# FritzBox Wireguard Setup

This folder contains configuration and documentation for connecting your FritzBox router (home network) to the Kubernetes cluster via a Wireguard Site-to-Site VPN.

## 1. Prerequisites
- Your FritzBox must be running FRITZ!OS 7.50+ (Tested with 8.25).
- The Kubernetes Wireguard endpoint (`k8s/wireguard`) must be deployed and running on `vpn.haumdaucher.de`.

## 2. Connecting the FritzBox

The FritzBox will be configured to connect to the cluster via a "LAN-to-LAN" coupling. Since we prefer "infrastructure as code", we have pre-generated the exact configuration file. For FritzBox specifically, this requires a manual import step.

1. Locate the file `fritzbox-wireguard.secret.conf` in this directory. 
2. Ensure you have unlocked `git-crypt` so you can read its decrypted contents.
3. Open your FritzBox Web Interface (usually `http://fritz.box`).
4. Navigate to **Internet > Permit Access > VPN (WireGuard)**.
5. Click on **Add Connection** (or "Verbindung hinzufügen").
6. Select **Connect networks or establish special connections** (Netzwerke koppeln oder spezielle Verbindungen herstellen).
7. Ask if it has been set up on the other side -> choose **Yes** (or choose to upload a config file directly).
8. Choose **Upload a configuration file** and select the decrypted `fritzbox-wireguard.secret.conf` file.
9. Finish the setup.

The FritzBox will immediately try to connect to `vpn.haumdaucher.de:51820`.

## 3. Verifying the Connection

### From the Kubernetes Side
Connect to your cluster and check the Wireguard pod logs:
```bash
# Get the pod name
kubectl get pods -n wireguard

# Execute into the pod to check connection status
kubectl exec -it <pod-name> -n wireguard -- wg show
```
You should see a peer connected and the `latest handshake` timestamp indicating a successful connection.

### Bidirectional Ping Test
1. **Cluster -> Home Network:**
   Exec into any pod in your cluster (e.g., a toolbox or home-assistant pod) and ping a device on your local network:
   ```bash
   ping 192.168.10.1  # Ping your FritzBox local IP
   ```
2. **Home Network -> Cluster:**
   From your laptop at home, try to ping a known K8s Service IP (e.g., `10.233.0.1` for kubernetes default service, or a specific pod IP):
   ```bash
   ping 10.233.0.1
   ```

## Backups
Any future manual configurations, firmware backups, or notes related to the FritzBox should be stored within this `fritzbox/` folder. Use `.secret` extensions for any files containing sensitive tokens or passwords.