From b29703af8614b32f874163b3d05aa457492a737d Mon Sep 17 00:00:00 2001 From: Bernd Storath <999999bst@gmail.com> Date: Mon, 17 Nov 2025 11:23:51 +0100 Subject: [PATCH] fix override and init option --- .../advanced/config/optional-config.md | 5 +- .../advanced/config/unattended-setup.md | 21 +++----- src/app/pages/setup/2.vue | 6 +-- src/server/api/setup/2.post.ts | 14 ++--- src/server/database/sqlite.ts | 54 ++++++++----------- src/server/utils/config.ts | 16 +++--- 6 files changed, 50 insertions(+), 66 deletions(-) diff --git a/docs/content/advanced/config/optional-config.md b/docs/content/advanced/config/optional-config.md index 36cb6d54..8ffdc32f 100644 --- a/docs/content/advanced/config/optional-config.md +++ b/docs/content/advanced/config/optional-config.md @@ -84,7 +84,10 @@ Some overrides will not be applied to existing clients until they are manually e /// note | Note on Port Variables - `WG_PORT` - The port WireGuard listens on (interface port) -- `WG_CLIENT_PORT` - The port clients connect to (endpoint port, usually same as `WG_PORT`) +- `WG_CLIENT_PORT` - The port clients connect to (endpoint port, uses `WG_PORT` if not set) - `PORT` - The port the Web UI listens on (HTTP server port) +In most cases you will only need to set `WG_PORT` to change the WireGuard port. +Keep in mind that you have to adjust both sides of the port publish option in your docker setup. + /// diff --git a/docs/content/advanced/config/unattended-setup.md b/docs/content/advanced/config/unattended-setup.md index 46a86363..fe05fc76 100644 --- a/docs/content/advanced/config/unattended-setup.md +++ b/docs/content/advanced/config/unattended-setup.md @@ -11,25 +11,20 @@ These will only be used during the first start of the container. After that, the | `INIT_ENABLED` | `true` | Enables the below env vars | 0 | | `INIT_USERNAME` | `admin` | Sets admin username | 1 | | `INIT_PASSWORD` | `Se!ureP%ssw` | Sets admin password | 1 | -| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 2 | -| `INIT_PORT` | `51820` | Port clients will connect to | 2 | -| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 3 | -| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 4 | -| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 4 | -| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 5 | +| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 1\* | +| `INIT_PORT` | `51820` | Port clients will connect to | 1\* | +| `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 2 | +| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 3 | +| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 3 | +| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 4 | /// warning | Variables have to be used together If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`. -To skip the setup process, you must configure group `1` (username and password). Groups 2-5 can optionally use the corresponding `WG_*` override environment variables instead (see [Configuration Overrides](/advanced/config/optional-config#configuration-overrides)): +To skip the setup process, you must configure group `1`. You can alternatively use `WG_HOST` and `WG_PORT` to set the host and port without using the `INIT_` variables. -- **Group 2 (Host & Port):** Can use `WG_HOST` and `WG_CLIENT_PORT` instead of `INIT_HOST` and `INIT_PORT` -- **Group 3 (DNS):** Can use `WG_DEFAULT_DNS` instead of `INIT_DNS` -- **Group 4 (CIDR):** Can use `WG_IPV4_CIDR` and `WG_IPV6_CIDR` instead of `INIT_IPV4_CIDR` and `INIT_IPV6_CIDR` -- **Group 5 (Allowed IPs):** Can use `WG_DEFAULT_ALLOWED_IPS` instead of `INIT_ALLOWED_IPS` - -This allows you to skip the initial setup while using override variables for runtime configuration. +Avoid setting both `INIT_` and `WG_` variables for the same setting to prevent confusion. /// /// note | Security diff --git a/src/app/pages/setup/2.vue b/src/app/pages/setup/2.vue index d10f1d99..5e5ca0db 100644 --- a/src/app/pages/setup/2.vue +++ b/src/app/pages/setup/2.vue @@ -55,11 +55,9 @@ const _submit = useSubmit( method: 'post', }, { - revert: async (success) => { + revert: async (success, data) => { if (success) { - // Check if setup is complete (host/port were auto-set from overrides) - const setupStatus = await $fetch('/api/general/setup'); - if (setupStatus.done) { + if (data?.setupDone) { // Setup is complete, redirect to success page await navigateTo('/setup/success'); } else { diff --git a/src/server/api/setup/2.post.ts b/src/server/api/setup/2.post.ts index bfc195be..129f0a06 100644 --- a/src/server/api/setup/2.post.ts +++ b/src/server/api/setup/2.post.ts @@ -8,13 +8,13 @@ export default defineSetupEventHandler(2, async ({ event }) => { await Database.users.create(username, password); - // If host and port are overridden by environment variables, skip step 4 - const host = WG_CLIENT_OVERRIDE_ENV.HOST; - const port = WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT; + // If host and port are already set by environment variables, skip step 4 + const host = WG_INITIAL_ENV.HOST ?? WG_CLIENT_OVERRIDE_ENV.HOST; + const port = WG_INITIAL_ENV.PORT ?? WG_INTERFACE_OVERRIDE_ENV.PORT; - if (host && port) { - // Set the host and port from override variables - await Database.userConfigs.updateHostPort(host, port); + const setupDone = host && port; + + if (setupDone) { // Skip to done await Database.general.setSetupStep(0); } else { @@ -22,5 +22,5 @@ export default defineSetupEventHandler(2, async ({ event }) => { await Database.general.setSetupStep(3); } - return { success: true }; + return { success: true, setupDone: setupDone }; }); diff --git a/src/server/database/sqlite.ts b/src/server/database/sqlite.ts index 47d8a73f..980d7eda 100644 --- a/src/server/database/sqlite.ts +++ b/src/server/database/sqlite.ts @@ -79,60 +79,48 @@ async function initialSetup(db: DBServiceType) { return; } - // Use INIT vars or fall back to override vars for CIDR - const ipv4Cidr = WG_INITIAL_ENV.IPV4_CIDR ?? WG_OVERRIDE_ENV.IPV4_CIDR; - const ipv6Cidr = WG_INITIAL_ENV.IPV6_CIDR ?? WG_OVERRIDE_ENV.IPV6_CIDR; - - if (ipv4Cidr && ipv6Cidr) { + if (WG_INITIAL_ENV.IPV4_CIDR && WG_INITIAL_ENV.IPV6_CIDR) { DB_DEBUG('Setting initial CIDR...'); await db.interfaces.updateCidr({ - ipv4Cidr, - ipv6Cidr, + ipv4Cidr: WG_INITIAL_ENV.IPV4_CIDR, + ipv6Cidr: WG_INITIAL_ENV.IPV6_CIDR, }); } - // Use INIT vars or fall back to override vars for DNS - const dns = WG_INITIAL_ENV.DNS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_DNS; - - if (dns) { + if (WG_INITIAL_ENV.DNS) { DB_DEBUG('Setting initial DNS...'); await db.userConfigs.update({ - defaultDns: dns, + defaultDns: WG_INITIAL_ENV.DNS, }); } - // Use INIT vars or fall back to override vars for Allowed IPs - const allowedIps = WG_INITIAL_ENV.ALLOWED_IPS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_ALLOWED_IPS; - - if (allowedIps) { + if (WG_INITIAL_ENV.ALLOWED_IPS) { DB_DEBUG('Setting initial Allowed IPs...'); await db.userConfigs.update({ - defaultAllowedIps: allowedIps, + defaultAllowedIps: WG_INITIAL_ENV.ALLOWED_IPS, }); } + if (WG_INITIAL_ENV.USERNAME && WG_INITIAL_ENV.PASSWORD) { + DB_DEBUG('Creating initial user...'); + await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD); + + await db.general.setSetupStep(3); + } + // Use INIT vars or fall back to override vars for HOST and PORT const host = WG_INITIAL_ENV.HOST ?? WG_CLIENT_OVERRIDE_ENV.HOST; - const port = WG_INITIAL_ENV.PORT ?? WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT; + const port = WG_INITIAL_ENV.PORT ?? WG_INTERFACE_OVERRIDE_ENV.PORT; - // Setup completion requires USERNAME and PASSWORD (no overrides for these) // HOST and PORT can come from either INIT vars or override vars - if ( - WG_INITIAL_ENV.USERNAME && - WG_INITIAL_ENV.PASSWORD && - host && - port - ) { - DB_DEBUG('Creating initial user...'); - await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD); - + if (host && port) { DB_DEBUG('Setting initial host and port...'); - await db.userConfigs.updateHostPort( - host, - port - ); + await db.userConfigs.updateHostPort(host, port); - await db.general.setSetupStep(0); + // Setup completion requires USERNAME and PASSWORD (no overrides for these) + if (WG_INITIAL_ENV.USERNAME && WG_INITIAL_ENV.PASSWORD) { + await db.general.setSetupStep(0); + } } } diff --git a/src/server/utils/config.ts b/src/server/utils/config.ts index 3f5081ae..0a8ddfb4 100644 --- a/src/server/utils/config.ts +++ b/src/server/utils/config.ts @@ -54,7 +54,7 @@ export const WG_INITIAL_ENV = { : undefined, }; -export const WG_OVERRIDE_ENV = { +export const WG_INTERFACE_OVERRIDE_ENV = { /** Override the WireGuard interface port */ PORT: process.env.WG_PORT ? Number.parseInt(process.env.WG_PORT, 10) @@ -72,10 +72,10 @@ export const WG_OVERRIDE_ENV = { export const WG_CLIENT_OVERRIDE_ENV = { /** Override the client connection host */ HOST: process.env.WG_HOST, - /** Override the client connection port (different from WG_PORT which is the interface port) */ + /** Override the client connection port (falls back to Interface Port) */ CLIENT_PORT: process.env.WG_CLIENT_PORT ? Number.parseInt(process.env.WG_CLIENT_PORT, 10) - : undefined, + : WG_INTERFACE_OVERRIDE_ENV.PORT, /** Override default client DNS servers */ DEFAULT_DNS: process.env.WG_DEFAULT_DNS?.split(',').map((x) => x.trim()), /** Override default client allowed IPs */ @@ -150,11 +150,11 @@ export function applyInterfaceOverrides< >(wgInterface: T): T { return { ...wgInterface, - port: WG_OVERRIDE_ENV.PORT ?? wgInterface.port, - device: WG_OVERRIDE_ENV.DEVICE ?? wgInterface.device, - mtu: WG_OVERRIDE_ENV.MTU ?? wgInterface.mtu, - ipv4Cidr: WG_OVERRIDE_ENV.IPV4_CIDR ?? wgInterface.ipv4Cidr, - ipv6Cidr: WG_OVERRIDE_ENV.IPV6_CIDR ?? wgInterface.ipv6Cidr, + port: WG_INTERFACE_OVERRIDE_ENV.PORT ?? wgInterface.port, + device: WG_INTERFACE_OVERRIDE_ENV.DEVICE ?? wgInterface.device, + mtu: WG_INTERFACE_OVERRIDE_ENV.MTU ?? wgInterface.mtu, + ipv4Cidr: WG_INTERFACE_OVERRIDE_ENV.IPV4_CIDR ?? wgInterface.ipv4Cidr, + ipv6Cidr: WG_INTERFACE_OVERRIDE_ENV.IPV6_CIDR ?? wgInterface.ipv6Cidr, }; }