Allow admin panel updates to be saved while overrides remain effective; remove WG_ENABLED

- Remove WG_ENABLED environment variable (interface cannot be disabled) - Allow all admin panel updates to be saved to database - Environment variable overrides take precedence at runtime only - Users can now update values in admin panel even when overridden - Updated documentation to clarify override behavior Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>
2025-11-14 13:41:33 +00:00
parent 67185192fd
commit 11ab71b5d2
6 changed files with 38 additions and 99 deletions
@@ -23,46 +23,45 @@ This option can be removed in the future, as more devices support IPv6.
 ## Configuration Overrides
-These environment variables allow you to override settings that would normally be configured through the Admin Panel. When set, these values take precedence over database settings and cannot be changed through the Web UI.
+These environment variables allow you to override settings that would normally be configured through the Admin Panel. When set, these values take precedence over database settings at runtime.
 ### Interface Settings
-| Env            | Example           | Description                        |
+| Env            | Example       | Description               |
-| -------------- | ----------------- | ---------------------------------- |
+| -------------- | ------------- | ------------------------- |
-| `WG_PORT`      | `51820`           | WireGuard interface listening port |
+| `WG_PORT`      | `51820`       | WireGuard interface port  |
-| `WG_DEVICE`    | `eth0`            | Network device/interface           |
+| `WG_DEVICE`    | `eth0`        | Network device/interface  |
-| `WG_MTU`       | `1420`            | Maximum Transmission Unit          |
+| `WG_MTU`       | `1420`        | Maximum Transmission Unit |
-| `WG_IPV4_CIDR` | `10.8.0.0/24`     | IPv4 CIDR range                    |
+| `WG_IPV4_CIDR` | `10.8.0.0/24` | IPv4 CIDR range           |
-| `WG_IPV6_CIDR` | `fdcc::/112`      | IPv6 CIDR range                    |
+| `WG_IPV6_CIDR` | `fdcc::/112`  | IPv6 CIDR range           |
 | `WG_ENABLED`   | `true` or `false` | Whether the interface is enabled   |
 ### Client Connection Settings
-| Env                               | Example           | Description                              |
+| Env                               | Example           | Description                     |
-| --------------------------------- | ----------------- | ---------------------------------------- |
+| --------------------------------- | ----------------- | ------------------------------- |
-| `WG_HOST`                         | `vpn.example.com` | Host clients will connect to             |
+| `WG_HOST`                         | `vpn.example.com` | Host clients will connect to    |
-| `WG_CLIENT_PORT`                  | `51820`           | Port clients will connect to             |
+| `WG_CLIENT_PORT`                  | `51820`           | Port clients will connect to    |
-| `WG_DEFAULT_DNS`                  | `1.1.1.1,8.8.8.8` | Default DNS servers for clients          |
+| `WG_DEFAULT_DNS`                  | `1.1.1.1,8.8.8.8` | Default DNS servers for clients |
-| `WG_DEFAULT_ALLOWED_IPS`          | `0.0.0.0/0,::/0`  | Default allowed IPs for clients          |
+| `WG_DEFAULT_ALLOWED_IPS`          | `0.0.0.0/0,::/0`  | Default allowed IPs for clients |
-| `WG_DEFAULT_MTU`                  | `1420`            | Default MTU for clients                  |
+| `WG_DEFAULT_MTU`                  | `1420`            | Default MTU for clients         |
-| `WG_DEFAULT_PERSISTENT_KEEPALIVE` | `25`              | Default persistent keepalive for clients |
+| `WG_DEFAULT_PERSISTENT_KEEPALIVE` | `25`              | Default persistent keepalive    |
 ### General Settings
-| Env                     | Example           | Description                |
+| Env                     | Example           | Description               |
-| ----------------------- | ----------------- | -------------------------- |
+| ----------------------- | ----------------- | ------------------------- |
-| `WG_SESSION_TIMEOUT`    | `3600`            | Session timeout in seconds |
+| `WG_SESSION_TIMEOUT`    | `3600`            | Session timeout (seconds) |
-| `WG_METRICS_PROMETHEUS` | `true` or `false` | Enable Prometheus metrics  |
+| `WG_METRICS_PROMETHEUS` | `true` or `false` | Enable Prometheus metrics |
-| `WG_METRICS_JSON`       | `true` or `false` | Enable JSON metrics        |
+| `WG_METRICS_JSON`       | `true` or `false` | Enable JSON metrics       |
 /// warning | Override Behavior
 When these override environment variables are set:
- The specified values will be used instead of database settings
+- The specified values will be used at runtime instead of database settings
- Changes made through the Web UI to these fields will not take effect
+- You can still update these fields through the Web UI and they will be saved to the database
- The Web UI will still display the overridden values
+- However, the overridden values from environment variables will always take precedence
- Updates to these fields via the API will be ignored
+- The Web UI will display the overridden (effective) values
 These overrides are useful for containerized environments where configuration should be controlled externally.
@@ -9,19 +9,9 @@ export default definePermissionEventHandler(
      validateZod(GeneralUpdateSchema, event)
    );
-    // Remove overridden fields from the update data
+    // Allow all updates to be saved to database
-    const updateData = { ...data };
+    // Overrides will be applied when reading/using the values
-    if (WG_GENERAL_OVERRIDE_ENV.SESSION_TIMEOUT !== undefined) {
+    await Database.general.update(data);
      delete updateData.sessionTimeout;
    }
    if (WG_GENERAL_OVERRIDE_ENV.METRICS_PROMETHEUS !== undefined) {
      delete updateData.metricsPrometheus;
    }
    if (WG_GENERAL_OVERRIDE_ENV.METRICS_JSON !== undefined) {
      delete updateData.metricsJson;
    }
    await Database.general.update(updateData);
    return { success: true };
  }
 );
@@ -9,16 +9,9 @@ export default definePermissionEventHandler(
      validateZod(InterfaceCidrUpdateSchema, event)
    );
-    // Remove overridden fields from the update data
+    // Allow all updates to be saved to database
-    const updateData = { ...data };
+    // Overrides will be applied when reading/using the values
-    if (WG_OVERRIDE_ENV.IPV4_CIDR !== undefined) {
+    await Database.interfaces.updateCidr(data);
      delete updateData.ipv4Cidr;
    }
    if (WG_OVERRIDE_ENV.IPV6_CIDR !== undefined) {
      delete updateData.ipv6Cidr;
    }
    await Database.interfaces.updateCidr(updateData);
    await WireGuard.saveConfig();
    return { success: true };
  }
@@ -9,28 +9,9 @@ export default definePermissionEventHandler(
      validateZod(InterfaceUpdateSchema, event)
    );
-    // Remove overridden fields from the update data
+    // Allow all updates to be saved to database
-    const updateData = { ...data };
+    // Overrides will be applied when reading/using the values
-    if (WG_OVERRIDE_ENV.PORT !== undefined) {
+    await Database.interfaces.update(data);
      delete updateData.port;
    }
    if (WG_OVERRIDE_ENV.DEVICE !== undefined) {
      delete updateData.device;
    }
    if (WG_OVERRIDE_ENV.MTU !== undefined) {
      delete updateData.mtu;
    }
    if (WG_OVERRIDE_ENV.IPV4_CIDR !== undefined) {
      delete updateData.ipv4Cidr;
    }
    if (WG_OVERRIDE_ENV.IPV6_CIDR !== undefined) {
      delete updateData.ipv6Cidr;
    }
    if (WG_OVERRIDE_ENV.ENABLED !== undefined) {
      delete updateData.enabled;
    }
    await Database.interfaces.update(updateData);
    await WireGuard.saveConfig();
    return { success: true };
  }
@@ -9,28 +9,9 @@ export default definePermissionEventHandler(
      validateZod(UserConfigUpdateSchema, event)
    );
-    // Remove overridden fields from the update data
+    // Allow all updates to be saved to database
-    const updateData = { ...data };
+    // Overrides will be applied when reading/using the values
-    if (WG_CLIENT_OVERRIDE_ENV.HOST !== undefined) {
+    await Database.userConfigs.update(data);
      delete updateData.host;
    }
    if (WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT !== undefined) {
      delete updateData.port;
    }
    if (WG_CLIENT_OVERRIDE_ENV.DEFAULT_DNS !== undefined) {
      delete updateData.defaultDns;
    }
    if (WG_CLIENT_OVERRIDE_ENV.DEFAULT_ALLOWED_IPS !== undefined) {
      delete updateData.defaultAllowedIps;
    }
    if (WG_CLIENT_OVERRIDE_ENV.DEFAULT_MTU !== undefined) {
      delete updateData.defaultMtu;
    }
    if (WG_CLIENT_OVERRIDE_ENV.DEFAULT_PERSISTENT_KEEPALIVE !== undefined) {
      delete updateData.defaultPersistentKeepalive;
    }
    await Database.userConfigs.update(updateData);
    await WireGuard.saveConfig();
    return { success: true };
  }
@@ -69,10 +69,6 @@ export const WG_OVERRIDE_ENV = {
  IPV4_CIDR: process.env.WG_IPV4_CIDR,
  /** Override the IPv6 CIDR */
  IPV6_CIDR: process.env.WG_IPV6_CIDR,
  /** Override the enabled status */
  ENABLED: process.env.WG_ENABLED === 'true' ? true :
           process.env.WG_ENABLED === 'false' ? false :
           undefined,
 };
 export const WG_CLIENT_OVERRIDE_ENV = {
@@ -125,7 +121,7 @@ function assertEnv<T extends string>(env: T) {
 * Apply environment variable overrides to an interface object
 */
 export function applyInterfaceOverrides<
-  T extends { port: number; device: string; mtu: number; ipv4Cidr: string; ipv6Cidr: string; enabled: boolean },
+  T extends { port: number; device: string; mtu: number; ipv4Cidr: string; ipv6Cidr: string },
 >(wgInterface: T): T {
  return {
    ...wgInterface,
@@ -134,7 +130,6 @@ export function applyInterfaceOverrides<
    mtu: WG_OVERRIDE_ENV.MTU ?? wgInterface.mtu,
    ipv4Cidr: WG_OVERRIDE_ENV.IPV4_CIDR ?? wgInterface.ipv4Cidr,
    ipv6Cidr: WG_OVERRIDE_ENV.IPV6_CIDR ?? wgInterface.ipv6Cidr,
    enabled: WG_OVERRIDE_ENV.ENABLED ?? wgInterface.enabled,
  };
 }