Allow override vars to skip initial setup; split username/password from host/port in groups
- Modified initialSetup to use WG_* override vars as fallback for INIT_* vars - Split group 1: USERNAME and PASSWORD remain in group 1 - Moved HOST and PORT to group 2 (can use WG_HOST and WG_CLIENT_PORT) - DNS moved to group 3 (can use WG_DEFAULT_DNS) - CIDR moved to group 4 (can use WG_IPV4_CIDR and WG_IPV6_CIDR) - Allowed IPs moved to group 5 (can use WG_DEFAULT_ALLOWED_IPS) - Updated documentation to explain override fallback behavior - Setup can now be skipped with INIT_USERNAME, INIT_PASSWORD, and override vars Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -6,23 +6,30 @@ If you want to run the setup without any user interaction, e.g. with a tool like
|
|||||||
|
|
||||||
These will only be used during the first start of the container. After that, the setup will be disabled.
|
These will only be used during the first start of the container. After that, the setup will be disabled.
|
||||||
|
|
||||||
| Env | Example | Description | Group |
|
| Env | Example | Description | Group |
|
||||||
| ------------------ | ---------------------------- | --------------------------------------------------------- | ----- |
|
| ------------------ | ---------------------------- | ---------------------------- | ----- |
|
||||||
| `INIT_ENABLED` | `true` | Enables the below env vars | 0 |
|
| `INIT_ENABLED` | `true` | Enables the below env vars | 0 |
|
||||||
| `INIT_USERNAME` | `admin` | Sets admin username | 1 |
|
| `INIT_USERNAME` | `admin` | Sets admin username | 1 |
|
||||||
| `INIT_PASSWORD` | `Se!ureP%ssw` | Sets admin password | 1 |
|
| `INIT_PASSWORD` | `Se!ureP%ssw` | Sets admin password | 1 |
|
||||||
| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 1 |
|
| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 2 |
|
||||||
| `INIT_PORT` | `51820` | Port clients will connect to and wireguard will listen on | 1 |
|
| `INIT_PORT` | `51820` | Port clients will connect to | 2 |
|
||||||
| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 2 |
|
| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 3 |
|
||||||
| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 3 |
|
| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 4 |
|
||||||
| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 3 |
|
| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 4 |
|
||||||
| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 4 |
|
| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 5 |
|
||||||
|
|
||||||
/// warning | Variables have to be used together
|
/// warning | Variables have to be used together
|
||||||
|
|
||||||
If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.
|
If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.
|
||||||
|
|
||||||
If you want to skip the setup process, you have to configure group `1`
|
To skip the setup process, you must configure group `1` (username and password). Groups 2-5 can optionally use the corresponding `WG_*` override environment variables instead (see [Configuration Overrides](/advanced/config/optional-config#configuration-overrides)):
|
||||||
|
|
||||||
|
- **Group 2 (Host & Port):** Can use `WG_HOST` and `WG_CLIENT_PORT` instead of `INIT_HOST` and `INIT_PORT`
|
||||||
|
- **Group 3 (DNS):** Can use `WG_DEFAULT_DNS` instead of `INIT_DNS`
|
||||||
|
- **Group 4 (CIDR):** Can use `WG_IPV4_CIDR` and `WG_IPV6_CIDR` instead of `INIT_IPV4_CIDR` and `INIT_IPV6_CIDR`
|
||||||
|
- **Group 5 (Allowed IPs):** Can use `WG_DEFAULT_ALLOWED_IPS` instead of `INIT_ALLOWED_IPS`
|
||||||
|
|
||||||
|
This allows you to skip the initial setup while using override variables for runtime configuration.
|
||||||
///
|
///
|
||||||
|
|
||||||
/// note | Security
|
/// note | Security
|
||||||
|
|||||||
@@ -79,41 +79,57 @@ async function initialSetup(db: DBServiceType) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (WG_INITIAL_ENV.IPV4_CIDR && WG_INITIAL_ENV.IPV6_CIDR) {
|
// Use INIT vars or fall back to override vars for CIDR
|
||||||
|
const ipv4Cidr = WG_INITIAL_ENV.IPV4_CIDR ?? WG_OVERRIDE_ENV.IPV4_CIDR;
|
||||||
|
const ipv6Cidr = WG_INITIAL_ENV.IPV6_CIDR ?? WG_OVERRIDE_ENV.IPV6_CIDR;
|
||||||
|
|
||||||
|
if (ipv4Cidr && ipv6Cidr) {
|
||||||
DB_DEBUG('Setting initial CIDR...');
|
DB_DEBUG('Setting initial CIDR...');
|
||||||
await db.interfaces.updateCidr({
|
await db.interfaces.updateCidr({
|
||||||
ipv4Cidr: WG_INITIAL_ENV.IPV4_CIDR,
|
ipv4Cidr,
|
||||||
ipv6Cidr: WG_INITIAL_ENV.IPV6_CIDR,
|
ipv6Cidr,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if (WG_INITIAL_ENV.DNS) {
|
// Use INIT vars or fall back to override vars for DNS
|
||||||
|
const dns = WG_INITIAL_ENV.DNS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_DNS;
|
||||||
|
|
||||||
|
if (dns) {
|
||||||
DB_DEBUG('Setting initial DNS...');
|
DB_DEBUG('Setting initial DNS...');
|
||||||
await db.userConfigs.update({
|
await db.userConfigs.update({
|
||||||
defaultDns: WG_INITIAL_ENV.DNS,
|
defaultDns: dns,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
if (WG_INITIAL_ENV.ALLOWED_IPS) {
|
// Use INIT vars or fall back to override vars for Allowed IPs
|
||||||
|
const allowedIps = WG_INITIAL_ENV.ALLOWED_IPS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_ALLOWED_IPS;
|
||||||
|
|
||||||
|
if (allowedIps) {
|
||||||
DB_DEBUG('Setting initial Allowed IPs...');
|
DB_DEBUG('Setting initial Allowed IPs...');
|
||||||
await db.userConfigs.update({
|
await db.userConfigs.update({
|
||||||
defaultAllowedIps: WG_INITIAL_ENV.ALLOWED_IPS,
|
defaultAllowedIps: allowedIps,
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Use INIT vars or fall back to override vars for HOST and PORT
|
||||||
|
const host = WG_INITIAL_ENV.HOST ?? WG_CLIENT_OVERRIDE_ENV.HOST;
|
||||||
|
const port = WG_INITIAL_ENV.PORT ?? WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT;
|
||||||
|
|
||||||
|
// Setup completion requires USERNAME and PASSWORD (no overrides for these)
|
||||||
|
// HOST and PORT can come from either INIT vars or override vars
|
||||||
if (
|
if (
|
||||||
WG_INITIAL_ENV.USERNAME &&
|
WG_INITIAL_ENV.USERNAME &&
|
||||||
WG_INITIAL_ENV.PASSWORD &&
|
WG_INITIAL_ENV.PASSWORD &&
|
||||||
WG_INITIAL_ENV.HOST &&
|
host &&
|
||||||
WG_INITIAL_ENV.PORT
|
port
|
||||||
) {
|
) {
|
||||||
DB_DEBUG('Creating initial user...');
|
DB_DEBUG('Creating initial user...');
|
||||||
await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD);
|
await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD);
|
||||||
|
|
||||||
DB_DEBUG('Setting initial host and port...');
|
DB_DEBUG('Setting initial host and port...');
|
||||||
await db.userConfigs.updateHostPort(
|
await db.userConfigs.updateHostPort(
|
||||||
WG_INITIAL_ENV.HOST,
|
host,
|
||||||
WG_INITIAL_ENV.PORT
|
port
|
||||||
);
|
);
|
||||||
|
|
||||||
await db.general.setSetupStep(0);
|
await db.general.setSetupStep(0);
|
||||||
|
|||||||
Reference in New Issue
Block a user