doc: update README

2 years ago · 17744cadb0
parent c0cc737017
commit 17744cadb0
1 changed files with 56 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -4,15 +4,65 @@ Fearless green Wireguard config manager.

 ## Quickstart

-1. Setup: `weegee system setup`
-2. *(optional)* Add a remote host: `weegee host create --type linux --host elisha.projectflower.eu --auto-sync --auto-manage my-host`
-3. Create a server: `weegee server create -H my-host -a 10.60.0.1/24 -a fd10:573:01df:5000::1/64 -r 10.57.0.0/16 -r 10.58.0.0/16 -r 10.59.0.0/16 -r 10.60.0.0/16 -r fc10:573:01df::/48 eagle vpn.eagle.pm 7574`
-4. Create a client: `weegee client create -a 10.60.99.1/24 -a fd10:573:01df:5063::1/64 dev-arcade eagle`
-5. Get client config: `weegee client config dev-arcade eagle`
+1. Setup:
+```sh
+weegee system setup
+```
+
+2. Either add a remote host:
+```sh
+weegee host create --type linux --host elisha.projectflower.eu --auto-sync --auto-manage my-host
+```
+   Or configure for local use:
+```sh
+weegee host configure --type linux --auto-sync --auto-manage local
+```
+
+3. *(optional)* Configure forwarding hooks for your host, if your firewall is restrictive or you're [using IPv6 on Linux](https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html#proc-sys-net-ipv6-variables). An example that allows every WireGuard client to access `10.57.0.0/16`, `10.58.0.0/16`, `10.59.0.0/16`, `10.60.0.0/16` and `fd10:573:1df::/48`:
+```sh
+weegee host configure \
+    --add-post-hook interface_add 'iptables  -A FORWARD -i %i -d 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
+    --add-post-hook interface_add 'iptables  -A FORWARD -o %i -s 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
+    --add-pre-hook  interface_del 'iptables  -D FORWARD -i %i -d 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
+    --add-pre-hook  interface_del 'iptables  -D FORWARD -o %i -s 10.57.0.0/16,10.58.0.0/16,10.59.0.0/16,10.60.0.0/16 -j ACCEPT' \
+    --add-post-hook interface_add 'ip6tables -A FORWARD -i %i -d fd10:573:1df::/48 -j ACCEPT' \
+    --add-post-hook interface_add 'ip6tables -A FORWARD -o %i -s fd10:573:1df::/48 -j ACCEPT' \
+    --add-pre-hook  interface_del 'ip6tables -D FORWARD -i %i -d fd10:573:1df::/48 -j ACCEPT' \
+    --add-pre-hook  interface_del 'ip6tables -D FORWARD -o %i -s fd10:573:1df::/48 -j ACCEPT' \
+    my-host
+```
+   You can also add per-client entries using the `route_ipv4_add` and `route_ipv6_add` hooks.
+
+3. Create a server for your host, in this example reachable on `10.60.0.1/24` and `fd10:573:1df:5000::1/64`, and announcing routes for `10.57.0.0/16`, `10.58.0.0/16`, `10.59.0.0/16`, `10.60.0.0/16` and `fd10:573:1df::/48`, named `eagle` and publically connectable through `vpn.eagle.pm:7574`:
+```sh
+weegee server create \
+    -H my-host \
+    -a 10.60.0.1/24 -a fd10:573:1df:5000::1/64 \
+    -r 10.57.0.0/16 -r 10.58.0.0/16 -r 10.59.0.0/16 -r 10.60.0.0/16 -r fd10:573:1df::/48 \
+    eagle \
+    vpn.eagle.pm 7574
+```
+
+4. Create a client, in this example reachable on `10.60.99.1/24` and `fd10:573:1df:5063::1/64`, named `dev-arcade`:
+```sh
+weegee client create \
+    -a 10.60.99.1/24 -a fd10:573:1df:5063::1/64 \
+    dev-arcade eagle
+```
+
+5. Get client configuration:
+```sh
+weegee client print-config dev-arcade eagle
+```

 ## Tips

-* Running in Docker: `alias weegee="docker run --cap-add=NET_ADMIN --network host -v ~/weegee/data:/weegee-data --rm weegee python3 -m weegee -d /weegee-data"`
+* You can configure the data directory per-user, to not be in the current directory:
+  `weegee configure -u -d /path/to/data`
+  Or even globally:
+  `weegee configure -s -d /path/to/data`
+* There's a [systemd service](misc/weegee.service)!
+* weegee is runnable [in Docker](Dockerfile): `docker run --cap-add=NET_ADMIN --cap-add=NET_RAW --network host -v ~/weegee/data:/weegee-data --rm weegee weegee ...`

 ## License