docs: fix configuration

Signed-off-by: Steffen Vogel <post@steffenvogel.de>

docs/Configuration.md

@@ -12,21 +12,15 @@ A full overview is available in its [manpage](./usage/md/wice_daemon.md).
 Alternatively a configuration file can be used for a persistent configuration:
 
 ```yaml title="wice.yaml"
-domain: 0l.de
 watch_interval: 1s
 community: "some-common-password"
 
 backends:
-- grpc://localhost:8080?insecure=true
+- grpc://localhost:8080?insecure=true&skip_verify=true
 - k8s:///path/to/your/kubeconfig.yaml?namespace=default
 
 # WireGuard settings
-wg:
-  # Use wg / wg-quick configuration files
-  config:
-      path: /etc/wireguard
-      sync: false
-    
+wireguard:  
   # Create WireGuard interfaces using bundled wireguard-go Userspace implementation
   # This will be the default if there is no WireGuard kernel module present.
   userspace: false
@@ -38,6 +32,12 @@ wg:
   interfaces:
   - wg-vpn
 
+  # Port range for ListenPort setting of newly created WireGuard interfaces
+  # wice will select the first available port in this range.
+  port:
+    min: 52820
+    max: 65535
+
 # Control socket settings
 socket:
   path: /var/run/wice.sock
@@ -46,13 +46,35 @@ socket:
   # Mostly useful for testing automation
   wait: false
 
-# Interactive Connectivity Establishment
+# Synchronize WireGuard interface configurations with wg(8) config-files.
+config_sync:
+  enabled: false
+  
+  # Directory where Wireguard configuration files are located.
+  # We expect the same format as used by wg(8) and wg-quick(8).
+  # Filenames must match the interface name with a '.conf' suffix.
+  path: /etc/wireguard
+
+  # Watch the configuration files for changes and apply them accordingly.
+  watch: false
+  
+# Synchronize WireGuard AllowedIPs with Kernel routing table
+route_sync:
+  enabled: true
+
+  table: main
+
+# Discover the WireGuard endpoint of peers
+endpoint_disc:
+  enabled: true
+
+  # Interactive Connectivity Establishment parameters
   ice:
     # A list of STUN and TURN servers used by ICE
     urls:
-  - stun:l.google.com:19302
+    - stun:stun.l.google.com:19302
 
-  # Credentils for STUN/TURN servers configured above
+    # Credentials for STUN/TURN servers configured above
     username: ""
     password: ""
 
@@ -61,7 +83,7 @@ ice:
     insecure_skip_verify: false
 
     # Limit available network and candidate types
-  network-types: [udp4, udp6, tcp4, tcp6]
+    network_types: [udp4, udp6, tcp4, tcp6]
     candidate_types: [host, srflx, prflx ,relay]
 
     # Regular expression whitelist of interfaces which are used to gather ICE candidates.
@@ -83,10 +105,9 @@ ice:
     nat_1to1_ips: []
 
     # Limit the port range used by ICE
-  # This is optional. Leave them 0 for the default UDP port allocation strategy.
     port:
-      max: 0
-      min: 0
+        min: 49152
+        max: 65535
 
     # The check interval controls how often our task loop runs when in the connecting state.
     check_interval: 200ms
@@ -101,16 +122,6 @@ ice:
     # Determines how often should we send ICE keepalives (should be less then connection timeout above).
     # A keepalive interval of 0 means we never send keepalive packets
     keepalive_interval: 2s
-
-# Settings for forwarding / proxying encapsulated WireGuard traffic between
-# pion/ice and the Kernel WireGuard interfaces
-proxy:
-  # Use NFtables to setup a port redirect / NAT for server reflexive candidates
-  nft: true
-
-  # Use a RAW socket with an attached eBPF socket filter to receive STUN packets while
-  # all other data is directly received by the ListenPort of a kernel-space WireGuard interface.
-  ebpf: true
 ```
 
 ## Environment Variables
@@ -121,15 +132,15 @@ All the settings from the configuration file can also be passed via environment
 -   Prefixing the setting name with `WICE_`
 -   Nested settings are separated by underscores
 
-**Example:** The setting `ice.max_binding_requests` can be set by the environment variable `WICE_ICE_MAX_BINDING_REQUESTS`
+**Example:** The setting `endpoint_disc.ice.max_binding_requests` can be set by the environment variable `WICE_ENDPOINT_DISC_ICE_MAX_BINDING_REQUESTS`
 
-**Note:** Setting lists such as `ice.urls` or `backends` can currently not be set via environment variables.
+**Note:** Setting lists such as `endpoint_disc.ice.urls` or `backends` can currently not be set via environment variables.
 
 ## DNS Auto-configuration
 
 ɯice als supports retrieving parts of the configuration via DNS lookups.
 
-When `wice daemon` is started with a `--config-domain example.com` parameter it will look for the following DNS records to obtain its configuration.
+When `wice daemon` is started with a `--domain example.com` parameter it will look for the following DNS records to obtain its configuration.
 
 STUN and TURN servers used for ICE are retrieved by SVR lookups and other ɯice settings are retrieved via TXT lookups: 
 
@@ -142,8 +153,8 @@ _turns._tcp.example.com. 3600 IN SRV 10 0 5349 turn.example.com.
 
 example.com.             3600 IN TXT "wice-backend=p2p"
 example.com.             3600 IN TXT "wice-community=my-community-password"
-example.com.             3600 IN TXT "wice-ice-username=user1"
-example.com.             3600 IN TXT "wice-ice-password=pass1"
+example.com.             3600 IN TXT "wice-endpoint-disc-ice-username=user1"
+example.com.             3600 IN TXT "wice-endpoint-disc-ice-password=pass1"
 example.com.             3600 IN TXT "wice-config=https://example.com/wice.yaml"
 ```
 

docs/Installation.md

@@ -13,8 +13,8 @@ These binary versions can be manually downloaded and installed.
 1.  [Download your desired version](https://github.com/stv0g/wice/releases)
 2.  Unzip it: `gunzip wice_0.0.1_linux_amd64.gz`
 3.  Move the unzipped binary to its desired destination: `mv wice_0.0.1_linux_amd64 /usr/local/bin/wice`
-5. Make it executable: `chmod +x /usr/local/bin/wice`
-6. From there, you should be able to run the client and add the stable repo: `wice help`.
+4.  Make it executable: `chmod +x /usr/local/bin/wice`
+5.  From there, you should be able to run the client and add the stable repo: `wice help`.
 
 **Note:** ɯice automated tests are performed for Linux, macOS and Windows on x86_64, ARMv6, ARMv8 amd ARM64 architectures.
 Testing of other OSes are the responsibility of the community requesting ɯice for the OS in question.
@@ -27,9 +27,9 @@ You can fetch that script, and then execute it locally.
 It's well documented so that you can read through it and understand what it is doing before you run it.
 
 ```bash
-$ curl -fsSL -o get_wice.sh https://raw.githubusercontent.com/stv0g/wice/master/scripts/get_wice.sh
-$ chmod 700 get_wice.sh
-$ ./get_wice.sh
+curl -fsSL -o get_wice.sh https://raw.githubusercontent.com/stv0g/wice/master/scripts/get_wice.sh
+chmod 700 get_wice.sh
+./get_wice.sh
 ```
 
 Yes, you can `curl https://raw.githubusercontent.com/stv0g/wice/master/scripts/get_wice.sh | bash` if you want to live on the edge.
@@ -66,8 +66,8 @@ Building ɯice is fairly easy and allows you to install the latest unreleased ve
 
 You must have a working Go environment.
 
-```
-$ go install riasc.eu/wice/cmd@latest
+```bash
+go install riasc.eu/wice/cmd@latest
 ```
 
 If required, it will fetch the dependencies and cache them, and validate configuration.

etc/wice.yaml

@@ -2,7 +2,7 @@ watch_interval: 1s
 community: "some-common-password"
 
 backends:
-- grpc://localhost:8080?insecure=true
+- grpc://localhost:8080?insecure=true&skip_verify=true
 - k8s:///path/to/your/kubeconfig.yaml?namespace=default
 
 # WireGuard settings
@@ -58,7 +58,7 @@ endpoint_disc:
   ice:
     # A list of STUN and TURN servers used by ICE
     urls:
-    - stun:l.google.com:19302
+    - stun:stun.l.google.com:19302
 
     # Credentials for STUN/TURN servers configured above
     username: ""