fix override and init option

2025-11-17 11:23:51 +01:00
parent 516a3fa72c
commit b29703af86
6 changed files with 50 additions and 66 deletions
@@ -84,7 +84,10 @@ Some overrides will not be applied to existing clients until they are manually e
 /// note | Note on Port Variables
 - `WG_PORT` - The port WireGuard listens on (interface port)
- `WG_CLIENT_PORT` - The port clients connect to (endpoint port, usually same as `WG_PORT`)
+- `WG_CLIENT_PORT` - The port clients connect to (endpoint port, uses `WG_PORT` if not set)
 - `PORT` - The port the Web UI listens on (HTTP server port)
 In most cases you will only need to set `WG_PORT` to change the WireGuard port.
 Keep in mind that you have to adjust both sides of the port publish option in your docker setup.
 ///
@@ -11,25 +11,20 @@ These will only be used during the first start of the container. After that, the
 | `INIT_ENABLED`     | `true`                       | Enables the below env vars   | 0     |
 | `INIT_USERNAME`    | `admin`                      | Sets admin username          | 1     |
 | `INIT_PASSWORD`    | `Se!ureP%ssw`                | Sets admin password          | 1     |
-| `INIT_HOST`        | `vpn.example.com`            | Host clients will connect to | 2     |
+| `INIT_HOST`        | `vpn.example.com`            | Host clients will connect to | 1\*   |
-| `INIT_PORT`        | `51820`                      | Port clients will connect to | 2     |
+| `INIT_PORT`        | `51820`                      | Port clients will connect to | 1\*   |
-| `INIT_DNS`         | `1.1.1.1,8.8.8.8`            | Sets global dns setting      | 3     |
+| `INIT_DNS`         | `1.1.1.1,8.8.8.8`            | Sets global dns setting      | 2     |
-| `INIT_IPV4_CIDR`   | `10.8.0.0/24`                | Sets IPv4 cidr               | 4     |
+| `INIT_IPV4_CIDR`   | `10.8.0.0/24`                | Sets IPv4 cidr               | 3     |
-| `INIT_IPV6_CIDR`   | `2001:0DB8::/32`             | Sets IPv6 cidr               | 4     |
+| `INIT_IPV6_CIDR`   | `2001:0DB8::/32`             | Sets IPv6 cidr               | 3     |
-| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs      | 5     |
+| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs      | 4     |
 /// warning | Variables have to be used together
 If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.
-To skip the setup process, you must configure group `1` (username and password). Groups 2-5 can optionally use the corresponding `WG_*` override environment variables instead (see [Configuration Overrides](/advanced/config/optional-config#configuration-overrides)):
+To skip the setup process, you must configure group `1`. You can alternatively use `WG_HOST` and `WG_PORT` to set the host and port without using the `INIT_` variables.
- **Group 2 (Host & Port):** Can use `WG_HOST` and `WG_CLIENT_PORT` instead of `INIT_HOST` and `INIT_PORT`
+Avoid setting both `INIT_` and `WG_` variables for the same setting to prevent confusion.
 - **Group 3 (DNS):** Can use `WG_DEFAULT_DNS` instead of `INIT_DNS`
 - **Group 4 (CIDR):** Can use `WG_IPV4_CIDR` and `WG_IPV6_CIDR` instead of `INIT_IPV4_CIDR` and `INIT_IPV6_CIDR`
 - **Group 5 (Allowed IPs):** Can use `WG_DEFAULT_ALLOWED_IPS` instead of `INIT_ALLOWED_IPS`
 This allows you to skip the initial setup while using override variables for runtime configuration.
 ///
 /// note | Security
@@ -55,11 +55,9 @@ const _submit = useSubmit(
    method: 'post',
  },
  {
-    revert: async (success) => {
+    revert: async (success, data) => {
      if (success) {
-        // Check if setup is complete (host/port were auto-set from overrides)
+        if (data?.setupDone) {
        const setupStatus = await $fetch('/api/general/setup');
        if (setupStatus.done) {
          // Setup is complete, redirect to success page
          await navigateTo('/setup/success');
        } else {
@@ -8,13 +8,13 @@ export default defineSetupEventHandler(2, async ({ event }) => {
  await Database.users.create(username, password);
-  // If host and port are overridden by environment variables, skip step 4
+  // If host and port are already set by environment variables, skip step 4
-  const host = WG_CLIENT_OVERRIDE_ENV.HOST;
+  const host = WG_INITIAL_ENV.HOST ?? WG_CLIENT_OVERRIDE_ENV.HOST;
-  const port = WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT;
+  const port = WG_INITIAL_ENV.PORT ?? WG_INTERFACE_OVERRIDE_ENV.PORT;
-  if (host && port) {
+  const setupDone = host && port;
-    // Set the host and port from override variables
+
-    await Database.userConfigs.updateHostPort(host, port);
+  if (setupDone) {
    // Skip to done
    await Database.general.setSetupStep(0);
  } else {
@@ -22,5 +22,5 @@ export default defineSetupEventHandler(2, async ({ event }) => {
    await Database.general.setSetupStep(3);
  }
-  return { success: true };
+  return { success: true, setupDone: setupDone };
 });
@@ -79,60 +79,48 @@ async function initialSetup(db: DBServiceType) {
    return;
  }
-  // Use INIT vars or fall back to override vars for CIDR
+  if (WG_INITIAL_ENV.IPV4_CIDR && WG_INITIAL_ENV.IPV6_CIDR) {
  const ipv4Cidr = WG_INITIAL_ENV.IPV4_CIDR ?? WG_OVERRIDE_ENV.IPV4_CIDR;
  const ipv6Cidr = WG_INITIAL_ENV.IPV6_CIDR ?? WG_OVERRIDE_ENV.IPV6_CIDR;
  if (ipv4Cidr && ipv6Cidr) {
    DB_DEBUG('Setting initial CIDR...');
    await db.interfaces.updateCidr({
-      ipv4Cidr,
+      ipv4Cidr: WG_INITIAL_ENV.IPV4_CIDR,
-      ipv6Cidr,
+      ipv6Cidr: WG_INITIAL_ENV.IPV6_CIDR,
    });
  }
-  // Use INIT vars or fall back to override vars for DNS
+  if (WG_INITIAL_ENV.DNS) {
  const dns = WG_INITIAL_ENV.DNS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_DNS;
  if (dns) {
    DB_DEBUG('Setting initial DNS...');
    await db.userConfigs.update({
-      defaultDns: dns,
+      defaultDns: WG_INITIAL_ENV.DNS,
    });
  }
-  // Use INIT vars or fall back to override vars for Allowed IPs
+  if (WG_INITIAL_ENV.ALLOWED_IPS) {
  const allowedIps = WG_INITIAL_ENV.ALLOWED_IPS ?? WG_CLIENT_OVERRIDE_ENV.DEFAULT_ALLOWED_IPS;
  if (allowedIps) {
    DB_DEBUG('Setting initial Allowed IPs...');
    await db.userConfigs.update({
-      defaultAllowedIps: allowedIps,
+      defaultAllowedIps: WG_INITIAL_ENV.ALLOWED_IPS,
    });
  }
  if (WG_INITIAL_ENV.USERNAME && WG_INITIAL_ENV.PASSWORD) {
    DB_DEBUG('Creating initial user...');
    await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD);
    await db.general.setSetupStep(3);
  }
  // Use INIT vars or fall back to override vars for HOST and PORT
  const host = WG_INITIAL_ENV.HOST ?? WG_CLIENT_OVERRIDE_ENV.HOST;
-  const port = WG_INITIAL_ENV.PORT ?? WG_CLIENT_OVERRIDE_ENV.CLIENT_PORT;
+  const port = WG_INITIAL_ENV.PORT ?? WG_INTERFACE_OVERRIDE_ENV.PORT;
  // Setup completion requires USERNAME and PASSWORD (no overrides for these)
  // HOST and PORT can come from either INIT vars or override vars
-  if (
+  if (host && port) {
    WG_INITIAL_ENV.USERNAME &&
    WG_INITIAL_ENV.PASSWORD &&
    host &&
    port
  ) {
    DB_DEBUG('Creating initial user...');
    await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD);
    DB_DEBUG('Setting initial host and port...');
-    await db.userConfigs.updateHostPort(
+    await db.userConfigs.updateHostPort(host, port);
      host,
      port
    );
-    await db.general.setSetupStep(0);
+    // Setup completion requires USERNAME and PASSWORD (no overrides for these)
    if (WG_INITIAL_ENV.USERNAME && WG_INITIAL_ENV.PASSWORD) {
      await db.general.setSetupStep(0);
    }
  }
 }
@@ -54,7 +54,7 @@ export const WG_INITIAL_ENV = {
    : undefined,
 };
-export const WG_OVERRIDE_ENV = {
+export const WG_INTERFACE_OVERRIDE_ENV = {
  /** Override the WireGuard interface port */
  PORT: process.env.WG_PORT
    ? Number.parseInt(process.env.WG_PORT, 10)
@@ -72,10 +72,10 @@ export const WG_OVERRIDE_ENV = {
 export const WG_CLIENT_OVERRIDE_ENV = {
  /** Override the client connection host */
  HOST: process.env.WG_HOST,
-  /** Override the client connection port (different from WG_PORT which is the interface port) */
+  /** Override the client connection port (falls back to Interface Port) */
  CLIENT_PORT: process.env.WG_CLIENT_PORT
    ? Number.parseInt(process.env.WG_CLIENT_PORT, 10)
-    : undefined,
+    : WG_INTERFACE_OVERRIDE_ENV.PORT,
  /** Override default client DNS servers */
  DEFAULT_DNS: process.env.WG_DEFAULT_DNS?.split(',').map((x) => x.trim()),
  /** Override default client allowed IPs */
@@ -150,11 +150,11 @@ export function applyInterfaceOverrides<
 >(wgInterface: T): T {
  return {
    ...wgInterface,
-    port: WG_OVERRIDE_ENV.PORT ?? wgInterface.port,
+    port: WG_INTERFACE_OVERRIDE_ENV.PORT ?? wgInterface.port,
-    device: WG_OVERRIDE_ENV.DEVICE ?? wgInterface.device,
+    device: WG_INTERFACE_OVERRIDE_ENV.DEVICE ?? wgInterface.device,
-    mtu: WG_OVERRIDE_ENV.MTU ?? wgInterface.mtu,
+    mtu: WG_INTERFACE_OVERRIDE_ENV.MTU ?? wgInterface.mtu,
-    ipv4Cidr: WG_OVERRIDE_ENV.IPV4_CIDR ?? wgInterface.ipv4Cidr,
+    ipv4Cidr: WG_INTERFACE_OVERRIDE_ENV.IPV4_CIDR ?? wgInterface.ipv4Cidr,
-    ipv6Cidr: WG_OVERRIDE_ENV.IPV6_CIDR ?? wgInterface.ipv6Cidr,
+    ipv6Cidr: WG_INTERFACE_OVERRIDE_ENV.IPV6_CIDR ?? wgInterface.ipv6Cidr,
  };
 }