# Zion Integration Guide

This guide explains how the WireGuard setup script integrates with the Zion central server configuration.

## Zion Server Configuration

Based on the `CURRENT_WORKING/zion.conf` file, Zion is configured as:

```ini
[Interface]
Address = 10.8.0.1/24
ListenPort = 51820
PrivateKey = UJvsfv6iQPAW9Wnc81bK0o3IIHX86kGb+24dUTuGFnA=
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip route add 10.8.0.0/24 dev wg0 2>/dev/null || true
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip route del 10.8.0.0/24 dev wg0 2>/dev/null || true
```

## Zion Public Key for Clients

All client configurations use Zion's public key:
```
2ztJbrN1x1NWanzPGLiKL19ZkdOhm5Y7WeKEWBT5cyg=
```

## Current Zion Peers

Zion currently has these peers configured:

| Node | IP Address | Public Key |
|------|------------|------------|
| Cth | 10.8.0.10 | NBktXKy1s0n2lIlIMODvOqKNwAtYdoZH5feKt5P43i0= |
| Aza | 10.8.0.2 | qmTKA257DLOrfhk5Zw8RyRmBSonmm6epbloT0P0ZWDc= |
| Nyar | 10.8.0.20 | 2BA7L1oJP1tK6dIUNHMgcZmOmYmlyPRe2RaBqfUsEWo= |
| Galaxy | 10.8.0.99 | QBNt00VSedxPlq3ZvsdYaqIcbudCAyxv9TG65aPVZzM= |
| nanocube | 10.8.0.7 | /ZImoATDIS0e0N08CD7mqWbhtGlSnynpPuY04Ed4Zyc= |
| jupiter | 10.8.0.42 | YIFQ43ULk/YoCgOv3SBU6+MOrbxd+mlvaw9rT8uoNmw= |
| HASS | 10.8.0.8 | C+Poz/7DaXCxe4HZiL6D5cld4jMt5o1gBq3iPiBzrg0= |
| framebot | 10.8.0.40 | loS3yZapqmt6lP53Q+s4EvUzw6FmwgZC8jzgLluJ1Es= |

## Adding New Nodes to Zion

When you create a new node using the setup script, you need to add it to Zion's configuration.

### Method 1: Using the Helper Script

```bash
./generate_zion_peer.sh <node_name> <public_key> <ip_address>
```

Example:
```bash
./generate_zion_peer.sh mynode ABC123def456ghi789jkl012mno345pqr678stu901vwx234yz567890= 10.8.0.30
```

### Method 2: Manual Addition

Add the following to Zion's `/etc/wireguard/wg0.conf`:

```ini
# your_node_name
[Peer]
PublicKey = your_public_key_here
AllowedIPs = your_ip_address/32
```

## Zion Configuration File Location

Zion's configuration is located at:
```
/etc/wireguard/wg0.conf
```

## Adding a New Peer to Zion

1. **Get the new node's information** from the setup script output:
   - Node name
   - Public key
   - IP address

2. **Edit Zion's configuration**:
   ```bash
   sudo nano /etc/wireguard/wg0.conf
   ```

3. **Add the peer section** at the end of the file:
   ```ini
   # your_node_name
   [Peer]
   PublicKey = your_public_key_here
   AllowedIPs = your_ip_address/32
   ```

4. **Save and restart Zion's WireGuard**:
   ```bash
   sudo systemctl restart wg-quick@wg0
   ```

## Client Configuration Pattern

All client configurations follow this pattern:

```ini
[Interface]
PrivateKey = <client_private_key>
Address = <client_ip>/24

# Zion (central server)
[Peer]
PublicKey = 2ztJbrN1x1NWanzPGLiKL19ZkdOhm5Y7WeKEWBT5cyg=
AllowedIPs = 10.8.0.0/24
Endpoint = ugh.im:51820
PersistentKeepalive = 25
```

## Network Topology

```
zion (10.8.0.1) - Central Server
├── aza (10.8.0.2) - Client
├── cth (10.8.0.10) - Hybrid
├── galaxy (10.8.0.99) - Client
├── nyan (10.8.0.20) - Client
├── nanocube (10.8.0.7) - Client
├── jupiter (10.8.0.42) - Client
├── HASS (10.8.0.8) - Client
├── framebot (10.8.0.40) - Client
└── your_new_node (10.8.0.x) - Client
```

## Setup Script Integration

The `wireguard_setup.sh` script:

1. **Automatically includes Zion** as the default peer for all new nodes
2. **Uses the correct Zion public key** from the CURRENT_WORKING configuration
3. **Provides clear instructions** for updating Zion's configuration
4. **Generates the exact peer configuration** needed for Zion
5. **Includes Zion's current peer structure** for reference

## Troubleshooting

### Common Issues

1. **Connection fails after adding peer to Zion**
   - Ensure Zion's WireGuard was restarted: `sudo systemctl restart wg-quick@wg0`
   - Check Zion's logs: `sudo journalctl -u wg-quick@wg0 -f`

2. **IP address conflicts**
   - Check if the IP is already in use by another peer
   - Use a different IP in the 10.8.0.x range

3. **Public key format issues**
   - Ensure the public key is exactly 44 characters long
   - Check for any extra spaces or characters

### Verification Commands

```bash
# Check Zion's WireGuard status
sudo wg show wg0

# Check Zion's configuration
sudo cat /etc/wireguard/wg0.conf

# Check Zion's systemd service
sudo systemctl status wg-quick@wg0

# Check Zion's logs
sudo journalctl -u wg-quick@wg0 -f
```

## Security Notes

1. **Zion's private key** should never be shared
2. **Client public keys** are safe to share and add to Zion
3. **IP addresses** should be unique within the 10.8.0.x range
4. **File permissions** should be 600 for all WireGuard configs

## Next Steps

After setting up a new node:

1. Run the setup script: `./wireguard_setup.sh`
2. Use the helper script to generate Zion peer config: `./generate_zion_peer.sh`
3. Add the peer to Zion's configuration
4. Restart Zion's WireGuard
5. Start the new node's WireGuard
6. Test connectivity between nodes