From a71f827866b18923e80f0f7fcd4e0e7080f488a2 Mon Sep 17 00:00:00 2001
From: clematis <clematis@insiberia.net>
Date: Thu, 18 Feb 2021 17:21:05 +0000
Subject: [PATCH 1/2] Update 'peers.txt'

adding darksnow (clemat.is)
---
 peers.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/peers.txt b/peers.txt
index 825f2eb..a5db9a9 100644
--- a/peers.txt
+++ b/peers.txt
@@ -43,6 +43,14 @@ PublicKey = OTp3CLRBXeECB0gEnDr2btL07Fs3am5eb5x7gf1LtEc=
 AllowedIPs = 10.0.0.27/32
 Endpoint = 139.99.134.13:764
 
+# darksnow (clemat.is)
+[Peer]
+PublicKey = G/doxil/NgUO0TuNGde5JaE/a3nqp8vwRz4OJiAEYiI=
+AllowedIPs = 10.0.0.49/32, 10.0.49.0/24
+Endpoint = darksnow.clemat.is:54224
+
+
+
 # You need to contact before adding your network to TildeNet.
 # You can find us at [ #tildenet on irc.tilde.chat] otherwise
 # ubergeek@thunix.net or ben@tilde.team.

From de8c4754f9beae711644965012a6f7e2a84cd5fd Mon Sep 17 00:00:00 2001
From: clematis <clematis@insiberia.net>
Date: Thu, 18 Feb 2021 17:31:45 +0000
Subject: [PATCH 2/2] quick_howto.txt

quick & dirty howto add a tilde to ~net (Example based on OpenBSD).
---
 quick_howto.txt | 65 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 quick_howto.txt

diff --git a/quick_howto.txt b/quick_howto.txt
new file mode 100644
index 0000000..8646ecb
--- /dev/null
+++ b/quick_howto.txt
@@ -0,0 +1,65 @@
+How to create a wireguard tunnel to tildenet.  
+https://intranet.tildeverse.org/
+https://tildegit.org/tildeverse/net/
+
+
+On your local system. (Example below is based on OpenBSD 6.9)
+
+Wireguard is part of the base system. You still need to install 'wireguard-tools':
+
+# pkg_add wireguard-tools
+
+Accept packet forwarding in between interfaces:
+
+# sysctl net.inet.ip.forwarding=1
+# echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
+
+
+Note: 10.0.0.X/24 is being used for the tunnel in between tildes. Each tilde can then use 10.0.X.0/24 for their local clients. 
+
+
+Create the configuration folder:
+
+mkdir /etc/wireguard
+chmod 700 /etc/wireguard
+cd /etc/wireguard
+
+Generate your server keypair
+wg genkey > secret.key
+chmod 600 secret.key
+wg pubkey < secret.key > public.key
+
+Create your tunnel/interface config file: /etc/wireguard/wg0.conf
+
+Based on : https://tildegit.org/tildeverse/net/src/branch/master/peers.txt
+
+Pickup your IP range for your tilde and the associate tunnel IP
+
+PrivateKey is the content of your /etc/wireguard/secret.key
+
+Address = the ip you've choosen for this server 
+
+For the other tilde to add you as [Peer] open a PR against https://tildegit.org/tildeverse/net
+
+// need an account on tildegit which has to be from a known tilde email@.
+
+
+The PR should contain your local tunnel IP (10.0.0.X/32 that will be their AllowedIPs and 10.0.X.0/24 for your local tilde peers) and your Endpoint being your public IP or hostname with the port WG is listening to. Just as the other are formated. 
+
+
+Back to your system, setup /etc/hostname.wg0:
+
+inet 10.0.0.49 255.255.255.0 NONE
+up
+!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
+
+
+Update your PF config by adding to /etc/pf.conf:
+
+# wireguard setup for tildenet
+pass in on wg0
+pass in inet proto udp from any to any port 54224
+pass out on egress inet from (wg0:network) nat-to (em0:0)
+
+(em0 being your interface name then pfctl -f /etc/pf.conf)
+