diff --git a/docs/content/advanced/config/unattended-setup.md b/docs/content/advanced/config/unattended-setup.md index b0444d93..46a86363 100644 --- a/docs/content/advanced/config/unattended-setup.md +++ b/docs/content/advanced/config/unattended-setup.md @@ -6,23 +6,30 @@ If you want to run the setup without any user interaction, e.g. with a tool like These will only be used during the first start of the container. After that, the setup will be disabled. -| Env | Example | Description | Group | -| ------------------ | ---------------------------- | --------------------------------------------------------- | ----- | -| `INIT_ENABLED` | `true` | Enables the below env vars | 0 | -| `INIT_USERNAME` | `admin` | Sets admin username | 1 | -| `INIT_PASSWORD` | `Se!ureP%ssw` | Sets admin password | 1 | -| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 1 | -| `INIT_PORT` | `51820` | Port clients will connect to and wireguard will listen on | 1 | -| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 2 | -| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 3 | -| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 3 | -| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 4 | +| Env | Example | Description | Group | +| ------------------ | ---------------------------- | ---------------------------- | ----- | +| `INIT_ENABLED` | `true` | Enables the below env vars | 0 | +| `INIT_USERNAME` | `admin` | Sets admin username | 1 | +| `INIT_PASSWORD` | `Se!ureP%ssw` | Sets admin password | 1 | +| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 2 | +| `INIT_PORT` | `51820` | Port clients will connect to | 2 | +| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 3 | +| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 4 | +| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 4 | +| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 5 | /// warning | Variables have to be used together If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`. -If you want to skip the setup process, you have to configure group `1` +To skip the setup process, you must configure group `1` (username and password). Groups 2-5 can optionally use the corresponding `WG_*` override environment variables instead (see [Configuration Overrides](/advanced/config/optional-config#configuration-overrides)): + +- **Group 2 (Host & Port):** Can use `WG_HOST` and `WG_CLIENT_PORT` instead of `INIT_HOST` and `INIT_PORT` +- **Group 3 (DNS):** Can use `WG_DEFAULT_DNS` instead of `INIT_DNS` +- **Group 4 (CIDR):** Can use `WG_IPV4_CIDR` and `WG_IPV6_CIDR` instead of `INIT_IPV4_CIDR` and `INIT_IPV6_CIDR` +- **Group 5 (Allowed IPs):** Can use `WG_DEFAULT_ALLOWED_IPS` instead of `INIT_ALLOWED_IPS` + +This allows you to skip the initial setup while using override variables for runtime configuration. /// /// note | Security diff --git a/src/server/database/sqlite.ts b/src/server/database/sqlite.ts index bae94133..47d8a73f 100644 --- a/src/server/database/sqlite.ts +++ b/src/server/database/sqlite.ts @@ -79,41 +79,57 @@ async function initialSetup(db: DBServiceType) { return; } - if (WG_INITIAL_ENV.IPV4_CIDR && WG_INITIAL_ENV.IPV6_CIDR) { + // Use INIT vars or fall back to override vars for CIDR + const ipv4Cidr = WG_INITIAL_ENV.IPV4_CIDR ?? WG_OVERRIDE_ENV.IPV4_CIDR; + const ipv6Cidr = WG_INITIAL_ENV.IPV6_CIDR ?? WG_OVERRIDE_ENV.IPV6_CIDR; + + if (ipv4Cidr && ipv6Cidr) { DB_DEBUG('Setting initial CIDR...'); await db.interfaces.updateCidr({ - ipv4Cidr: WG_INITIAL_ENV.IPV4_CIDR, - ipv6Cidr: WG_INITIAL_ENV.IPV6_CIDR, + ipv4Cidr, + ipv6Cidr, }); } - if (WG_INITIAL_ENV.DNS) { + // Use INIT vars or fall back to override vars for DNS + const dns = WG_INITIAL_ENV.DNS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_DNS; + + if (dns) { DB_DEBUG('Setting initial DNS...'); await db.userConfigs.update({ - defaultDns: WG_INITIAL_ENV.DNS, + defaultDns: dns, }); } - if (WG_INITIAL_ENV.ALLOWED_IPS) { + // Use INIT vars or fall back to override vars for Allowed IPs + const allowedIps = WG_INITIAL_ENV.ALLOWED_IPS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_ALLOWED_IPS; + + if (allowedIps) { DB_DEBUG('Setting initial Allowed IPs...'); await db.userConfigs.update({ - defaultAllowedIps: WG_INITIAL_ENV.ALLOWED_IPS, + defaultAllowedIps: allowedIps, }); } + // Use INIT vars or fall back to override vars for HOST and PORT + const host = WG_INITIAL_ENV.HOST ?? WG_CLIENT_OVERRIDE_ENV.HOST; + const port = WG_INITIAL_ENV.PORT ?? WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT; + + // Setup completion requires USERNAME and PASSWORD (no overrides for these) + // HOST and PORT can come from either INIT vars or override vars if ( WG_INITIAL_ENV.USERNAME && WG_INITIAL_ENV.PASSWORD && - WG_INITIAL_ENV.HOST && - WG_INITIAL_ENV.PORT + host && + port ) { DB_DEBUG('Creating initial user...'); await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD); DB_DEBUG('Setting initial host and port...'); await db.userConfigs.updateHostPort( - WG_INITIAL_ENV.HOST, - WG_INITIAL_ENV.PORT + host, + port ); await db.general.setSetupStep(0);