split off config generation

CONFIG.md

@@ -0,0 +1,127 @@
+Explanation of each field:
+
+    {
+        "ExternalIP": "198.51.100.2",
+        "ExternalIP6": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
+
+This is the external IP that will be the value of Endpoint for the server peer
+in client configs. It is automatically detected by opening a socket or using an
+external IP discovery service -- the first to give a valid public IP will win.
+
+
+        "ListenPort": 51820,
+
+The port wiregard should listen on.
+
+        "Domain": "dsnet",
+
+The domain to copy to the report file. Not used for anything else; it's useful
+for DNS integration. At one site I have a script to add hosts to a zone upon
+connection by polling the report file.
+
+        "InterfaceName": "dsnet",
+
+The wireguard interface name.
+
+        "Network": "10.164.236.0/22",
+        "Network6": "fd00:7b31:106a:ae00::/64",
+
+The CIDR network to use when allocating IPs to peers. This subnet, a `/22` in
+the `10.0.0.0/16` block is generated randomly to (probably) avoid collisions
+with other networks. There are 1022 addresses available. Addresses are
+allocated to peers when peers are added with `dsnet add` using the lowest
+available address.
+
+A random ULA network with a subnet of 0 is generated for IPv6.
+
+        "IP": "10.164.236.1",
+        "IP6": "fd00:7b31:106a:ae00:44c3:29c3:53b1:a6f9",
+
+This is the private VPN IP of the server peer. It is the first address in the
+above pool.
+
+        "DNS": "",
+
+If defined, this IP address will be set in the generated peer wg-quick config
+files.
+
+        "Networks": [],
+
+This is a list of additional CIDR-notated networks that can be routed through
+the server peer. They will be added under the server peer under `AllowedIPs` in
+addition to the private network defined in `Network` above. If you want to
+route the whole internet through the server peer, add `0.0.0.0/0` to the list
+before adding peers. For more advanced options and theory, see
+<https://www.wireguard.com/netns/>.
+
+        "ReportFile": "/var/lib/dsnetreport.json",
+
+This is the location of the report file generated with `dsnet report`. It is
+suggested that this command is run via a cron job; the report can be safely
+consumed by a web service or DNS integration script, for instance.
+
+The report contains no sensitive information. At one site I use it together
+with [hugo](https://gohugo.io/)
+[shortcodes](https://gohugo.io/templates/shortcode-templates/) to generate a
+network overview page. The shortcode file is included in this repository under
+`etc/`.
+
+        "PrivateKey": "uC+xz3v1mfjWBHepwiCgAmPebZcY+EdhaHAvqX2r7U8=",
+
+The server private key, automatically generated and very sensitive!
+
+        "Peers": []
+
+The list of peers managed by `dsnet add` and `dsnet remove`. See below for format.
+
+    }
+
+The configuration file can be manually/programatically managed outside of dsnet
+if desired; `dsnet sync` will update wireguard.
+
+Peer configuration, `Peers: []` in `dsnetconfig.json`:
+
+        {
+            "Hostname": "test",
+
+The hostname given via `dsnet add <hostname>`. It is used to identify the peer
+in the report and for peer removal via `dsnet remove <hostname>`. It can also
+be used to update a DNS zone via a custom script that operates on the report
+file as mentioned above.
+
+            "Owner": "naggie",
+
+The owner of the peer, copied to the report file.
+
+            "Description": "Home server",
+
+A description of the peer, copied to the report file; the lack of which in
+`wq-quick` is what inspired me to write dsnet in the first place.
+
+
+            "IP": "10.164.236.2",
+
+The private VPN IP allocated by dsnet for this peer. It is the lowest available
+IP in the pool from `Network`, above.
+
+            "Added": "2020-05-07T10:04:46.336286992+01:00",
+
+The timestamp of when the peer was added by dsnet.
+
+            "Networks": [],
+
+Any other CIDR networks that can be routed through this peer.
+
+            "PublicKey": "altJeQ/V52JZQrGcA9RiKcpZusYU6zMUJhl7Wbd9rX0=",
+
+The public key derived from the private key generated by dsnet when the peer
+was added.
+
+            "PresharedKey": "GcUtlze0BMuxo3iVEjpOahKdTf8xVfF8hDW3Ylw5az0="
+
+The pre-shared key for this peer. The peer has the same key defined as the
+pre-shared key for the server peer. This is optional in wireguard but not for
+dsnet due to the extra (post quantum!) security it provides.
+
+
+        }

README.md

@@ -56,7 +56,7 @@ Currently its location is fixed as all my deployments are for a single network.
 I may add a feature to allow setting of the location via environment variable
 in the future to support multiple networks on a single host.
 
-Main configuration example:
+Main (automatically generated) configuration example:
 
 
     {
@@ -68,6 +68,7 @@ Main configuration example:
         "Network": "10.164.236.0/22",
         "Network6": "fd00:7b31:106a:ae00::/64",
         "IP": "10.164.236.1",
+        "IP6": "fd00:d631:74ca:7b00:a28:11a1:b821:f013",
         "DNS": "",
         "Networks": [],
         "ReportFile": "/var/lib/dsnetreport.json",
@@ -87,133 +88,9 @@ Main configuration example:
         ]
     }
 
-Explanation of each field:
 
-    {
-        "ExternalIP": "198.51.100.2",
-        "ExternalIP6": "2001:0db8:85a3:0000:0000:8a2e:0370:7334",
+See [CONFIG.md](CONFIG.md) for an explanation of each field.
 
-This is the external IP that will be the value of Endpoint for the server peer
-in client configs. It is automatically detected by opening a socket or using an
-external IP discovery service -- the first to give a valid public IP will win.
-
-
-        "ListenPort": 51820,
-
-The port wiregard should listen on.
-
-        "Domain": "dsnet",
-
-The domain to copy to the report file. Not used for anything else; it's useful
-for DNS integration. At one site I have a script to add hosts to a zone upon
-connection by polling the report file.
-
-        "InterfaceName": "dsnet",
-
-The wireguard interface name.
-
-        "Network": "10.164.236.0/22",
-        "Network6": "fd00:7b31:106a:ae00::/64",
-
-The CIDR network to use when allocating IPs to peers. This subnet, a `/22` in
-the `10.0.0.0/16` block is generated randomly to (probably) avoid collisions
-with other networks. There are 1022 addresses available. Addresses are
-allocated to peers when peers are added with `dsnet add` using the lowest
-available address.
-
-A random ULA network with a subnet of 0 is generated for IPv6.
-
-        "IP": "10.164.236.1",
-        "IP6": "fd00:7b31:106a:ae00:44c3:29c3:53b1:a6f9",
-
-This is the private VPN IP of the server peer. It is the first address in the
-above pool.
-
-        "DNS": "",
-
-If defined, this IP address will be set in the generated peer wg-quick config
-files.
-
-        "Networks": [],
-
-This is a list of additional CIDR-notated networks that can be routed through
-the server peer. They will be added under the server peer under `AllowedIPs` in
-addition to the private network defined in `Network` above. If you want to
-route the whole internet through the server peer, add `0.0.0.0/0` to the list
-before adding peers. For more advanced options and theory, see
-<https://www.wireguard.com/netns/>.
-
-        "ReportFile": "/var/lib/dsnetreport.json",
-
-This is the location of the report file generated with `dsnet report`. It is
-suggested that this command is run via a cron job; the report can be safely
-consumed by a web service or DNS integration script, for instance.
-
-The report contains no sensitive information. At one site I use it together
-with [hugo](https://gohugo.io/)
-[shortcodes](https://gohugo.io/templates/shortcode-templates/) to generate a
-network overview page. The shortcode file is included in this repository under
-`etc/`.
-
-        "PrivateKey": "uC+xz3v1mfjWBHepwiCgAmPebZcY+EdhaHAvqX2r7U8=",
-
-The server private key, automatically generated and very sensitive!
-
-        "Peers": []
-
-The list of peers managed by `dsnet add` and `dsnet remove`. See below for format.
-
-    }
-
-The configuration file can be manually/programatically managed outside of dsnet
-if desired; `dsnet sync` will update wireguard.
-
-Peer configuration, `Peers: []` in `dsnetconfig.json`:
-
-        {
-            "Hostname": "test",
-
-The hostname given via `dsnet add <hostname>`. It is used to identify the peer
-in the report and for peer removal via `dsnet remove <hostname>`. It can also
-be used to update a DNS zone via a custom script that operates on the report
-file as mentioned above.
-
-            "Owner": "naggie",
-
-The owner of the peer, copied to the report file.
-
-            "Description": "Home server",
-
-A description of the peer, copied to the report file; the lack of which in
-`wq-quick` is what inspired me to write dsnet in the first place.
-
-
-            "IP": "10.164.236.2",
-
-The private VPN IP allocated by dsnet for this peer. It is the lowest available
-IP in the pool from `Network`, above.
-
-            "Added": "2020-05-07T10:04:46.336286992+01:00",
-
-The timestamp of when the peer was added by dsnet.
-
-            "Networks": [],
-
-Any other CIDR networks that can be routed through this peer.
-
-            "PublicKey": "altJeQ/V52JZQrGcA9RiKcpZusYU6zMUJhl7Wbd9rX0=",
-
-The public key derived from the private key generated by dsnet when the peer
-was added.
-
-            "PresharedKey": "GcUtlze0BMuxo3iVEjpOahKdTf8xVfF8hDW3Ylw5az0="
-
-The pre-shared key for this peer. The peer has the same key defined as the
-pre-shared key for the server peer. This is optional in wireguard but not for
-dsnet due to the extra (post quantum!) security it provides.
-
-
-        }
 
 # Report file overview