4 changed files with 11 additions and 79 deletions
--- a/cmd/jpictl/list.go
+++ b/cmd/jpictl/list.go
@ -108,7 +108,7 @@ func (*inventory) renderRingOneZone(out *tools.LazyBuffer, r *cluster.Region, z
 	z.ForEachMachine(func(m *cluster.Machine) bool {
 		addr := m.RingOneAddress()
 		cidr := netip.PrefixFrom(addr, 32)
-		_ = out.Printf("%s\t\t%s-%v\n", cidr, m.Name, 1)
+		_ = out.Printf("%s\t\t%s\n", cidr, m.Name)
 		return false
 	})
 	return nil
--- a/pkg/cluster/errors.go
+++ b/pkg/cluster/errors.go
@ -25,5 +25,5 @@ var (
 // ErrInvalidRing returns an error indicating the [rings.RingID]
 // can't be used for the intended purpose
 func ErrInvalidRing(ringID rings.RingID) error {
-	return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID)
+	return core.QuietWrap(fs.ErrInvalid, "invalid ring %v", ringID-1)
 }
--- a/pkg/cluster/rings.go
+++ b/pkg/cluster/rings.go
@ -27,8 +27,6 @@ func AsWireguardInterfaceID(ring rings.RingID) (WireguardInterfaceID, error) {
 	switch ring {
 	case rings.RingZeroID:
 		return 0, nil
 	case rings.RingOneID:
 		return 1, nil
 	default:
 		return 0, ErrInvalidRing(ring)
 	}
@ -148,17 +146,9 @@ var (
 		Decode: rings.DecodeRingZeroAddress,
 		Encode: rings.RingZeroAddress,
 	}
 	// RingOne is a wg1 address encoder/decoder
 	RingOne = RingAddressEncoder{
 		ID:     rings.RingOneID,
 		Port:   RingOnePort,
 		Decode: rings.DecodeRingOneAddress,
 		Encode: rings.RingOneAddress,
 	}
 	// Rings provides indexed access to the ring address encoders
 	Rings = []RingAddressEncoder{
 		RingZero,
 		RingOne,
 	}
 )
@ -201,61 +191,17 @@ func (r *Ring) AddPeer(p *Machine) bool {
 		},
 	}
-	switch {
+	r.setRingZeroAllowedIPs(rp)
 	case r.ID == rings.RingZeroID:
 		r.setRingZeroAllowedIPs(rp)
 	case p.IsGateway():
 		r.setRingOneGatewayAllowedIPs(rp)
 	default:
 		r.setRingOneNodeAllowedIPs(rp)
 	}
 	r.Peers = append(r.Peers, rp)
 	return true
 }
-func (r *Ring) setRingZeroAllowedIPs(rp *RingPeer) {
+func (*Ring) setRingZeroAllowedIPs(rp *RingPeer) {
-	regionID, zoneID, _, _ := r.Decode(rp.Address)
+	// ring0 peer
 	// everyone on ring0 is a gateway to ring1
 	subnet, _ := rings.RingOnePrefix(regionID, zoneID)
 	rp.AllowSubnet(subnet)
 	// peer
 	rp.AllowCIDR(rp.Address, 32)
 }
 func (r *Ring) setRingOneGatewayAllowedIPs(rp *RingPeer) {
 	regionID, zoneID, _, _ := r.Decode(rp.Address)
 	// peer
 	rp.AllowCIDR(rp.Address, 32)
-	// ring1 gateways connect to all other ring1 networks
+	// everyone on ring0 has a leg on ring1
-	r.ForEachZone(func(z *Zone) bool {
+	rp.AllowCIDR(rp.Node.RingOneAddress(), 32)
 		if !z.Is(regionID, zoneID) {
 			subnet := z.RingOnePrefix()
 			rp.AllowSubnet(subnet)
 		}
 		return false
 	})
 	// ring1 gateways also connect to all ring0 addresses
 	r.ForEachZone(func(z *Zone) bool {
 		z.ForEachMachine(func(p *Machine) bool {
 			if p.IsGateway() {
 				addr, _ := p.RingZeroAddress()
 				rp.AllowCIDR(addr, 32)
 			}
 			return false
 		})
 		return false
 	})
 }
 func (*Ring) setRingOneNodeAllowedIPs(rp *RingPeer) {
 	// only to the peer itself
 	rp.AllowCIDR(rp.Address, 32)
 }
 // ForEachMachine calls a function for each Machine in the ring
--- a/pkg/cluster/wireguard.go
+++ b/pkg/cluster/wireguard.go
@ -82,13 +82,6 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error {
 	switch ring {
 	case rings.RingZeroID:
 		return writeWireguardConfig(m, m, ring)
 	case rings.RingOneID:
 		var err error
 		m.ForEachZone(func(z *Zone) bool {
 			err = writeWireguardConfig(m, z, ring)
 			return err != nil
 		})
 		return err
 	default:
 		return ErrInvalidRing(ring)
 	}
@ -97,10 +90,12 @@ func (m *Cluster) WriteWireguardConfig(ring rings.RingID) error {
 // WriteWireguardConfig rewrites all wgN.conf on all machines
 // on the Zone attached to that ring
 func (z *Zone) WriteWireguardConfig(ring rings.RingID) error {
-	if ring == rings.RingZeroID || ring == rings.RingOneID {
+	switch ring {
 	case rings.RingZeroID:
 		return writeWireguardConfig(z.zones, z.zones, ring)
 	default:
 		return ErrInvalidRing(ring)
 	}
 	return ErrInvalidRing(ring)
 }
 func writeWireguardConfig(z ZoneIterator, m MachineIterator, ring rings.RingID) error {
@ -161,13 +156,6 @@ func (m *Cluster) SyncWireguardConfig(ring rings.RingID) error {
 	switch ring {
 	case rings.RingZeroID:
 		return syncWireguardConfig(m, m, ring)
 	case rings.RingOneID:
 		var err error
 		m.ForEachZone(func(z *Zone) bool {
 			err = syncWireguardConfig(m, z, ring)
 			return err != nil
 		})
 		return err
 	default:
 		return ErrInvalidRing(ring)
 	}
@ -179,8 +167,6 @@ func (z *Zone) SyncWireguardConfig(ring rings.RingID) error {
 	switch ring {
 	case rings.RingZeroID:
 		return syncWireguardConfig(z.zones, z.zones, ring)
 	case rings.RingOneID:
 		return syncWireguardConfig(z.zones, z, ring)
 	default:
 		return ErrInvalidRing(ring)
 	}