ + -v /etc/localtime:/etc/localtime:ro \ + -v /tmp/.X11-unix:/tmp/.X11-unix \ + -e "DISPLAY=unix${DISPLAY}" \ + -v $HOME/Downloads:/root/Downloads \ + -v $HOME/Documents:/root/Documents \ + -v $HOME/Music:/root/Music \ + --device /dev/snd \ + --group-add audio \ + --name audacity \ + jess/audacity } bro() { From 00c4d4f27019832745078e906b8c87fc2d755b6a Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Thu, 2 Jan 2020 21:17:06 +0100 Subject: [PATCH 02/12] update license year --- LICENSE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE.md b/LICENSE.md index b22a877..2004f53 100755 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2017 Frieder Schlesier +Copyright (c) 2017-2020 Frieder Schlesier Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in From acaaeca54d559925164cd5e18465f78d931e5360 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Wed, 19 Feb 2020 12:02:41 +0100 Subject: [PATCH 03/12] add cups-browsed to standard desktop install --- scripts/install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install.sh b/scripts/install.sh index 2cd0b3e..e2fdd90 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -200,6 +200,7 @@ install_i3() { aspell \ aspell-de \ aspell-en \ + cups-browsed \ emacs \ feh \ firefox-esr \ From 6ce1eda75a75a394a93ed9d7a5bc75477be41f45 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Sat, 7 Nov 2020 19:05:22 +0100 Subject: [PATCH 04/12] updates --- .i3/config | 21 ++++++++++++++------- .i3/status.conf | 4 ++-- .i3/status_small.conf | 6 ++++-- .path | 2 +- .spacemacs | 3 +++ scripts/install.sh | 15 ++++++++++++++- 6 files changed, 38 insertions(+), 13 deletions(-) diff --git a/.i3/config b/.i3/config index 2278a9e..add8b13 100755 --- a/.i3/config +++ b/.i3/config @@ -111,16 +111,22 @@ assign [class=".*ee.*ass.*"] $WS8 # https://faq.i3wm.org/question/3726/workspace-output-multiple-values/index.html%3Fanswer=3731.html#post-id-3731 set $LAPTOP LVDS-1 -set $CENTER VGA-1 -#set $CENTER HDMI-1 -#set $CENTER DP-1 +set $CENTER HDMI-1 +set $RIGHT VGA-1 # monitor settings bindsym $mod+m mode "monitor" mode "monitor" { + # only laptop bindsym 1 exec xrandr --output $LAPTOP --auto --primary --output $CENTER --off $RIGHT --off - bindsym 2 exec xrandr --output $CENTER --primary --auto --output $LAPTOP --auto --left-of $CENTER - #bindsym 3 exec xrandr --output $CENTER --primary --auto --output $LAPTOP --auto --left-of $CENTER --output $RIGHT --auto --right-of $CENTER + # HDMI main, laptop secondary + bindsym 2 exec xrandr --output $CENTER --primary --auto --output $LAPTOP --auto --left-of $CENTER --output $RIGHT --off + # HDMI main, laptop left, VGA right, *not* supported on X230 + bindsym 3 exec xrandr --output $CENTER --primary --auto --output $LAPTOP --auto --left-of $CENTER --output $RIGHT --auto --right-of $CENTER + # VGA main, laptop left, HDMI off + bindsym 8 exec xrandr --output $RIGHT --primary --auto --output $LAPTOP --auto --left-of $RIGHT --output $CENTER --off + # HDMI main, VGA right, laptop off + bindsym 9 exec xrandr --output $CENTER --primary --auto --output $RIGHT --auto --right-of $CENTER --output $LAPTOP --off # back to normal: Enter or Escape bindsym Return mode "default" @@ -224,8 +230,7 @@ bar { bar { output $CENTER - output DP-1 - output HDMI-1 + output $RIGHT status_command i3status --config ~/.i3/status_small.conf tray_output $LAPTOP } @@ -240,6 +245,7 @@ bar { #exec xrdb -merge /home/jessie/.Xresources #exec xrdb -merge /home/jessie/.Xdefaults + # startup programs exec amixer set Master 1+ off exec amixer set Master 54 @@ -253,3 +259,4 @@ exec --no-startup-id i3-msg 'exec thunderbird' exec --no-startup-id i3-msg 'exec keepassxc' # exec --no-startup-id i3-msg 'exec nextcloud' exec --no-startup-id i3-msg 'workspace $WS3; exec urxvt;' + diff --git a/.i3/status.conf b/.i3/status.conf index 22abeb0..ab05014 100755 --- a/.i3/status.conf +++ b/.i3/status.conf @@ -25,7 +25,7 @@ order += "path_exists VPN" #order += "ipv6" order += "wireless wlp3s0" order += "ethernet enp0s25" -order += "volume master" +order += "volume Master" order += "battery 0" #order += "cpu_temperature 0" order += "load" @@ -112,7 +112,7 @@ disk "/media/driveBay" { format = "/ %avail" } -volume master { +volume Master { format = " %volume" format_muted = " %volume" device = "default" diff --git a/.i3/status_small.conf b/.i3/status_small.conf index eef626d..aba9800 100755 --- a/.i3/status_small.conf +++ b/.i3/status_small.conf @@ -21,7 +21,8 @@ order += "run_watch Docker" order += "run_watch DHCP" order += "path_exists VPN" order += "wireless wlp3s0" -order += "ethernet eth0" +# order += "ethernet eth0" +order += "ethernet enp0s25" order += "volume master" order += "battery 0" order += "load" @@ -43,7 +44,8 @@ wireless wlp3s0 { format_down = " -" } -ethernet eth0 { +# ethernet eth0 { +ethernet enp0s25 { # if you use %speed, i3status requires root privileges format_up = "E: up" format_down = "E: down" diff --git a/.path b/.path index f0c0a3f..1a39d5b 100644 --- a/.path +++ b/.path @@ -1,4 +1,4 @@ #export GOROOT=/usr/local/go/bin # export GOPATH=/home/fschl/projects/go_projects -export PATH=${PATH}:/usr/local/go/bin:${GOPATH}/bin \ No newline at end of file +export PATH=${PATH}:/usr/local/go/bin:/home/fschl/go/bin \ No newline at end of file diff --git a/.spacemacs b/.spacemacs index ed5436f..63dc41f 100644 --- a/.spacemacs +++ b/.spacemacs @@ -327,6 +327,9 @@ you should place your code here." rustauto-completion :variables auto-completion-enable-snippets-in-popup t auto-completion-enable-help-tooltip t))) + (setq org-ref-default-bibliography '("~/Documents/WHZ/MA/latex/references.bib") + org-ref-pdf-directory "~/Documents/WHZ/MA/references/" + org-ref-bibliography-notes "~/Documents/WHZ/MA/notes.org") ) ;; Do not write anything past this comment. This is where Emacs will diff --git a/scripts/install.sh b/scripts/install.sh index e2fdd90..213addb 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -167,11 +167,14 @@ install_latex() { evince \ texlive \ texlive-bibtex-extra \ + texlive-fonts-extra \ + texlive-fonts-recommended \ texlive-lang-english \ texlive-lang-german \ texlive-latex-extra \ texlive-latex-recommended \ texlive-pictures \ + zathura \ --no-install-recommends } @@ -242,6 +245,16 @@ install_i3() { xorg \ --no-install-recommends + # install Syncthing via apt + # Add the release PGP keys: + curl -s https://syncthing.net/release-key.txt | sudo apt-key add - + + # Add the "stable" channel to your APT sources: + echo "deb https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list + + # Update and install syncthing: + sudo apt-get update + sudo apt-get install syncthing echo "... DONE... cleaning up\n\n" apt autoremove apt autoclean @@ -385,7 +398,7 @@ get_dotfiles() { # install/update golang from source install_golang() { - export GO_VERSION=1.13.0 + export GO_VERSION=1.15.0 export GO_SRC=/usr/local/go # if we are passing the version From 0309d22a2f5bf1e5892b0347baddd2874dab05f9 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Wed, 2 Dec 2020 18:19:16 +0100 Subject: [PATCH 05/12] add dual extern screen for notebook --- .i3/config | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.i3/config b/.i3/config index add8b13..44a336a 100755 --- a/.i3/config +++ b/.i3/config @@ -123,6 +123,8 @@ mode "monitor" { bindsym 2 exec xrandr --output $CENTER --primary --auto --output $LAPTOP --auto --left-of $CENTER --output $RIGHT --off # HDMI main, laptop left, VGA right, *not* supported on X230 bindsym 3 exec xrandr --output $CENTER --primary --auto --output $LAPTOP --auto --left-of $CENTER --output $RIGHT --auto --right-of $CENTER + # HDMI main, VGA right, laptop off + bindsym 4 exec xrandr --output $CENTER --primary --auto --output $RIGHT --auto --right-of $CENTER --rotate left --output $LAPTOP --off # VGA main, laptop left, HDMI off bindsym 8 exec xrandr --output $RIGHT --primary --auto --output $LAPTOP --auto --left-of $RIGHT --output $CENTER --off # HDMI main, VGA right, laptop off From 9415d0a685cfe0b0f7852ee78f0dda452299f2a6 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Fri, 5 Mar 2021 18:24:56 +0100 Subject: [PATCH 06/12] extend .spacemacs (especially org config) --- .spacemacs | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/.spacemacs b/.spacemacs index 63dc41f..8ffb71d 100644 --- a/.spacemacs +++ b/.spacemacs @@ -323,10 +323,48 @@ you should place your code here." (setq dired-listing-switches "-alh") (setq-default dotspacemacs-configuration-layers '(( + ruby + javascript + nginx rust rustauto-completion :variables auto-completion-enable-snippets-in-popup t auto-completion-enable-help-tooltip t))) + (with-eval-after-load 'org + (setq org-default-notes-file "~/Documents/Org/tasks.org") + (setq org-agenda-files + (quote ("~/Documents/Org/tasks.org" + "~/Documents/Org/journal.org" + "~/Documents/Org/projects.org" + "~/Documents/Org/watchlist.org" + "~/Documents/Org/birthdays.org"))) + (setq org-capture-templates + '(("t" "todo list item" ; name + entry ; type + (file+headline org-default-notes-file "Tasks") + "* TODO %?\n DEADLINE: %^T") ; template + ("T" "todo list item with source" ; name + entry ; type + (file+headline org-default-notes-file "Tasks") + "* TODO %?\n %a \n DEALINE: %^T \n %i") ; template + + ("m" "scheduled meeting" ; name + entry ; type + (file+headline org-default-notes-file "Tasks") + "* MEETING %?\n SCHEDULED: %^T\n %a") ; template + + ("p" "phone call" ; name + entry ; type + (file+headline org-default-notes-file "Tasks") + "* PHONE %?\n %i\n %a") ; template + + ("a" "Articles" + entry (file+weektree "~/Documents/Org/journal.org") + "* %? \n%x \n %u\n- $?") + ) + ) + +) (setq org-ref-default-bibliography '("~/Documents/WHZ/MA/latex/references.bib") org-ref-pdf-directory "~/Documents/WHZ/MA/references/" org-ref-bibliography-notes "~/Documents/WHZ/MA/notes.org") From 88df61ca0dd2456ba2d910a153ea09571511c5bc Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Sat, 3 Apr 2021 20:47:40 +0200 Subject: [PATCH 07/12] add wireguard to install --- scripts/install.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/install.sh b/scripts/install.sh index 213addb..1a33f0c 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -39,6 +39,11 @@ deb-src http://deb.debian.org/debian ${DIST} main deb http://deb.debian.org/debian-security/ ${DIST}/updates main deb-src http://deb.debian.org/debian-security/ ${DIST}/updates main +# backports for wireguard +# https://www.wireguard.com/install/ +# https://backports.debian.org/Instructions/ +deb http://deb.debian.org/debian buster-backports main + deb http://deb.debian.org/debian ${DIST}-updates main deb-src http://deb.debian.org/debian ${DIST}-updates main EOF @@ -73,6 +78,7 @@ base_applications() { htop \ iotop \ locales \ + linux-headers-$(uname -r) \ make \ mount \ net-tools \ @@ -86,6 +92,7 @@ base_applications() { vim \ vpnc \ vpnc-scripts \ + wireguard \ zip \ --no-install-recommends @@ -93,6 +100,8 @@ base_applications() { $SUDO apt autoremove $SUDO apt autoclean $SUDO apt clean + + $SUDO ip link add dev wg0 type wireguard } install_server_base() { @@ -416,7 +425,7 @@ main() { local cmd=$1 if [[ -z "$cmd" ]]; then - echo "Usage: \n base | desktop | server | dotfiles | update-docker | go" + echo "Usage: \n base (includes docker+compose)| desktop | server | dotfiles | vscode | latex | update-docker | go" fi case "$cmd" in From 4dd919c4bf2440276f6cbaa857ced4bee0554340 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Sat, 3 Apr 2021 20:48:43 +0200 Subject: [PATCH 08/12] fix whitespace --- scripts/install.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/install.sh b/scripts/install.sh index 1a33f0c..68b42b6 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -202,10 +202,8 @@ install_i3() { DEBIAN_FRONTEND=noninteractive - # TODO add non-free to apt/sources.list - apt update apt install -y \ alsa-utils \ @@ -362,7 +360,6 @@ install_compose() { /usr/bin/docker-compose version } - install_virtualbox() { # https://wiki.debian.org/VirtualBox#Installation_of_non-free_edition apt install -y \ From 275dd82efb378203e79cfaba81b85faa9ccc7547 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Sat, 8 May 2021 14:58:00 +0200 Subject: [PATCH 09/12] add documentation for wireguard --- wireguard/README.org | 58 +++++++++++++++++++++++++++++++++++++++ wireguard/wg.conf.example | 9 ++++++ 2 files changed, 67 insertions(+) create mode 100644 wireguard/README.org create mode 100644 wireguard/wg.conf.example diff --git a/wireguard/README.org b/wireguard/README.org new file mode 100644 index 0000000..da24912 --- /dev/null +++ b/wireguard/README.org @@ -0,0 +1,58 @@ +* Wireguard Quick Start + + https://www.wireguard.com/quickstart/ + + Level 3 VPN Protocol. + Designed for Linux (works on BSD, MacOS and Windows too). + Network Interface as most basic foundation of operation. + +** Linux CLI + + Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4 + +*** Setup the Interface + + #+begin_src bash + # ip link add dev wg0 type wireguard + # ip address add dev wg0 10.1.0.2/24 + # ip address add dev wg0 10.1.0.2 peer 10.1.0.1 + #+end_src + +*** Create Keys + + #+begin_src bash + $ umask 077 + $ wg genkey > privatekey + $ wg pubkey < privatekey > publickey + #+end_src + + or just + + #+begin_src bash + $ wg genkey | tee privatekey | wg pubkey > publickey + #+end_src + +*** Add Peer To Server + + #+begin_src bash + # add peer + wg set wg0 peer allowed-ips 10.0.0.x/32 + + # verify connection + wg + + # save to config + wg-quick save wg0 + #+end_src + +*** Start/Stop Interface + + #+begin_src bash + # Start/stop interface + wg-quick up wg0 + wg-quick down wg0 + + # Start/stop service + $ sudo systemctl stop wg-quick@wg0.service + $ sudo systemctl start wg-quick@wg0.service + #+end_src diff --git a/wireguard/wg.conf.example b/wireguard/wg.conf.example new file mode 100644 index 0000000..698ba92 --- /dev/null +++ b/wireguard/wg.conf.example @@ -0,0 +1,9 @@ +[Interface] +PrivateKey = +Address = 10.x.x.x/24 + +[Peer] +PublicKey = +Endpoint = +AllowedIPs = 10.x.x.x/32 +PersistentKeepalive = 25 \ No newline at end of file From f73a2145b087f22248645fc2c5a069988f6a606b Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Sat, 8 May 2021 14:58:44 +0200 Subject: [PATCH 10/12] show status of wg0 interface in main status line --- .i3/status.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.i3/status.conf b/.i3/status.conf index ab05014..a040225 100755 --- a/.i3/status.conf +++ b/.i3/status.conf @@ -65,7 +65,7 @@ run_watch DHCP { } path_exists VPN { - path = "/proc/sys/net/ipv4/conf/tun0" + path = "/proc/sys/net/ipv4/conf/wg0" } tztime local { From 6395c26baa92a9bd238fd85f9c7a1a5506912918 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Sun, 16 May 2021 21:45:43 +0200 Subject: [PATCH 11/12] update wireguard documentation, fix install, add example for server --- scripts/install.sh | 2 ++ wireguard/README.org | 25 ++++++++++--------------- wireguard/wg-client.conf.example | 15 +++++++++++++++ wireguard/wg-server.conf.example | 17 +++++++++++++++++ wireguard/wg.conf.example | 9 --------- 5 files changed, 44 insertions(+), 24 deletions(-) create mode 100644 wireguard/wg-client.conf.example create mode 100644 wireguard/wg-server.conf.example delete mode 100644 wireguard/wg.conf.example diff --git a/scripts/install.sh b/scripts/install.sh index 68b42b6..6f6152b 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -93,6 +93,8 @@ base_applications() { vpnc \ vpnc-scripts \ wireguard \ + wireguard-dkms \ + wireguard-tools \ zip \ --no-install-recommends diff --git a/wireguard/README.org b/wireguard/README.org index da24912..42ff4d8 100644 --- a/wireguard/README.org +++ b/wireguard/README.org @@ -10,33 +10,28 @@ Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4 -*** Setup the Interface + Replace ~wg0~ with an interface name for the VPN connection, e.g. ~homeoffice~ or ~mycloud~ - #+begin_src bash - # ip link add dev wg0 type wireguard - # ip address add dev wg0 10.1.0.2/24 - # ip address add dev wg0 10.1.0.2 peer 10.1.0.1 - #+end_src + Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478 *** Create Keys #+begin_src bash $ umask 077 - $ wg genkey > privatekey - $ wg pubkey < privatekey > publickey - #+end_src - - or just - - #+begin_src bash $ wg genkey | tee privatekey | wg pubkey > publickey #+end_src -*** Add Peer To Server +*** Setup the Interface + + #+begin_src bash + # sudo wg-quick up wg.conf.example + #+end_src + +*** Add Peer #+begin_src bash # add peer - wg set wg0 peer allowed-ips 10.0.0.x/32 + wg set wg0 peer allowed-ips 10.0.0.x/32 persistent-keepalive 25 # verify connection wg diff --git a/wireguard/wg-client.conf.example b/wireguard/wg-client.conf.example new file mode 100644 index 0000000..37d23fb --- /dev/null +++ b/wireguard/wg-client.conf.example @@ -0,0 +1,15 @@ +[Interface] +Address = 10.x.x.x/32 +PostUp = wg set %i private-key /etc/wireguard/private-key-for-this-vpn + +# immediately test connection to the public (bounce) host +PostUp = ping -c1 10.0.0.1 + +[Peer] +PublicKey = +Endpoint = +AllowedIPs = 10.0.0.0/24 + +# if this client is behind a NAT and +# other clients should be able to connect +PersistentKeepalive = 25 \ No newline at end of file diff --git a/wireguard/wg-server.conf.example b/wireguard/wg-server.conf.example new file mode 100644 index 0000000..50c2537 --- /dev/null +++ b/wireguard/wg-server.conf.example @@ -0,0 +1,17 @@ +[Interface] +Address = 10.0.0.1/24 +SaveConfig = true +PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE +PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE +ListenPort = +PrivateKey = + +[Peer] +# client 1 +PublicKey = +AllowedIPs = 10.0.0.2/32 + +[Peer] +# client 2 +PublicKey = +AllowedIPs = 10.0.0.3/32 diff --git a/wireguard/wg.conf.example b/wireguard/wg.conf.example deleted file mode 100644 index 698ba92..0000000 --- a/wireguard/wg.conf.example +++ /dev/null @@ -1,9 +0,0 @@ -[Interface] -PrivateKey = -Address = 10.x.x.x/24 - -[Peer] -PublicKey = -Endpoint = -AllowedIPs = 10.x.x.x/32 -PersistentKeepalive = 25 \ No newline at end of file From 9736d91e778331eda42cd2ab6eb52c2b48d46788 Mon Sep 17 00:00:00 2001 From: Frieder Schlesier Date: Tue, 1 Jun 2021 18:15:38 +0200 Subject: [PATCH 12/12] update documentation for wireguard --- wireguard/README.org | 38 +++++++++++++++++++++++++++----- wireguard/wg-client.conf.example | 4 +++- 2 files changed, 35 insertions(+), 7 deletions(-) diff --git a/wireguard/README.org b/wireguard/README.org index 42ff4d8..dc38cb9 100644 --- a/wireguard/README.org +++ b/wireguard/README.org @@ -2,17 +2,21 @@ https://www.wireguard.com/quickstart/ - Level 3 VPN Protocol. - Designed for Linux (works on BSD, MacOS and Windows too). - Network Interface as most basic foundation of operation. + - level 3 VPN Protocol. + - designed for Linux (works on BSD, MacOS and Windows too). + - network interface as most basic foundation of operation. + The interface can be named almost arbitrarily. Below ~wg0~ is used as a + generic interface name (like used in many public tutorials). Replace ~wg0~ + with an interface name for the VPN connection, e.g. ~home~, ~mycloud~ or + ~secret-work-jump-host~. + ** Linux CLI Cheat Sheet: https://gist.github.com/chrisswanda/88ade75fc463dcf964c6411d1e9b20f4 - Replace ~wg0~ with an interface name for the VPN connection, e.g. ~homeoffice~ or ~mycloud~ - - Tutorial with best Explaination: https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478 + Tutorial with best Explaination: + https://medium.com/tangram-visions/what-they-dont-tell-you-about-setting-up-a-wireguard-vpn-46f7bd168478 *** Create Keys @@ -50,4 +54,26 @@ # Start/stop service $ sudo systemctl stop wg-quick@wg0.service $ sudo systemctl start wg-quick@wg0.service + + # Enable service at startup + sudo systemctl enable wg-quick@wg0.service #+end_src + +*** Sync the configuration without restarting the interface + + From `man wg-quick`: The strip command is useful for reloading configuration + files without disrupting ac‐ tive sessions: + + #+begin_src bash + # wg syncconf wgnet0 <(wg-quick strip wgnet0) + #+end_src + +** Alternative Webinterfaces for Managing Clients + + - https://github.com/place1/wg-access-server/ + - https://github.com/WeeJeWel/wg-easy + - https://github.com/subspacecommunity/subspace + - https://github.com/vx3r/wg-gen-web + + - non-web: https://github.com/mullvad/wg-manager + diff --git a/wireguard/wg-client.conf.example b/wireguard/wg-client.conf.example index 37d23fb..813e88f 100644 --- a/wireguard/wg-client.conf.example +++ b/wireguard/wg-client.conf.example @@ -2,12 +2,14 @@ Address = 10.x.x.x/32 PostUp = wg set %i private-key /etc/wireguard/private-key-for-this-vpn -# immediately test connection to the public (bounce) host +# immediately test connection to the public (jump) host PostUp = ping -c1 10.0.0.1 [Peer] PublicKey = Endpoint = +# Set subnet for all IPs that should be routed +# through this VPN connection AllowedIPs = 10.0.0.0/24 # if this client is behind a NAT and