more on this

2 files changed, 75 insertions, 36 deletions

diff --git a/README.md b/README.md
index 7b4cc1a..2932887 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,79 @@ This generates the WireGuard config for my f3s project. This script is run on my
 
 ## Installation
 
+### FreeBSD
+
+```sh
+paul@f0:~ % doas freebsd-update fetch..... and so on... reboot
+paul@f0:~ % doas pkg update
+paul@f0:~ % doas pkg upgrade
+paul@f0:~ % reboot
+
+paul@f0:~ % doas pkg install wireguard-tools
+paul@f0:~ % doas sysrc wireguard_interfaces=wg0
+wireguard_interfaces:  -> wg0
+paul@f0:~ % doas sysrc wireguard_enable=YES
+wireguard_enable:  -> YES
+paul@f0:~ % doas mkdir -p /usr/local/etc/wireguard
+paul@f0:~ % doas touch /usr/local/etc/wireguard/wg0.conf
+paul@f0:~ % doas service wireguard start
+paul@f0:~ % cat <<END | doas tee -a /etc/hosts
+
+192.168.2.130 f0.wg0 f0.wg0.wan.buetow.org
+192.168.2.131 f1.wg0 f1.wg0.wan.buetow.org
+192.168.2.132 f2.wg0 f2.wg0.wan.buetow.org
+
+192.168.1.120 r0 r0.lan r0.lan.buetow.org
+192.168.1.121 r1 r1.lan r1.lan.buetow.org
+192.168.1.122 r2 r2.lan r2.lan.buetow.org
+
+192.168.2.120 r0.wg0 r0.wg0.wan.buetow.org
+192.168.2.121 r1.wg0 r1.wg0.wan.buetow.org
+192.168.2.122 r2.wg0 r2.wg0.wan.buetow.org
+END
+```
+
+### Rocky Linux 9
+
+```sh
+[root@r0 ~] dnf update -y
+[root@r0 ~] reboot
+
+[root@r0 ~] firewall-cmd --add-port=51820/udp --permanent
+[root@r0 ~] firewall-cmd --reload
+[root@r0 ~] dnf install wireguard-tools
+[root@r0 ~] mkdir -p /etc/wireguard
+[root@r0 ~] touch /etc/wireguard/wg0.conf
+[root@r0 ~] systemctl enable wg-quick@wg0.service
+[root@r0 ~] systemctl start wg-quick@wg0.service
+[root@r0 ~] cat <<END >>/etc/hosts
+
+192.168.1.130 f0 f0.lan f0.lan.buetow.org
+192.168.1.131 f1 f1.lan f1.lan.buetow.org
+192.168.1.132 f2 f2.lan f2.lan.buetow.org
+
+192.168.2.130 f0.wg0 f0.wg0.wan.buetow.org
+192.168.2.131 f1.wg0 f1.wg0.wan.buetow.org
+192.168.2.132 f2.wg0 f2.wg0.wan.buetow.org
+
+192.168.2.120 r0.wg0 r0.wg0.wan.buetow.org
+192.168.2.121 r1.wg0 r1.wg0.wan.buetow.org
+192.168.2.122 r2.wg0 r2.wg0.wan.buetow.org
+END
+```
+
+https://github.com/angristan/wireguard-install/discussions/499
+
+```sh
+[root@r0 ~] dnf install policycoreutils-python-utils
+[root@r0 ~] semanage permissive -a wireguard_t
+[root@r0 ~] reboot
+```
+
+### Install the config
+
+## Installation
+
 ```sh
 bundler install
 sudo dnf install -y wireguard-tools
@@ -42,41 +115,6 @@ keys/r2/privkey
 keys/r2/pubkey
 ```
 
-## Installation
-
-### FreeBSD
-
-```sh
-paul@f0:~ % doas freebsd-update fetch..... and so on... reboot
-paul@f0:~ % doas pkg update
-paul@f0:~ % doas pkg upgrade
-paul@f0:~ % reboot
-
-paul@f0:~ % doas pkg install wireguard-tools
-paul@f0:~ % doas sysrc wireguard_interfaces=wg0
-wireguard_interfaces:  -> wg0
-paul@f0:~ % doas sysrc wireguard_enable=YES
-wireguard_enable:  -> YES
-paul@f0:~ % doas mkdir -p /usr/local/etc/wireguard
-paul@f0:~ % doas touch /usr/local/etc/wireguard/wg0.conf
-paul@f0:~ % doas service wireguard start
-```
-
-### Rocky Linux 9
-
-```sh
-[root@r0 ~] dnf update -y
-[root@r0 ~] reboot
-
-[root@r0 ~] dnf install wireguard-tools
-[root@r0 ~] mkdir -p /etc/wireguard
-[root@r0 ~] touch /etc/wireguard/wg0.conf
-[root@r0 ~] systemctl enable wg-quick@wg0.service
-[root@r0 ~] systemctl start wg-quick@wg0.service
-```
-
-### Install the config
-
 ```sh
 rake install
 ```
diff --git a/wireguardmeshgenerator.rb b/wireguardmeshgenerator.rb
index 001b2aa..c7badd4 100644
--- a/wireguardmeshgenerator.rb
+++ b/wireguardmeshgenerator.rb
@@ -128,7 +128,7 @@ InstallConfig = Struct.new(:myself, :hosts) do
       fi
       #{@sudo_cmd} chmod 700 #{@conf_dir}
       #{@sudo_cmd} mv -v wg0.conf #{@conf_dir}
-      #{@sudo_cmd} chmod 600 #{@conf_dir}/wg0.conf
+      #{@sudo_cmd} chmod 644 #{@conf_dir}/wg0.conf
     SH
   end
 
@@ -136,6 +136,7 @@ InstallConfig = Struct.new(:myself, :hosts) do
     puts "Reloading Wireguard on #{@myself}"
     ssh <<~SH
       #{@sudo_cmd} #{@reload_cmd}
+      #{@sudo_cmd} wg show
     SH
   end