theis.gaedigk/wg-easy-ca-lose
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Allow override vars to skip initial setup; split username/password from host/port in groups

Browse Source 
- Modified initialSetup to use WG_* override vars as fallback for INIT_* vars
- Split group 1: USERNAME and PASSWORD remain in group 1
- Moved HOST and PORT to group 2 (can use WG_HOST and WG_CLIENT_PORT)
- DNS moved to group 3 (can use WG_DEFAULT_DNS)
- CIDR moved to group 4 (can use WG_IPV4_CIDR and WG_IPV6_CIDR)
- Allowed IPs moved to group 5 (can use WG_DEFAULT_ALLOWED_IPS)
- Updated documentation to explain override fallback behavior
- Setup can now be skipped with INIT_USERNAME, INIT_PASSWORD, and override vars

Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-11-17 09:34:01 +00:00
parent 432e7a8197
commit 7fbc1cef68
2 changed files with 46 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/content/advanced/config/unattended-setup.md
+15 -8
View File
@@ -7,22 +7,29 @@ If you want to run the setup without any user interaction, e.g. with a tool like
These will only be used during the first start of the container. After that, the setup will be disabled.
| Env | Example | Description | Group |
| ------------------ | ---------------------------- | --------------------------------------------------------- | ----- |
| ------------------ | ---------------------------- | ---------------------------- | ----- |
| `INIT_ENABLED` | `true` | Enables the below env vars | 0 |
| `INIT_USERNAME` | `admin` | Sets admin username | 1 |
| `INIT_PASSWORD` | `Se!ureP%ssw` | Sets admin password | 1 |
| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 1 |
| `INIT_PORT` | `51820` | Port clients will connect to and wireguard will listen on | 1 |
| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 2 |
| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 3 |
| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 3 |
| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 4 |
| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 2 |
| `INIT_PORT` | `51820` | Port clients will connect to | 2 |
| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 3 |
| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 4 |
| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 4 |
| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 5 |
/// warning | Variables have to be used together
If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.
If you want to skip the setup process, you have to configure group `1`
To skip the setup process, you must configure group `1` (username and password). Groups 2-5 can optionally use the corresponding `WG_*` override environment variables instead (see [Configuration Overrides](/advanced/config/optional-config#configuration-overrides)):
- **Group 2 (Host & Port):** Can use `WG_HOST` and `WG_CLIENT_PORT` instead of `INIT_HOST` and `INIT_PORT`
- **Group 3 (DNS):** Can use `WG_DEFAULT_DNS` instead of `INIT_DNS`
- **Group 4 (CIDR):** Can use `WG_IPV4_CIDR` and `WG_IPV6_CIDR` instead of `INIT_IPV4_CIDR` and `INIT_IPV6_CIDR`
- **Group 5 (Allowed IPs):** Can use `WG_DEFAULT_ALLOWED_IPS` instead of `INIT_ALLOWED_IPS`
This allows you to skip the initial setup while using override variables for runtime configuration.
///
/// note | Security
src/server/database/sqlite.ts
+27 -11
View File
@@ -79,41 +79,57 @@ async function initialSetup(db: DBServiceType) {
return;
}
if (WG_INITIAL_ENV.IPV4_CIDR && WG_INITIAL_ENV.IPV6_CIDR) {
// Use INIT vars or fall back to override vars for CIDR
const ipv4Cidr = WG_INITIAL_ENV.IPV4_CIDR ?? WG_OVERRIDE_ENV.IPV4_CIDR;
const ipv6Cidr = WG_INITIAL_ENV.IPV6_CIDR ?? WG_OVERRIDE_ENV.IPV6_CIDR;
if (ipv4Cidr && ipv6Cidr) {
DB_DEBUG('Setting initial CIDR...');
await db.interfaces.updateCidr({
ipv4Cidr: WG_INITIAL_ENV.IPV4_CIDR,
ipv6Cidr: WG_INITIAL_ENV.IPV6_CIDR,
ipv4Cidr,
ipv6Cidr,
});
}
if (WG_INITIAL_ENV.DNS) {
// Use INIT vars or fall back to override vars for DNS
const dns = WG_INITIAL_ENV.DNS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_DNS;
if (dns) {
DB_DEBUG('Setting initial DNS...');
await db.userConfigs.update({
defaultDns: WG_INITIAL_ENV.DNS,
defaultDns: dns,
});
}
if (WG_INITIAL_ENV.ALLOWED_IPS) {
// Use INIT vars or fall back to override vars for Allowed IPs
const allowedIps = WG_INITIAL_ENV.ALLOWED_IPS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_ALLOWED_IPS;
if (allowedIps) {
DB_DEBUG('Setting initial Allowed IPs...');
await db.userConfigs.update({
defaultAllowedIps: WG_INITIAL_ENV.ALLOWED_IPS,
defaultAllowedIps: allowedIps,
});
}
// Use INIT vars or fall back to override vars for HOST and PORT
const host = WG_INITIAL_ENV.HOST ?? WG_CLIENT_OVERRIDE_ENV.HOST;
const port = WG_INITIAL_ENV.PORT ?? WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT;
// Setup completion requires USERNAME and PASSWORD (no overrides for these)
// HOST and PORT can come from either INIT vars or override vars
if (
WG_INITIAL_ENV.USERNAME &&
WG_INITIAL_ENV.PASSWORD &&
WG_INITIAL_ENV.HOST &&
WG_INITIAL_ENV.PORT
host &&
port
) {
DB_DEBUG('Creating initial user...');
await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD);
DB_DEBUG('Setting initial host and port...');
await db.userConfigs.updateHostPort(
WG_INITIAL_ENV.HOST,
WG_INITIAL_ENV.PORT
host,
port
);
await db.general.setSetupStep(0);