Bump version to 15.1.0

Add option to disable ipv6 (#1951 )
* add option to disable ipv6 * don't add ipv6 address * update docs
2025-07-01 08:50:21 +02:00 · 2025-07-01 07:57:14 +02:00 · 2025-06-30 08:01:26 +02:00 · 2025-06-30 07:55:00 +02:00 · 2025-06-30 07:54:45 +02:00 · 2025-06-27 08:25:02 +02:00
115 changed files with 7018 additions and 3242 deletions
@@ -1,23 +0,0 @@
-# http://editorconfig.org
-root = true
-
-[*]
-indent_style = space
-indent_size = 2
-end_of_line = lf
-charset = utf-8
-trim_trailing_whitespace = true
-insert_final_newline = true
-
-# The JSON files contain newlines inconsistently
-[*.json]
-insert_final_newline = ignore
-
-# Minified JavaScript files shouldn't be changed
-[**.min.js]
-indent_style = ignore
-insert_final_newline = ignore
-
-[*.md]
-trim_trailing_whitespace = false
-
@@ -4,21 +4,38 @@ on:
  workflow_dispatch:

 jobs:
-  docker:
-    name: Build & Deploy Docker
-    runs-on: ubuntu-latest
+  docker-build:
+    name: Build Docker
+    runs-on: ${{ matrix.arch.os }}
    if: github.repository_owner == 'wg-easy'
    permissions:
      packages: write
-      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            os: ubuntu-latest
+          - platform: linux/arm64
+            os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
    steps:
      - uses: actions/checkout@v4

-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - name: Prepare
+        run: |
+          platform=${{ matrix.arch.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/wg-easy/wg-easy
+          flavor: |
+            latest=false

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
@@ -27,15 +44,83 @@ jobs:
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

-      - name: Build & Publish Docker Image
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push by digest
+        id: build
        uses: docker/build-push-action@v6
        with:
          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: ghcr.io/wg-easy/wg-easy:development
-          cache-from: type=gha
-          cache-to: type=gha,mode=min
+          platforms: ${{ matrix.arch.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ghcr.io/wg-easy/wg-easy
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha,scope=build-${{ env.PLATFORM_PAIR }}
+          cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  docker-merge:
+    name: Merge & Deploy Docker
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
+    permissions:
+      packages: write
+    needs: docker-build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/wg-easy/wg-easy
+          flavor: |
+            latest=false
+          tags: |
+            type=raw,value=development
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'ghcr.io/wg-easy/wg-easy@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ghcr.io/wg-easy/wg-easy:${{ steps.meta.outputs.version }}

  docs:
    name: Build & Deploy Docs
@@ -43,7 +128,7 @@ jobs:
    if: github.repository_owner == 'wg-easy'
    permissions:
      contents: write
-    needs: docker
+    needs: docker-merge
    steps:
      - uses: actions/checkout@v4

@@ -0,0 +1,167 @@
+name: Edge
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  docker-build:
+    name: Build Docker
+    runs-on: ${{ matrix.arch.os }}
+    if: github.repository_owner == 'wg-easy'
+    permissions:
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            os: ubuntu-latest
+          - platform: linux/arm64
+            os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: master
+
+      - name: Prepare
+        run: |
+          platform=${{ matrix.arch.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/wg-easy/wg-easy
+          flavor: |
+            latest=false
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: ${{ matrix.arch.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ghcr.io/wg-easy/wg-easy
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha,scope=build-${{ env.PLATFORM_PAIR }}
+          cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  docker-merge:
+    name: Merge & Deploy Docker
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
+    permissions:
+      packages: write
+    needs: docker-build
+    steps:
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/wg-easy/wg-easy
+          flavor: |
+            latest=false
+          tags: |
+            type=raw,value=edge
+
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'ghcr.io/wg-easy/wg-easy@sha256:%s ' *)
+
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ghcr.io/wg-easy/wg-easy:${{ steps.meta.outputs.version }}
+
+  docs:
+    name: Build & Deploy Docs
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
+    permissions:
+      contents: write
+    needs: docker-merge
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: master
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.11.9
+          cache: "pip"
+          cache-dependency-path: docs/requirements.txt
+
+      - name: Install Dependencies
+        run: |
+          pip install -r docs/requirements.txt
+
+      - name: Setup Git User
+        run: |
+          git config --global user.name 'github-actions[bot]'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+
+      - name: Build Docs Website
+        run: |
+          cd docs
+          git fetch origin gh-pages --depth=1 || true
+
+          mike deploy --push --update-aliases edge
@@ -1,77 +0,0 @@
-name: Nightly
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 0 * * *"
-
-jobs:
-  docker:
-    name: Build & Deploy Docker
-    runs-on: ubuntu-latest
-    if: github.repository_owner == 'wg-easy'
-    permissions:
-      packages: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: master
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build & Publish Docker Image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: ghcr.io/wg-easy/wg-easy:nightly
-          cache-from: type=gha
-          cache-to: type=gha,mode=min
-
-  docs:
-    name: Build & Deploy Docs
-    runs-on: ubuntu-latest
-    if: github.repository_owner == 'wg-easy'
-    permissions:
-      contents: write
-    needs: docker
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          ref: master
-
-      - name: Setup Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: 3.11.9
-          cache: "pip"
-          cache-dependency-path: docs/requirements.txt
-
-      - name: Install Dependencies
-        run: |
-          pip install -r docs/requirements.txt
-
-      - name: Setup Git User
-        run: |
-          git config --global user.name 'github-actions[bot]'
-          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
-
-      - name: Build Docs Website
-        run: |
-          cd docs
-          git fetch origin gh-pages --depth=1 || true
-
-          mike deploy --push --update-aliases nightly
@@ -11,14 +11,26 @@ concurrency:
 jobs:
  docker:
    name: Build Docker
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.arch.os }}
    if: github.repository_owner == 'wg-easy'
-    permissions:
-      packages: write
-      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            os: ubuntu-latest
+          - platform: linux/arm64
+            os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
    steps:
      - uses: actions/checkout@v4

+      - name: Prepare
+        run: |
+          platform=${{ matrix.arch.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

@@ -37,7 +49,7 @@ jobs:
        with:
          context: .
          push: false
-          platforms: linux/amd64,linux/arm64
+          platforms: ${{ matrix.arch.platform }}
          tags: ghcr.io/wg-easy/wg-easy:pr
          cache-from: type=gha
-          cache-to: type=gha,mode=min
+          cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
@@ -6,21 +6,107 @@ on:
    tags:
      - "v*"

+# This workflow does not support fixing old versions
+# as this will break the latest and major tags
+
 jobs:
-  docker:
-    name: Build & Deploy Docker
+  docker-build:
+    name: Build Docker
+    runs-on: ${{ matrix.arch.os }}
+    if: |
+      github.repository_owner == 'wg-easy' &&
+      startsWith(github.ref, 'refs/tags/v')
+    permissions:
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - platform: linux/amd64
+            os: ubuntu-latest
+          - platform: linux/arm64
+            os: ubuntu-24.04-arm
+          - platform: linux/arm/v7
+            os: ubuntu-24.04-arm
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Prepare
+        run: |
+          platform=${{ matrix.arch.platform }}
+          echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ghcr.io/wg-easy/wg-easy
+          flavor: |
+            latest=false
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push by digest
+        id: build
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: ${{ matrix.arch.platform }}
+          labels: ${{ steps.meta.outputs.labels }}
+          tags: ghcr.io/wg-easy/wg-easy
+          outputs: type=image,push-by-digest=true,name-canonical=true,push=true
+          cache-from: type=gha,scope=build-${{ env.PLATFORM_PAIR }}
+          cache-to: type=gha,mode=min,scope=build-${{ env.PLATFORM_PAIR }}
+
+      - name: Export digest
+        run: |
+          mkdir -p ${{ runner.temp }}/digests
+          digest="${{ steps.build.outputs.digest }}"
+          touch "${{ runner.temp }}/digests/${digest#sha256:}"
+
+      - name: Upload digest
+        uses: actions/upload-artifact@v4
+        with:
+          name: digests-${{ env.PLATFORM_PAIR }}
+          path: ${{ runner.temp }}/digests/*
+          if-no-files-found: error
+          retention-days: 1
+
+  docker-merge:
+    name: Merge & Deploy Docker
    runs-on: ubuntu-latest
    if: |
      github.repository_owner == 'wg-easy' &&
      startsWith(github.ref, 'refs/tags/v')
    permissions:
      packages: write
-      contents: read
+    needs: docker-build
    steps:
-      - uses: actions/checkout@v4
+      - name: Download digests
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ runner.temp }}/digests
+          pattern: digests-*
+          merge-multiple: true

-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
@@ -31,28 +117,22 @@ jobs:
        with:
          images: |
            ghcr.io/wg-easy/wg-easy
+          flavor: |
+            latest=false
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}
            type=semver,pattern={{major}}.{{minor}}

-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create manifest list and push
+        working-directory: ${{ runner.temp }}/digests
+        run: |
+          docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
+            $(printf 'ghcr.io/wg-easy/wg-easy@sha256:%s ' *)

-      - name: Build & Publish Docker Image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=min
+      - name: Inspect image
+        run: |
+          docker buildx imagetools inspect ghcr.io/wg-easy/wg-easy:${{ steps.meta.outputs.version }}

  docs:
    name: Build & Deploy Docs
@@ -62,7 +142,7 @@ jobs:
      startsWith(github.ref, 'refs/tags/v')
    permissions:
      contents: write
-    needs: docker
+    needs: docker-merge
    steps:
      - uses: actions/checkout@v4

@@ -87,8 +167,6 @@ jobs:
          cd docs
          git fetch origin gh-pages --depth=1 || true

-          # latest will point to old docs if old tag is pushed
-
          # Extract version numbers
          DOCS_VERSION=${GITHUB_REF#refs/tags/} # e.g. v1.2.3 or v1.2.3-beta
          MINOR_VERSION=$(echo $DOCS_VERSION | cut -d. -f1,2) # e.g. v1.2
@@ -7,9 +7,36 @@ on:
  pull_request:

 jobs:
+  docs:
+    name: Check Docs
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'wg-easy'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        name: Install pnpm
+        with:
+          run_install: false
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+          check-latest: true
+          cache: "pnpm"
+
+      - name: Check docs formatting
+        run: |
+          pnpm install
+          pnpm format:check:docs
+
  lint:
    name: Lint
    runs-on: ubuntu-latest
+    needs: docs
    if: github.repository_owner == 'wg-easy'

    strategy:
@@ -1,2 +1,3 @@
 .DS_Store
 *.swp
+node_modules
@@ -9,6 +9,7 @@
    "yoavbls.pretty-ts-errors",
    "bradlc.vscode-tailwindcss",
    "vue.volar",
-    "lokalise.i18n-ally"
+    "lokalise.i18n-ally",
+    "DavidAnson.vscode-markdownlint"
  ]
 }
@@ -18,6 +18,11 @@
  "[json]": {
    "editor.defaultFormatter": "esbenp.prettier-vscode"
  },
+  "[markdown]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode",
+    "editor.tabSize": 4,
+    "editor.useTabStops": false
+  },
  "typescript.tsdk": "./src/node_modules/typescript/lib",
  "i18n-ally.enabledFrameworks": ["vue"],
  "i18n-ally.localesPaths": ["src/i18n/locales"],
@@ -5,11 +5,37 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

-## [Unreleased]
+## [15.1.0] - 2025-07-01
+
+## Added
+
+- Added Ukrainian language (#1906)
+- Add French language (#1924)
+- docs for caddy example (#1939)
+- add docs on how to add/update translation (be26db6)
+- Add german translations (#1889)
+- feat: Add Traditional Chinese (zh-HK) i18n Support (#1988)
+- Add Chinese Simplified (#1990)
+- Add option to disable ipv6 (#1951)
+
+## Fixed
+
+- Updated container launch commands (#1989)
+- update screenshot (962bfa2)
+
+## Changed
+
+- Updated dependencies
+
+## [15.0.0] - 2025-05-28

 We're super excited to announce v15!
 This update is an entire rewrite to make it even easier to set up your own VPN.

+## Breaking Changes
+
+As the whole setup has changed, we recommend to start from scratch. And import your existing configs.
+
 ## Major Changes

 - Almost all Environment variables removed
@@ -23,9 +49,13 @@ This update is an entire rewrite to make it even easier to set up your own VPN.
 - SQLite Database
 - Deprecated Dockerless Installations
 - Added Docker Volume Mount (`/lib/modules`)
- Removed ARMv6 and ARMv7 support
+- Removed ARMv6 support
 - Connections over HTTP require setting the `INSECURE` env var
 - Changed license from CC BY-NC-SA 4.0 to AGPL-3.0-only
+- Added 2FA using TOTP
+- Improved mobile support
+- CLI
+- Replaced `nightly` with `edge`

 ## [14.0.0] - 2024-09-04

@@ -25,8 +25,13 @@ HEALTHCHECK --interval=1m --timeout=5s --retries=3 CMD /usr/bin/timeout 5s /bin/
 COPY --from=build /app/.output /app
 # Copy migrations
 COPY --from=build /app/server/database/migrations /app/server/database/migrations
-# libsql
-RUN cd /app/server && npm install --no-save libsql
+# libsql (https://github.com/nitrojs/nitro/issues/3328)
+RUN cd /app/server && \
+    npm install --no-save libsql && \
+    npm cache clean --force
+# cli
+COPY --from=build /app/cli/cli.sh /usr/local/bin/cli
+RUN chmod +x /usr/local/bin/cli

 # Install Linux packages
 RUN apk add --no-cache \
@@ -34,6 +39,7 @@ RUN apk add --no-cache \
    dumb-init \
    iptables \
    ip6tables \
+    nftables \
    kmod \
    iptables-legacy \
    wireguard-tools
@@ -48,6 +54,7 @@ ENV PORT=51821
 ENV HOST=0.0.0.0
 ENV INSECURE=false
 ENV INIT_ENABLED=false
+ENV DISABLE_IPV6=false

 LABEL org.opencontainers.image.source=https://github.com/wg-easy/wg-easy

@@ -28,6 +28,7 @@ ENV PORT=51821
 ENV HOST=0.0.0.0
 ENV INSECURE=true
 ENV INIT_ENABLED=false
+ENV DISABLE_IPV6=false

 # Install Dependencies
 COPY src/package.json src/pnpm-lock.yaml ./
@@ -36,3 +37,4 @@ RUN pnpm install
 # Copy Project
 COPY src ./

+ENTRYPOINT [ "pnpm", "run" ]
@@ -5,20 +5,14 @@
 [![GitHub Stars](https://img.shields.io/github/stars/wg-easy/wg-easy)](https://github.com/wg-easy/wg-easy/stargazers)
 [![License](https://img.shields.io/github/license/wg-easy/wg-easy)](LICENSE)
 [![GitHub Release](https://img.shields.io/github/v/release/wg-easy/wg-easy)](https://github.com/wg-easy/wg-easy/releases/latest)
-[![Image Pulls](https://img.shields.io/badge/image_pulls-11M-blue)](https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy)
-
-<!-- TODO: remove after release -->
-
-> [!WARNING]
-> You are viewing the README of the pre-release of v15.
-> If you want to setup wg-easy right now. Read the README in the production branch here: [README](https://github.com/wg-easy/wg-easy/tree/production) or here for the last nightly: [README](https://github.com/wg-easy/wg-easy/tree/c6dce0f6fb2e28e7e40ddac1498bd67e9bb17cba)
+[![Image Pulls](https://img.shields.io/badge/image_pulls-12M+-blue)](https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy)

 You have found the easiest way to install & manage WireGuard on any Linux host!

 <!-- TOOD: update screenshot -->

 <p align="center">
-  <img src="./assets/screenshot.png" width="802" />
+  <img src="./assets/screenshot.png" width="802" alt="wg-easy Screenshot" />
 </p>

 ## Features
@@ -38,48 +32,27 @@ You have found the easiest way to install & manage WireGuard on any Linux host!
 - Prometheus metrics support
 - IPv6 support
 - CIDR support
+- 2FA support

 > [!NOTE]
 > To better manage documentation for this project, it has its own site here: [https://wg-easy.github.io/wg-easy/latest](https://wg-easy.github.io/wg-easy/latest)

-<!-- TODO: remove after release -->
-
-> [!WARNING]
-> As the Docs are still in Pre-release, you can access them here [https://wg-easy.github.io/wg-easy/Pre-release](https://wg-easy.github.io/wg-easy/Pre-release)
-
 - [Getting Started](https://wg-easy.github.io/wg-easy/latest/getting-started/)
 - [Basic Installation](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/basic-installation/)
 - [Caddy](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/caddy/)
- [Nginx](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/nginx/)
 - [Traefik](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/traefik/)
- [Podman](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/podman/)
+- [Podman](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/podman-nft/)
 - [AdGuard Home](https://wg-easy.github.io/wg-easy/latest/examples/tutorials/adguard/)

 > [!NOTE]
 > If you want to migrate from the old version to the new version, you can find the migration guide here: [Migration Guide](https://wg-easy.github.io/wg-easy/latest/advanced/migrate/)

-## Requirements
-
- A host with a kernel that supports WireGuard (all modern kernels).
- A host with Docker installed.
-
-## Versions
-
-> 💡 We follow semantic versioning (semver)
-
-We offer multiple Docker image tags to suit your needs. The table below is in a particular order, with the first tag being the most recommended:
-
-| tag           | Branch                                                     | Example                                                       | Description                                                                                                                          |
-| ------------- | ---------------------------------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
-| `15`          | latest minor for that major tag                            | `ghcr.io/wg-easy/wg-easy:15`                                  | latest features for specific major versions, no breaking changes                                                                     |
-| `latest`      | latest tag                                                 | `ghcr.io/wg-easy/wg-easy:latest` or `ghcr.io/wg-easy/wg-easy` | stable as possible get bug fixes quickly when needed, see Releases for more information.                                             |
-| `15.0`        | latest patch for that minor tag                            | `ghcr.io/wg-easy/wg-easy:15.0`                                | latest patches for specific minor version                                                                                            |
-| `15.0.0`      | specific tag                                               | `ghcr.io/wg-easy/wg-easy:15.0.0`                              | specific release, don't use this as this will not get updated                                                                        |
-| `nightly`     | [`master`](https://github.com/wg-easy/wg-easy/tree/master) | `ghcr.io/wg-easy/wg-easy:nightly`                             | mostly unstable gets frequent package and code updates, deployed against [`master`](https://github.com/wg-easy/wg-easy/tree/master). |
-| `development` | pull requests                                              | `ghcr.io/wg-easy/wg-easy:development`                         | used for development, testing code from PRs before landing into [`master`](https://github.com/wg-easy/wg-easy/tree/master).          |
-
 ## Installation

+This is a quick start guide to get you up and running with WireGuard Easy.
+
+For a more detailed installation guide, please refer to the [Getting Started](https://wg-easy.github.io/wg-easy/latest/getting-started/) page.
+
 ### 1. Install Docker

 If you haven't installed Docker yet, install it by running as root:
@@ -95,14 +68,13 @@ And log in again.

 The easiest way to run WireGuard Easy is with Docker Compose.

-Just download [`docker-compose.yml`](docker-compose.yml), make necessary adjustments and
-execute `sudo docker compose up -d`.
+Just download [`docker-compose.yml`](docker-compose.yml) and execute `sudo docker compose up -d`.

-Now setup a reverse proxy to be able to access the Web UI from the internet.
+Now setup a reverse proxy to be able to access the Web UI securely from the internet.

 If you want to access the Web UI over HTTP, change the env var `INSECURE` to `true`. This is not recommended. Only use this for testing

-### Donate
+## Donate

 Are you enjoying this project? Consider donating.

@@ -133,6 +105,15 @@ If you add something that should be auto-importable and VSCode complains, run:
 ```shell
 cd src
 pnpm install
+cd ..
+```
+
+### Test Cli
+
+This starts the cli with docker
+
+```shell
+pnpm cli:dev
 ```

 ## License
@@ -2,7 +2,7 @@ services:
  wg-easy:
    build:
      dockerfile: ./Dockerfile.dev
-    command: pnpm run dev
+    command: dev
    volumes:
      - ./src/:/app/
      - temp:/app/.nuxt/
@@ -25,7 +25,7 @@ services:
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
-      # - NET_RAW # ⚠️ Uncomment if using Podman Compose
+      # - NET_RAW # ⚠️ Uncomment if using Podman
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1
@@ -0,0 +1,5 @@
+{
+    "tabWidth": 4,
+    "semi": true,
+    "singleQuote": true
+}
@@ -2,4 +2,42 @@
 title: API
 ---

-TODO
+/// warning | Breaking Changes
+
+This API is not yet stable and may change in the future. The API is currently in development and is subject to change without notice. The API is not yet documented, but we will add documentation as the API stabilizes.
+///
+
+You can use the API to interact with the application programmatically. The API is available at `/api` and supports both GET and POST requests. The API is designed to be simple and easy to use, with a focus on providing a consistent interface for all endpoints.
+
+There is no documentation for the API yet, but this will be added as the underlying library supports it.
+
+## Authentication
+
+To use the API, you need to authenticate using Basic Authentication. The username and password are the same as the ones you use to log in to the web application.
+If you use 2FA, the API will not work. You need to disable 2FA in the web application to use the API.
+
+### Authentication Example
+
+```python
+import requests
+from requests.auth import HTTPBasicAuth
+
+url = "https://example.com:51821/api/client"
+response = requests.get(url, auth=HTTPBasicAuth('username', 'password'))
+if response.status_code == 200:
+    data = response.json()
+    print(data)
+else:
+    print(f"Error: {response.status_code}")
+```
+
+## Endpoints
+
+The Endpoints are not yet documented. But as file-based routing is used, you can find the endpoints in the `src/server/api` folder. The method is defined in the file name.
+
+### Endpoints Example
+
+| File Name                        | Endpoint       | Method |
+| -------------------------------- | -------------- | ------ |
+| `src/server/api/client.get.ts`   | `/api/client`  | GET    |
+| `src/server/api/setup/2.post.ts` | `/api/setup/2` | POST   |
@@ -2,10 +2,21 @@
 title: Optional Configuration
 ---

-TODO
+You can set these environment variables to configure the container. They are not required, but can be useful in some cases.

 | Env            | Default   | Example     | Description                        |
-| ---------- | --------- | ----------- | ------------------------------ |
+| -------------- | --------- | ----------- | ---------------------------------- |
 | `PORT`         | `51821`   | `6789`      | TCP port for Web UI.               |
 | `HOST`         | `0.0.0.0` | `localhost` | IP address web UI binds to.        |
 | `INSECURE`     | `false`   | `true`      | If access over http is allowed     |
+| `DISABLE_IPV6` | `false`   | `true`      | If IPv6 support should be disabled |
+
+/// note | IPv6 Caveats
+
+Disabling IPv6 will disable the creation of the default IPv6 firewall rules and won't add a IPv6 address to the interface and clients.
+
+You will however still see a IPv6 address in the Web UI, but it won't be used.
+
+This option can be removed in the future, as more devices support IPv6.
+
+///
@@ -26,7 +26,7 @@ If you want to skip the setup process, you have to configure group `1`

 /// note | Security

-The initial username and password is not checked for complexity. Make sure to set a long enough username and a secure password. Otherwise, the user won't be able to log in.
+The initial username and password is not checked for complexity. Make sure to set a long enough username and password. Otherwise, the user won't be able to log in.

-Its recommended to remove the variables after the setup is done to prevent the password from being exposed.
+It's recommended to remove the variables after the setup is done to prevent the password from being exposed.
 ///
@@ -2,6 +2,41 @@
 title: Prometheus
 ---

-TODO
+To monitor the WireGuard server, you can use [Prometheus](https://prometheus.io/) and [Grafana](https://grafana.com/). The container exposes a `/metrics/prometheus` endpoint that can be scraped by Prometheus.

-<!-- TOOD: add to docs: Grafana dashboard [21733](https://grafana.com/grafana/dashboards/21733-wireguard/) -->
+## Enable Prometheus
+
+To enable Prometheus metrics, go to Admin Panel > General and enable Prometheus.
+
+You can optionally set a Bearer Password for the metrics endpoints. This is useful if you want to expose the metrics endpoint to the internet.
+
+## Configure Prometheus
+
+You need to add a scrape config to your Prometheus configuration file. Here is an example:
+
+```yaml
+scrape_configs:
+    - job_name: 'wg-easy'
+      scrape_interval: 30s
+      metrics_path: /metrics/prometheus
+      static_configs:
+          - targets:
+                - 'localhost:51821'
+      authorization:
+          type: Bearer
+          credentials: 'SuperSecurePassword'
+```
+
+## Grafana Dashboard
+
+You can use the following Grafana dashboard to visualize the metrics:
+
+[![Grafana Dashboard](https://grafana.com/api/dashboards/21733/images/16863/image)](https://grafana.com/grafana/dashboards/21733-wireguard/)
+
+[21733](https://grafana.com/grafana/dashboards/21733-wireguard/)
+
+/// note | Unofficial
+
+The Grafana dashboard is not official and is not maintained by the `wg-easy` team. If you have any issues with the dashboard, please contact the author of the dashboard.
+See [#1299](https://github.com/wg-easy/wg-easy/pull/1299) for more information.
+///
@@ -6,22 +6,24 @@ This guide will help you migrate from `v14` to version `v15` of `wg-easy`.

 ## Changes

- This is a complete rewrite of the `wg-easy` project. Therefore the configuration files and the way you interact with the project have changed.
- If you use armv6 or armv7, you can't migrate to `v15` yet. We are working on it.
- If you are connecting to the web ui via HTTP, you need to set the `INSECURE` environment variable to `true` in the new container.
+- This is a complete rewrite of the `wg-easy` project, therefore the configuration files and the way you interact with the project have changed.
+- If you use armv6, you unfortunately won't be able to migrate to `v15`.
+- If you are connecting to the Web UI via HTTP, you need to set the `INSECURE` environment variable to `true` in the new container.

 ## Migration

 ### Backup

-Before you start the migration, make sure to backup your existing configuration files.
+Before you start the migration, make sure to back up your existing configuration files.

-Go into the Web Ui and click the Backup button, this should download a `wg0.json` file.
+Go into the Web UI and click the Backup button, this should download a `wg0.json` file.

 Or download the `wg0.json` file from your container volume to your pc.

 You will need this file for the migration

+You will also need to back up the old environment variables you set for the container, as they will not be automatically migrated.
+
 ### Remove old container

 1. Stop the running container
@@ -32,21 +34,25 @@ If you are using `docker run`
 docker stop wg-easy
 ```

-If you are using `docker-compose`
+If you are using `docker compose`

 ```shell
-docker-compose down
+docker compose down
 ```

 ### Start new container

 Follow the instructions in the [Getting Started][docs-getting-started] or [Basic Installation][docs-examples] guide to start the new container.

-In the setup wizard, select that you already already have a configuration file and upload the `wg0.json` file you downloaded in the backup step.
+In the setup wizard, select that you already have a configuration file and upload the `wg0.json` file you downloaded in the backup step.

 [docs-getting-started]: ../../getting-started.md
 [docs-examples]: ../../examples/tutorials/basic-installation.md

+### Environment Variables
+
+v15 does not use the same environment variables as v14, most of them have been moved to the Admin Panel in the Web UI.
+
 ### Done

 You have now successfully migrated to `v15` of `wg-easy`.
@@ -1,16 +0,0 @@
-{
-  "1": "Initial version. Enjoy!",
-  "2": "You can now rename a client & update the address. Enjoy!",
-  "3": "Many improvements and small changes. Enjoy!",
-  "4": "Now with pretty charts for client's network speed. Enjoy!",
-  "5": "Many small improvements & feature requests. Enjoy!",
-  "6": "Many small performance improvements & bug fixes. Enjoy!",
-  "7": "Improved the look & performance of the upload/download chart.",
-  "8": "Updated to Node.js v18.",
-  "9": "Fixed issue running on devices with older kernels.",
-  "10": "Added sessionless HTTP API auth & automatic dark mode.",
-  "11": "Multilanguage Support & various bugfixes.",
-  "12": "UI_TRAFFIC_STATS, Import json configurations with no PreShared-Key, allow clients with no privateKey & more.",
-  "13": "New framework (h3), UI_CHART_TYPE, some bugfixes & more.",
-  "14": "Home Assistent support, PASSWORD_HASH (inc. Helper), translation updates bugfixes & more."
-}
@@ -12,7 +12,7 @@ When refactoring, writing or altering files, adhere to these rules:

 ## Documentation

-Make sure to select `nightly` in the dropdown menu at the top. Navigate to the page you would like to edit and click the edit button in the top right. This allows you to make changes and create a pull-request.
+Make sure to select `edge` in the dropdown menu at the top. Navigate to the page you would like to edit and click the edit button in the top right. This allows you to make changes and create a pull-request.

 Alternatively you can make the changes locally. For that you'll need to have Docker installed. Run

@@ -24,9 +24,9 @@ Maintainers take the time to improve on this project and help by solving issues

 ### Filing a Bug Report

-Thank you for participating in this project and reporting a bug. wg-easy is a community-driven project, and each contribution counts!
+Thank you for participating in this project and reporting a bug. `wg-easy` is a community-driven project, and each contribution counts!

-Maintainers and moderators are volunteers. We greatly appreciate reports that take the time to provide detailed information via the template, enabling us to help you in the best and quickest way. Ignoring the template provided may seem easier, but discourages receiving any support (_via assignment of the label `meta/no template - no support`_).
+Maintainers and moderators are volunteers. We greatly appreciate reports that take the time to provide detailed information via the template, enabling us to help you in the best and quickest way. Ignoring the template provided may seem easier, but discourages receiving any support.

 Markdown formatting can be used in almost all text fields (_unless stated otherwise in the description_).

@@ -50,7 +50,7 @@ The development workflow is the following:
 3. Document your improvements if necessary
 4. [Commit][commit] (and [sign your commit][gpg]), push and create a pull-request to merge into `master`. Please **use the pull-request template** to provide a minimum of contextual information and make sure to meet the requirements of the checklist.

-Pull requests are automatically tested against the CI and will be reviewed when tests pass. When your changes are validated, your branch is merged. CI builds the new `:nightly` image every night and your changes will be includes in the next version release.
+Pull requests are automatically tested against the CI and will be reviewed when tests pass. When your changes are validated, your branch is merged. CI builds the new `:edge` image on every push to the `master` branch and your changes will be included in the next version release.

 [docs-latest]: https://wg-easy.github.io/wg-easy/latest
 [github-file-readme]: https://github.com/wg-easy/wg-easy/blob/master/README.md
@@ -0,0 +1,27 @@
+---
+title: Translation
+---
+
+This project supports multiple languages. If you would like to contribute a translation, please follow these steps:
+
+## Add new Translation
+
+Create a new file in `src/i18n/locales`. Name it `<locale_code>.json` (e.g. `fr.json` for French).
+
+Import and add the newly created file in `src/i18n/i18n.config.ts`.
+
+Add your language in the `src/nuxt.config.ts` file. You have to specify code, language and name.
+
+`code` is the name of the translation file without the extension (e.g. `fr` for `fr.json`).
+
+`language` is the BCP 47 language tag with region (e.g. `fr-FR` for French). See [www.lingoes.net](http://www.lingoes.net/en/translator/langcode.htm) for a list of language codes.
+
+`name` is the display name of the language (e.g. `Français` for French).
+
+## Update existing Translation
+
+If you need to update an existing translation, simply edit the corresponding `<locale_code>.json` file in `src/i18n/locales`.
+
+## Contribute changes
+
+See [Pull Requests](./issues-and-pull-requests.md#pull-requests) on how to contribute your translation.
@@ -2,4 +2,8 @@
 title: AdGuard Home
 ---

-TODO
+It seems like the Docs on how to setup AdGuard Home are not available yet.
+
+Feel free to create a PR and add them here.
+
+<!-- TODO -->
@@ -6,11 +6,49 @@ title: Auto Updates

 With Docker Compose `wg-easy` can be updated with a single command:

-Replace `$DIR` with the directory where your `docker-compose.yml` is located.
+```shell
+cd /etc/docker/containers/wg-easy
+sudo docker compose up -d --pull always
+```
+
+### Watchtower
+
+If you want the updates to be fully automatic you can install Watchtower. This will check for updates every day at 4:00 AM and update the container if a new version is available.
+
+File: `/etc/docker/containers/watchtower/docker-compose.yml`
+
+```yaml
+services:
+    watchtower:
+        image: containrrr/watchtower:latest
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+        env_file:
+            - watchtower.env
+        restart: unless-stopped
+```
+
+File: `/etc/docker/containers/watchtower/watchtower.env`
+
+```env
+WATCHTOWER_CLEANUP=true
+WATCHTOWER_SCHEDULE=0 0 4 * * *
+TZ=Europe/Berlin
+
+# Email
+# WATCHTOWER_NOTIFICATIONS_LEVEL=info
+# WATCHTOWER_NOTIFICATIONS=email
+# WATCHTOWER_NOTIFICATION_EMAIL_FROM=mail@example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_TO=mail@example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER=smtp.example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_USER=mail@example.com
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD="SuperSecurePassword"
+# WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PORT=587
+```

 ```shell
-cd $DIR
-sudo docker compose up -d --pull always
+cd /etc/docker/containers/watchtower
+sudo docker compose up -d
 ```

 ## Docker Run
@@ -8,7 +8,7 @@ title: Basic Installation

 1. You need to have a host that you can manage
 2. You need to have a domain name or a public IP address
-3. You need a supported architecture (x86_64, arm64)
+3. You need a supported architecture (x86_64, arm64, armv7)
 4. You need curl installed on your host

 ## Install Docker
@@ -20,20 +20,20 @@ Follow the Docs here: <https://docs.docker.com/engine/install/> and install Dock
 1. Create a directory for the configuration files (you can choose any directory you like):

    ```shell
-   DIR=/docker/wg-easy
-   sudo mkdir -p $DIR
+    sudo mkdir -p /etc/docker/containers/wg-easy
    ```

 2. Download docker compose file

    ```shell
-   sudo curl -o $DIR/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
+    sudo curl -o /etc/docker/containers/wg-easy/docker-compose.yml https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml
    ```

 3. Start `wg-easy`

    ```shell
-    sudo docker-compose -f $DIR/docker-compose.yml up -d
+     cd /etc/docker/containers/wg-easy
+     sudo docker compose up -d
    ```

 ## Setup Firewall
@@ -41,27 +41,23 @@ Follow the Docs here: <https://docs.docker.com/engine/install/> and install Dock
 If you are using a firewall, you need to open the following ports:

 - UDP 51820 (WireGuard)
- TCP 51821 (Web UI)

 These ports can be changed, so if you change them you have to update your firewall rules accordingly.

 ## Setup Reverse Proxy

-TODO
-
-## Access the Web UI
-
-Open your browser and navigate to `https://<your-domain>:51821` or `https://<your-ip>:51821`.
-
-Follow the instructions to set up your WireGuard VPN.
+- To setup traefik follow the instructions here: [Traefik](./traefik.md)
+- To setup caddy follow the instructions here: [Caddy](./caddy.md)
+- If you do not want to use a reverse proxy follow the instructions here: [No Reverse Proxy](./reverse-proxyless.md)

 ## Update `wg-easy`

 To update `wg-easy` to the latest version, run:

 ```shell
-sudo docker-compose -f $DIR/docker-compose.yml pull
-sudo docker-compose -f $DIR/docker-compose.yml up -d
+cd /etc/docker/containers/wg-easy
+sudo docker compose pull
+sudo docker compose up -d
 ```

 ## Auto Update
@@ -2,4 +2,101 @@
 title: Caddy
 ---

-TODO
+/// note | Opinionated
+
+This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
+///
+
+We're using [Caddy](https://caddyserver.com/) here as reserve proxy to serve `wg-easy` on [https://wg-easy.example.com](https://wg-easy.example.com) via TLS.
+
+## Create a docker composition for `caddy`
+
+```txt
+.
+├── compose.yml
+└── Caddyfile
+
+1 directory, 2 files
+```
+
+```yaml
+# compose.yml
+
+services:
+    caddy:
+        container_name: caddy
+        image: caddy:2.10.0-alpine
+        # publish everything you deem necessary
+        ports:
+            - '80:80/tcp'
+            - '443:443/tcp'
+            - '443:443/udp'
+        networks:
+            - caddy
+        restart: unless-stopped
+        volumes:
+            - './Caddyfile:/etc/caddy/Caddyfile:ro'
+            - config:/config
+            - data:/data
+
+networks:
+    caddy:
+        name: caddy
+
+volumes:
+    config:
+    data:
+```
+
+```txt
+# Caddyfile
+
+{
+        # setup your email address
+        email mail@example.com
+}
+
+wg-easy.example.com {
+        # since the container will share the network with wg-easy
+        # we can use the proper container name
+        reverse_proxy wg-easy:80
+        tls internal
+}
+```
+
+...and start it with:
+
+```shell
+sudo docker compose up -d
+```
+
+## Adapt the docker composition of `wg-easy`
+
+```yaml
+services:
+  wg-easy:
+    # sync container name and port according to Caddyfile
+    container_name: wg-easy
+    environment:
+      - PORT=80
+    # no need to publish the HTTP server anymore
+    ports:
+      - "51820:51820/udp"
+    # add to caddy network
+    networks:
+      caddy:
+    ...
+
+networks:
+  caddy:
+    external: true
+  ...
+```
+
+...and restart it with:
+
+```shell
+sudo docker compose up -d
+```
+
+You can now access `wg-easy` at [https://wg-easy.example.com](https://wg-easy.example.com) and start the setup.
@@ -5,7 +5,7 @@ title: Docker Run
 To setup the IPv6 Network, simply run once:

 ```shell
-  docker network create \
+docker network create \
  -d bridge --ipv6 \
  -d default \
  --subnet 10.42.42.0/24 \
@@ -14,10 +14,10 @@ To setup the IPv6 Network, simply run once:

 <!-- ref: major version -->

-To automatically install & run ``wg-easy, simply run:
+To automatically install & run `wg-easy`, simply run:

 ```shell
-  docker run -d \
+docker run -d \
  --net wg \
  -e INSECURE=true \
  --name wg-easy \
@@ -38,6 +38,4 @@ To automatically install & run ``wg-easy, simply run:
  ghcr.io/wg-easy/wg-easy:15
 ```

-The Web UI will now be available on `http://0.0.0.0:51821`.
-
-> 💡 Your configuration files will be saved in `~/.wg-easy`
+The Web UI will now be available at <http://0.0.0.0:51821>.
@@ -2,4 +2,6 @@
 title: Without Docker
 ---

-TODO
+This is currently not yet supported.
+
+<!-- TODO -->
@@ -1,5 +0,0 @@
---
-title: NGINX
---
-
-TODO
@@ -1,5 +1,5 @@
 ---
-title: Podman
+title: Podman + nftables
 ---

 This guide will show you how to run `wg-easy` with rootful Podman and nftables.
@@ -88,7 +88,7 @@ In the Admin Panel of your WireGuard server, go to the `Hooks` tab and add the f
 1. PostUp

    ```shell
-   apk add nftables; nft add table inet wg_table; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy drop \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy drop \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
+    nft add table inet wg_table; nft add chain inet wg_table prerouting { type nat hook prerouting priority 100 \; }; nft add chain inet wg_table postrouting { type nat hook postrouting priority 100 \; }; nft add rule inet wg_table postrouting ip saddr {{ipv4Cidr}} oifname {{device}} masquerade; nft add rule inet wg_table postrouting ip6 saddr {{ipv6Cidr}} oifname {{device}} masquerade; nft add chain inet wg_table input { type filter hook input priority 0 \; policy accept \; }; nft add rule inet wg_table input udp dport {{port}} accept; nft add rule inet wg_table input tcp dport {{uiPort}} accept; nft add chain inet wg_table forward { type filter hook forward priority 0 \; policy accept \; }; nft add rule inet wg_table forward iifname "wg0" accept; nft add rule inet wg_table forward oifname "wg0" accept;
    ```

 2. PostDown
@@ -106,8 +106,3 @@ Restart the container to apply the new hooks:
 ```shell
 sudo systemctl restart wg-easy
 ```
-
-<!--
-TODO: improve docs after better nftables support
-TODO: fix accept web ui port
-->
@@ -0,0 +1,29 @@
+---
+title: No Reverse Proxy
+---
+
+/// warning | Insecure
+
+This is insecure. You should use a reverse proxy to secure the connection.
+
+Only use this method if you know what you are doing.
+///
+
+If you only allow access to the web UI from your local network, you can skip the reverse proxy setup. This is not recommended, but it is possible.
+
+## Setup
+
+- Edit the `docker-compose.yml` file and uncomment `environment` and `INSECURE`
+
+- Set `INSECURE` to `true` to allow access to the web UI over a non-secure connection.
+
+- The `docker-compose.yml` file should look something like this:
+
+    ```yaml
+    environment:
+        - INSECURE=true
+    ```
+
+- Save the file and restart `wg-easy`.
+
+- Make sure that the Web UI is not accessible from outside your local network.
@@ -2,4 +2,183 @@
 title: Traefik
 ---

-TODO
+/// note | Opinionated
+
+This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
+///
+
+## Create docker compose project
+
+```shell
+sudo mkdir -p /etc/docker/containers/traefik
+cd /etc/docker/containers/traefik
+```
+
+## Create docker compose file
+
+File: `/etc/docker/containers/traefik/docker-compose.yml`
+
+```yaml
+services:
+    traefik:
+        image: traefik:3.3
+        container_name: traefik
+        restart: unless-stopped
+        ports:
+            - '80:80'
+            - '443:443/tcp'
+            - '443:443/udp'
+        volumes:
+            - /var/run/docker.sock:/var/run/docker.sock
+            - /etc/docker/volumes/traefik/traefik.yml:/traefik.yml:ro
+            - /etc/docker/volumes/traefik/traefik_dynamic.yml:/traefik_dynamic.yml:ro
+            - /etc/docker/volumes/traefik/acme.json:/acme.json
+        networks:
+            - traefik
+
+networks:
+    traefik:
+        external: true
+```
+
+## Create traefik.yml
+
+File: `/etc/docker/volumes/traefik/traefik.yml`
+
+```yaml
+log:
+    level: INFO
+
+entryPoints:
+    web:
+        address: ':80/tcp'
+        http:
+            redirections:
+                entryPoint:
+                    to: websecure
+                    scheme: https
+    websecure:
+        address: ':443/tcp'
+        http:
+            middlewares:
+                - compress@file
+                - hsts@file
+            tls:
+                certResolver: letsencrypt
+        http3: {}
+
+api:
+    dashboard: true
+
+certificatesResolvers:
+    letsencrypt:
+        acme:
+            email: $mail@example.com$
+            storage: acme.json
+            httpChallenge:
+                entryPoint: web
+
+providers:
+    docker:
+        watch: true
+        network: traefik
+        exposedByDefault: false
+    file:
+        filename: traefik_dynamic.yml
+
+serversTransport:
+    insecureSkipVerify: true
+```
+
+## Create traefik_dynamic.yml
+
+File: `/etc/docker/volumes/traefik/traefik_dynamic.yml`
+
+```yaml
+http:
+    middlewares:
+        services:
+            basicAuth:
+                users:
+                    - '$username$:$password$'
+        compress:
+            compress: {}
+        hsts:
+            headers:
+                stsSeconds: 2592000
+    routers:
+        api:
+            rule: Host(`traefik.$example.com$`)
+            entrypoints:
+                - websecure
+            middlewares:
+                - services
+            service: api@internal
+
+tls:
+    options:
+        default:
+            cipherSuites:
+                - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+                - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+                - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+            sniStrict: true
+```
+
+## Create acme.json
+
+```shell
+sudo touch /etc/docker/volumes/traefik/acme.json
+sudo chmod 600 /etc/docker/volumes/traefik/acme.json
+```
+
+## Create network
+
+```shell
+sudo docker network create traefik
+```
+
+## Start traefik
+
+```shell
+sudo docker compose up -d
+```
+
+You can no access the Traefik dashboard at `https://traefik.$example.com$` with the credentials you set in `traefik_dynamic.yml`.
+
+## Add Labels to `wg-easy`
+
+To add labels to your `wg-easy` service, you can add the following to your `docker-compose.yml` file:
+
+File: `/etc/docker/containers/wg-easy/docker-compose.yml`
+
+```yaml
+services:
+  wg-easy:
+    ...
+    container_name: wg-easy
+    networks:
+      ...
+      traefik: {}
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.wg-easy.rule=Host(`wg-easy.$example.com$`)"
+      - "traefik.http.routers.wg-easy.entrypoints=websecure"
+      - "traefik.http.routers.wg-easy.service=wg-easy"
+      - "traefik.http.services.wg-easy.loadbalancer.server.port=51821"
+    ...
+
+networks:
+  ...
+  traefik:
+    external: true
+```
+
+## Restart `wg-easy`
+
+```shell
+cd /etc/docker/containers/wg-easy
+sudo docker compose up -d
+```
+
+You can now access `wg-easy` at `https://wg-easy.$example.com$` and start the setup.
@@ -0,0 +1,97 @@
+---
+title: FAQ
+hide:
+    - navigation
+---
+
+Here are some frequently asked questions or errors about `wg-easy`. If you have a question that is not answered here, please feel free to open a discussion on GitHub.
+
+## Error: WireGuard exited with the error: Cannot find device "wg0"
+
+This error indicates that the WireGuard interface `wg0` does not exist. This can happen if the WireGuard kernel module is not loaded or if the interface was not created properly.
+
+To resolve this issue, you can try the following steps:
+
+1. **Load the WireGuard kernel module**: If the WireGuard kernel module is not loaded, you can load it manually by running:
+
+    ```shell
+    sudo modprobe wireguard
+    ```
+
+2. **Load the WireGuard kernel module on boot**: If you want to ensure that the WireGuard kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
+
+    ```shell
+    echo "wireguard" | sudo tee -a /etc/modules
+    ```
+
+## can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
+
+This error indicates that the `nat` table in `iptables` does not exist. This can happen if the `iptables` kernel module is not loaded or if the `nat` table is not supported by your kernel.
+
+To resolve this issue, you can try the following steps:
+
+1. **Load the `nat` kernel module**: If the `nat` kernel module is not loaded, you can load it manually by running:
+
+    ```shell
+    sudo modprobe iptable_nat
+    ```
+
+2. **Load the `nat` kernel module on boot**: If you want to ensure that the `nat` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
+
+    ```shell
+     echo "iptable_nat" | sudo tee -a /etc/modules
+    ```
+
+## can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
+
+This error indicates that the `nat` table in `ip6tables` does not exist. This can happen if the `ip6tables` kernel module is not loaded or if the `nat` table is not supported by your kernel.
+
+To resolve this issue, you can try the following steps:
+
+1. **Load the `nat` kernel module**: If the `nat` kernel module is not loaded, you can load it manually by running:
+
+    ```shell
+    sudo modprobe ip6table_nat
+    ```
+
+2. **Load the `nat` kernel module on boot**: If you want to ensure that the `nat` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
+
+    ```shell
+     echo "ip6table_nat" | sudo tee -a /etc/modules
+    ```
+
+## can't initialize iptables table `filter': Permission denied
+
+This error indicates that the `filter` table in `iptables` cannot be initialized due to permission issues. This can happen if you are not running the command with sufficient privileges.
+
+To resolve this issue, you can try the following steps:
+
+1. **Load the `filter` kernel module**: If the `filter` kernel module is not loaded, you can load it manually by running:
+
+    ```shell
+    sudo modprobe iptable_filter
+    ```
+
+2. **Load the `filter` kernel module on boot**: If you want to ensure that the `filter` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
+
+    ```shell
+    echo "iptable_filter" | sudo tee -a /etc/modules
+    ```
+
+## can't initialize ip6tables table `filter': Permission denied
+
+This error indicates that the `filter` table in `ip6tables` cannot be initialized due to permission issues. This can happen if you are not running the command with sufficient privileges.
+
+To resolve this issue, you can try the following steps:
+
+1. **Load the `filter` kernel module**: If the `filter` kernel module is not loaded, you can load it manually by running:
+
+    ```shell
+    sudo modprobe ip6table_filter
+    ```
+
+2. **Load the `filter` kernel module on boot**: If you want to ensure that the `filter` kernel module is loaded automatically on boot, you can add it to the `/etc/modules` file:
+
+    ```shell
+     echo "ip6table_filter" | sudo tee -a /etc/modules
+    ```
@@ -4,7 +4,7 @@ hide:
    - navigation
 ---

-This page explains how to get started with wg-easy. The guide uses Docker Compose as a reference. In our examples, we mount the named volume `etc_wireguard` to `/etc/wireguard` inside the container.
+This page explains how to get started with `wg-easy`. The guide uses Docker Compose as a reference. In our examples, we mount the named volume `etc_wireguard` to `/etc/wireguard` inside the container.

 ## Preliminary Steps

@@ -12,7 +12,7 @@ Before you can get started with deploying your own VPN, there are some requireme

 1. You need to have a host that you can manage
 2. You need to have a domain name or a public IP address
-3. You need a supported architecture (x86_64, arm64)
+3. You need a supported architecture (x86_64, arm64, armv7)

 ### Host Setup

@@ -29,7 +29,7 @@ If you're using podman, make sure to read the related [documentation][docs-podma
 [docker-compose]: https://docs.docker.com/compose/
 [docker-compose-installation]: https://docs.docker.com/compose/install/
 [docker-compose-specification]: https://docs.docker.com/compose/compose-file/
-[docs-podman]: ./examples/tutorials/podman.md
+[docs-podman]: ./examples/tutorials/podman-nft.md

 ## Deploying the Actual Image

@@ -41,10 +41,16 @@ To understand which tags you should use, read this section carefully. [Our CI][g

 All workflows are using the tagging convention listed below. It is subsequently applied to all images.

-| Event                   | Image Tags                    |
-| ----------------------- | ----------------------------- |
-| `cron` on `master`      | `nightly`                     |
-| `push` a tag (`v1.2.3`) | `1.2.3`, `1.2`, `1`, `latest` |
+| tag           | Type                            | Example                                                       | Description                                                                   |
+| ------------- | ------------------------------- | ------------------------------------------------------------- | ----------------------------------------------------------------------------- |
+| `15`          | latest minor for that major tag | `ghcr.io/wg-easy/wg-easy:15`                                  | latest features for specific major versions, no breaking changes, recommended |
+| `latest`      | latest tag                      | `ghcr.io/wg-easy/wg-easy:latest` or `ghcr.io/wg-easy/wg-easy` | points to latest release, can include breaking changes                        |
+| `15.0`        | latest patch for that minor tag | `ghcr.io/wg-easy/wg-easy:15.0`                                | latest patches for specific minor version                                     |
+| `15.0.0`      | specific tag                    | `ghcr.io/wg-easy/wg-easy:15.0.0`                              | specific release, no updates                                                  |
+| `edge`        | push to `master`                | `ghcr.io/wg-easy/wg-easy:edge`                                | mostly unstable, gets frequent package and code updates                       |
+| `development` | pull requests                   | `ghcr.io/wg-easy/wg-easy:development`                         | used for development, testing code from PRs                                   |
+
+<!-- ref: major version -->

 When publishing a tag we follow the [Semantic Versioning][semver] specification. The `latest` tag is always pointing to the latest stable release. If you want to avoid breaking changes, use the major version tag (e.g. `15`).

@@ -52,41 +58,15 @@ When publishing a tag we follow the [Semantic Versioning][semver] specification.
 [ghcr-image]: https://github.com/wg-easy/wg-easy/pkgs/container/wg-easy
 [semver]: https://semver.org/

-### Get All Files
+### Follow tutorials

-Issue the following command to acquire the necessary file:
+- [Basic Installation with Docker Compose (Recommended)](./examples/tutorials/basic-installation.md)
+- [Simple Installation with Docker Run](./examples/tutorials/docker-run.md)
+- [Advanced Installation with Podman](./examples/tutorials/podman-nft.md)

-```shell
-wget "https://raw.githubusercontent.com/wg-easy/wg-easy/master/docker-compose.yml"
-```
-
-### Start the Container
-
-To start the container, issue the following command:
-
-```shell
-sudo docker compose up -d
-```
-
-### Configuration Steps
-
-Now follow the setup process in your web browser
-
-### Stopping the Container
-
-To stop the container, issue the following command:
-
-```shell
-sudo docker compose down
-```
-
-/// danger | Using the Correct Commands For Stopping and Starting wg-easy
+/// danger | Use the Correct Commands For Stopping and Starting `wg-easy`

 **Use `sudo docker compose up / down`, not `sudo docker compose start / stop`**. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.
 ///

 **That's it! It really is that easy**.
-
-If you need more help you can read the [Basic Installation Tutorial][basic-installation].
-
-[basic-installation]: ./examples/tutorials/basic-installation.md
@@ -0,0 +1,26 @@
+---
+title: 2FA
+---
+
+The user can enable 2FA from the Account page. The Account page is accessible from the dropdown menu in the top right corner of the application.
+
+## Enable TOTP
+
+- **Enable Two Factor Authentication**: Enable TOTP for the user.
+
+## Configure TOTP
+
+A QR code will be displayed. Scan the QR code with your TOTP application (e.g., Google Authenticator, Authy, etc.) to add the account.
+
+To verify that the TOTP key is working, the user must enter the TOTP code generated by the TOTP application.
+
+- **TOTP Key**: The TOTP key for the user. This key is used to generate the TOTP code.
+- **TOTP Code**: The current TOTP code for the user. This code is used to verify the TOTP key.
+- **Enable Two Factor Authentication**: Enable TOTP for the user.
+
+## Disable TOTP
+
+To disable TOTP, the user must enter the current password.
+
+- **Current Password**: The current password of the user.
+- **Disable Two Factor Authentication**: Disable TOTP for the user.
@@ -0,0 +1,5 @@
+---
+title: Admin Panel
+---
+
+TODO
@@ -0,0 +1,43 @@
+---
+title: CLI
+---
+
+If you want to use the CLI, you can run it with
+
+### Docker Compose
+
+```shell
+cd /etc/docker/containers/wg-easy
+docker compose exec -it wg-easy cli
+```
+
+### Docker Run
+
+```shell
+docker run --rm -it \
+    -v ~/.wg-easy:/etc/wireguard \
+    ghcr.io/wg-easy/wg-easy:15 \
+    cli
+```
+
+### Reset Password
+
+If you want to reset the password for the admin user, you can run the following command:
+
+#### By Prompt
+
+```shell
+cd /etc/docker/containers/wg-easy
+docker compose exec -it wg-easy cli db:admin:reset
+```
+
+You are asked to provide the new password
+
+#### By Argument
+
+```shell
+cd /etc/docker/containers/wg-easy
+docker compose exec -it wg-easy cli db:admin:reset --password <new_password>
+```
+
+This will reset the password for the admin user to the new password you provided. If you include special characters in the password, make sure to escape them properly.
@@ -0,0 +1,50 @@
+---
+title: Edit Client
+---
+
+## General
+
+- **Name**: The name of the client.
+- **Enabled**: Whether the client can connect to the VPN.
+- **Expire Date**: The date the client will be disabled.
+
+## Address
+
+- **IPv4**: The IPv4 address of the client.
+- **IPv6**: The IPv6 address of the client.
+
+## Allowed IPs
+
+Which IPs will be routed through the VPN.
+
+This will not prevent the user from modifying it locally and accessing IP ranges that they should not be able to access.
+
+Use firewall rules to prevent access to IP ranges that the user should not be able to access.
+
+## Server Allowed IPs
+
+Which IPs will be routed to the client.
+
+## DNS
+
+The DNS server that the client will use.
+
+## Advanced
+
+- **MTU**: The maximum transmission unit for the client.
+- **Persistent Keepalive**: The interval for sending keepalive packets to the server.
+
+## Hooks
+
+This can only be used for clients that use `wg-quick`. Setting this will throw a error when importing the config on other clients.
+
+- **PreUp**: Commands to run before the interface is brought up.
+- **PostUp**: Commands to run after the interface is brought up.
+- **PreDown**: Commands to run before the interface is brought down.
+- **PostDown**: Commands to run after the interface is brought down.
+
+## Actions
+
+- **Save**: Save the changes made in the form.
+- **Revert**: Revert the changes made in the form.
+- **Delete**: Delete the client.
@@ -0,0 +1,24 @@
+---
+title: Setup
+---
+
+## User Setup
+
+- **Username**: The username of the user.
+- **Password**: The password of the user.
+- **Confirm Password**: The password of the user.
+
+## Existing Setup
+
+If you have the config from the previous version, you can import it by clicking "Yes". This currently expects a config from v14.
+
+If this is the first time you are using this, you can click "No" to create a new config.
+
+### No - Host Setup
+
+- **Host**: The host of the server. The clients will connect to this address. This can be a domain name or an IP address. Make sure to wrap it in brackets if it is an IPv6 address. For example: `[::1]` or `[2001:db8::1]`.
+- **Port**: The port of the server. The clients will connect to this port. The server will listen on this port.
+
+### Yes - Migration
+
+Select the `wg0.json` file from the previous version. Read [Migrate from v14 to v15](../advanced/migrate/from-14-to-15.md) for more information.
@@ -11,7 +11,7 @@ hide:
 **Make sure** to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to the `:latest` image tag - [the most recent stable release][docs-tagging].
 ///

-This documentation provides you not only with the basic setup and configuration of wg-easy but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
+This documentation provides you not only with the basic setup and configuration of `wg-easy` but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.

 [docs-tagging]: ./getting-started.md#tagging-convention

@@ -1,6 +1,6 @@
-site_name: "wg-easy"
-site_description: "The easiest way to run WireGuard VPN + Web-based Admin UI."
-site_author: "WireGuard Easy"
+site_name: 'wg-easy'
+site_description: 'The easiest way to run WireGuard VPN + Web-based Admin UI.'
+site_author: 'WireGuard Easy'
 copyright: >
    <p>
    &copy <a href="https://github.com/wg-easy"><em>Wireguard Easy</em></a><br/>
@@ -12,9 +12,9 @@ copyright: >
 repo_url: https://github.com/wg-easy/wg-easy
 repo_name: wg-easy

-edit_uri: "edit/master/docs/content"
+edit_uri: 'edit/master/docs/content'

-docs_dir: "content/"
+docs_dir: 'content/'

 site_url: https://wg-easy.github.io/wg-easy

@@ -34,7 +34,7 @@ theme:
        - content.code.annotate
    palette:
        # Light mode
-    - media: "(prefers-color-scheme: light)"
+        - media: '(prefers-color-scheme: light)'
          scheme: default
          primary: grey
          accent: red
@@ -42,7 +42,7 @@ theme:
              icon: material/weather-night
              name: Switch to dark mode
        # Dark mode
-    - media: "(prefers-color-scheme: dark)"
+        - media: '(prefers-color-scheme: dark)'
          scheme: slate
          primary: grey
          accent: red
@@ -2,10 +2,15 @@
  "version": "1.0.0",
  "private": true,
  "scripts": {
-    "dev": "docker compose -f docker-compose.dev.yml up --build",
+    "dev": "docker compose -f docker-compose.dev.yml up wg-easy --build",
+    "cli:dev": "docker compose -f docker-compose.dev.yml run --build --rm -it wg-easy cli:dev",
    "build": "docker build -t wg-easy .",
    "docs:preview": "docker run --rm -it -p 8080:8080 -v ./docs:/docs squidfunk/mkdocs-material serve -a 0.0.0.0:8080",
-    "scripts:version": "bash scripts/version.sh"
+    "scripts:version": "bash scripts/version.sh",
+    "format:check:docs": "prettier --check docs"
  },
-  "packageManager": "pnpm@10.7.0"
+  "devDependencies": {
+    "prettier": "^3.6.2"
+  },
+  "packageManager": "pnpm@10.12.4"
 }
@@ -6,4 +6,19 @@ settings:

 importers:

-  .: {}
+  .:
+    devDependencies:
+      prettier:
+        specifier: ^3.6.2
+        version: 3.6.2
+
+packages:
+
+  prettier@3.6.2:
+    resolution: {integrity: sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ==}
+    engines: {node: '>=14'}
+    hasBin: true
+
+snapshots:
+
+  prettier@3.6.2: {}
@@ -1 +0,0 @@
-public-hoist-pattern[]=@libsql/linux*
@@ -10,12 +10,12 @@
    </template>
    <template #actions>
      <DialogClose as-child>
-        <BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
+        <BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
      </DialogClose>
      <DialogClose as-child>
-        <BaseButton @click="$emit('change', ipv4Cidr, ipv6Cidr)">
+        <BasePrimaryButton @click="$emit('change', ipv4Cidr, ipv6Cidr)">
          {{ $t('dialog.change') }}
-        </BaseButton>
+        </BasePrimaryButton>
      </DialogClose>
    </template>
  </BaseDialog>
@@ -7,12 +7,12 @@
    </template>
    <template #actions>
      <DialogClose as-child>
-        <BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
+        <BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
      </DialogClose>
      <DialogClose as-child>
-        <BaseButton @click="$emit('restart')">
+        <BasePrimaryButton @click="$emit('restart')">
          {{ $t('admin.interface.restart') }}
-        </BaseButton>
+        </BasePrimaryButton>
      </DialogClose>
    </template>
  </BaseDialog>
@@ -13,12 +13,12 @@
    </template>
    <template #actions>
      <DialogClose as-child>
-        <BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
+        <BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
      </DialogClose>
      <DialogClose as-child>
-        <BaseButton @click="$emit('change', selected)">
+        <BasePrimaryButton @click="$emit('change', selected)">
          {{ $t('dialog.change') }}
-        </BaseButton>
+        </BasePrimaryButton>
      </DialogClose>
    </template>
  </BaseDialog>
@@ -0,0 +1,26 @@
+<template>
+  <component
+    :is="elementType"
+    role="button"
+    class="inline-flex items-center rounded border-2 border-red-800 bg-red-800 px-4 py-2 text-white transition hover:border-red-600 hover:bg-red-600"
+    v-bind="attrs"
+  >
+    <slot />
+  </component>
+</template>
+
+<script setup lang="ts">
+const props = defineProps({
+  as: {
+    type: String,
+    default: 'button',
+  },
+});
+
+const elementType = computed(() => props.as);
+
+const attrs = computed(() => {
+  const { as, ...attrs } = props;
+  return attrs;
+});
+</script>
@@ -20,7 +20,7 @@ const props = defineProps({
 const elementType = computed(() => props.as);

 const attrs = computed(() => {
-  const { as, ...attrs } = props;
-  return attrs;
+  const { as, ...rest } = props;
+  return rest;
 });
 </script>
@@ -18,10 +18,12 @@
    </template>
    <template #actions>
      <DialogClose as-child>
-        <BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
+        <BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
      </DialogClose>
      <DialogClose as-child>
-        <BaseButton @click="createClient">{{ $t('client.create') }}</BaseButton>
+        <BasePrimaryButton @click="createClient">
+          {{ $t('client.create') }}
+        </BasePrimaryButton>
      </DialogClose>
    </template>
  </BaseDialog>
@@ -9,12 +9,12 @@
    </template>
    <template #actions>
      <DialogClose as-child>
-        <BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
+        <BasePrimaryButton>{{ $t('dialog.cancel') }}</BasePrimaryButton>
      </DialogClose>
      <DialogClose as-child>
-        <BaseButton @click="$emit('delete')">{{
-          $t('client.deleteClient')
-        }}</BaseButton>
+        <BaseSecondaryButton @click="$emit('delete')">
+          {{ $t('client.deleteClient') }}
+        </BaseSecondaryButton>
      </DialogClose>
    </template>
  </BaseDialog>
@@ -2,10 +2,10 @@
  <p class="m-10 text-center text-sm text-gray-400 dark:text-neutral-400">
    {{ $t('client.empty') }}<br /><br />
    <ClientsCreateDialog>
-      <BaseButton as="span">
+      <BaseSecondaryButton as="span">
        <IconsPlus class="w-4 md:mr-2" />
        <span class="text-sm">{{ $t('client.new') }}</span>
-      </BaseButton>
+      </BaseSecondaryButton>
    </ClientsCreateDialog>
  </p>
 </template>
@@ -1,8 +1,8 @@
 <template>
  <ClientsCreateDialog>
-    <BaseButton as="span">
+    <BaseSecondaryButton as="span">
      <IconsPlus class="w-4 md:mr-2" />
      <span class="text-sm max-md:hidden">{{ $t('client.newShort') }}</span>
-    </BaseButton>
+    </BaseSecondaryButton>
  </ClientsCreateDialog>
 </template>
@@ -4,11 +4,13 @@
      <slot />
    </template>
    <template #description>
+      <div class="bg-white">
        <img :src="qrCode" />
+      </div>
    </template>
    <template #actions>
      <DialogClose>
-        <BaseButton>{{ $t('dialog.cancel') }}</BaseButton>
+        <BaseSecondaryButton>{{ $t('dialog.cancel') }}</BaseSecondaryButton>
      </DialogClose>
    </template>
  </BaseDialog>
@@ -1,12 +1,12 @@
 <template>
-  <BaseButton @click="toggleSort">
+  <BasePrimaryButton @click="toggleSort">
    <IconsArrowDown
      v-if="globalStore.sortClient === true"
      class="w-4 md:mr-2"
    />
    <IconsArrowUp v-else class="w-4 md:mr-2" />
    <span class="text-sm max-md:hidden"> {{ $t('client.sort') }}</span>
-  </BaseButton>
+  </BasePrimaryButton>
 </template>

 <script setup lang="ts">
@@ -12,7 +12,7 @@
          class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
          @input="update($event, i)"
        />
-        <BaseButton
+        <BaseSecondaryButton
          as="input"
          type="button"
          class="rounded-lg"
@@ -22,7 +22,7 @@
      </div>
    </div>
    <div class="mt-2">
-      <BaseButton
+      <BasePrimaryButton
        as="input"
        type="button"
        class="rounded-lg"
@@ -7,7 +7,7 @@
      <IconsInfo class="size-4" />
    </BaseTooltip>
  </div>
-  <div class="flex">
+  <div class="flex gap-1">
    <BaseInput
      :id="id"
      v-model.trim="data"
@@ -18,12 +18,12 @@
    />
    <ClientOnly>
      <AdminSuggestDialog :url="url" @change="data = $event">
-        <BaseButton as="span">
+        <BasePrimaryButton as="span">
          <div class="flex items-center gap-3">
            <IconsSparkles class="w-4" />
            <span>{{ $t('admin.config.suggest') }}</span>
          </div>
-        </BaseButton>
+        </BasePrimaryButton>
      </AdminSuggestDialog>
    </ClientOnly>
  </div>
@@ -12,7 +12,7 @@
          class="rounded-lg border-2 border-gray-100 text-gray-500 focus:border-red-800 focus:outline-0 focus:ring-0 dark:border-neutral-800 dark:bg-neutral-700 dark:text-neutral-200 dark:placeholder:text-neutral-400"
          @input="update($event, i)"
        />
-        <BaseButton
+        <BaseSecondaryButton
          as="input"
          type="button"
          class="rounded-lg"
@@ -22,7 +22,7 @@
      </div>
    </div>
    <div class="mt-2">
-      <BaseButton
+      <BasePrimaryButton
        as="input"
        type="button"
        class="rounded-lg"
@@ -12,7 +12,7 @@
    v-model.trim="data"
    :name="id"
    type="text"
-    :autcomplete="autocomplete"
+    :autocomplete="autocomplete"
    :placeholder="placeholder"
  />
 </template>
@@ -0,0 +1,16 @@
+<template>
+  <input
+    :value="label"
+    :type="type ?? 'button'"
+    class="col-span-2 rounded-lg border-2 border-red-800 bg-red-800 py-2 text-white hover:border-red-600 hover:bg-red-600 focus:border-red-800 focus:outline-0 focus:ring-0"
+  />
+</template>
+
+<script lang="ts" setup>
+import type { InputTypeHTMLAttribute } from 'vue';
+
+defineProps<{
+  label: string;
+  type?: InputTypeHTMLAttribute;
+}>();
+</script>
@@ -12,7 +12,8 @@
    v-model.trim="data"
    :name="id"
    type="text"
-    :autcomplete="autocomplete"
+    :autocomplete="autocomplete"
+    :disabled="disabled"
  />
 </template>

@@ -22,6 +23,7 @@ defineProps<{
  label: string;
  description?: string;
  autocomplete?: string;
+  disabled?: boolean;
 }>();

 const data = defineModel<string>();
@@ -1,21 +1,42 @@
-import type { NitroFetchRequest, NitroFetchOptions } from 'nitropack/types';
+import type {
+  NitroFetchRequest,
+  NitroFetchOptions,
+  TypedInternalResponse,
+  ExtractedRouteMethod,
+} from 'nitropack/types';
 import { FetchError } from 'ofetch';

-type RevertFn = (success: boolean) => Promise<void>;
+type RevertFn<
+  R extends NitroFetchRequest,
+  T = unknown,
+  O extends NitroFetchOptions<R> = NitroFetchOptions<R>,
+> = (
+  success: boolean,
+  data:
+    | TypedInternalResponse<
+        R,
+        T,
+        NitroFetchOptions<R> extends O ? 'get' : ExtractedRouteMethod<R, O>
+      >
+    | undefined
+) => Promise<void>;

-type SubmitOpts = {
-  revert: RevertFn;
+type SubmitOpts<
+  R extends NitroFetchRequest,
+  T = unknown,
+  O extends NitroFetchOptions<R> = NitroFetchOptions<R>,
+> = {
+  revert: RevertFn<R, T, O>;
  successMsg?: string;
-  errorMsg?: string;
  noSuccessToast?: boolean;
 };

 export function useSubmit<
  R extends NitroFetchRequest,
  O extends NitroFetchOptions<R> & { body?: never },
->(url: R, options: O, opts: SubmitOpts) {
+  T = unknown,
+>(url: R, options: O, opts: SubmitOpts<R, T, O>) {
  const toast = useToast();
-  const { t: $t } = useI18n();

  return async (data: unknown) => {
    try {
@@ -24,11 +45,6 @@ export function useSubmit<
        body: data,
      });

-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      if (!(res as any).success) {
-        throw new Error(opts.errorMsg || $t('toast.errored'));
-      }
-
      if (!opts.noSuccessToast) {
        toast.showToast({
          type: 'success',
@@ -36,7 +52,8 @@ export function useSubmit<
        });
      }

-      await opts.revert(true);
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      await opts.revert(true, res as any);
    } catch (e) {
      if (e instanceof FetchError) {
        toast.showToast({
@@ -51,7 +68,7 @@ export function useSubmit<
      } else {
        console.error(e);
      }
-      await opts.revert(false);
+      await opts.revert(false, undefined);
    }
  };
 }
@@ -15,12 +15,12 @@
              :to="`/admin/${item.id}`"
              active-class="bg-red-800 rounded"
            >
-              <BaseButton
+              <BaseSecondaryButton
                as="span"
                class="w-full cursor-pointer rounded p-2 font-medium transition-colors duration-200 hover:bg-red-800 dark:text-neutral-200"
              >
                {{ item.name }}
-              </BaseButton>
+              </BaseSecondaryButton>
            </NuxtLink>
          </div>
        </div>
@@ -49,8 +49,8 @@
      </FormGroup>
      <FormGroup>
        <FormHeading>{{ $t('form.actions') }}</FormHeading>
-        <FormActionField type="submit" :label="$t('form.save')" />
-        <FormActionField :label="$t('form.revert')" @click="revert" />
+        <FormPrimaryActionField type="submit" :label="$t('form.save')" />
+        <FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
      </FormGroup>
    </FormElement>
  </main>
@@ -32,8 +32,8 @@
      </FormGroup>
      <FormGroup>
        <FormHeading>{{ $t('form.actions') }}</FormHeading>
-        <FormActionField type="submit" :label="$t('form.save')" />
-        <FormActionField :label="$t('form.revert')" @click="revert" />
+        <FormPrimaryActionField type="submit" :label="$t('form.save')" />
+        <FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
      </FormGroup>
    </FormElement>
  </main>
@@ -25,8 +25,8 @@
      </FormGroup>
      <FormGroup>
        <FormHeading>{{ $t('form.actions') }}</FormHeading>
-        <FormActionField type="submit" :label="$t('form.save')" />
-        <FormActionField :label="$t('form.revert')" @click="revert" />
+        <FormPrimaryActionField type="submit" :label="$t('form.save')" />
+        <FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
      </FormGroup>
    </FormElement>
  </main>
@@ -23,15 +23,15 @@
      </FormGroup>
      <FormGroup>
        <FormHeading>{{ $t('form.actions') }}</FormHeading>
-        <FormActionField type="submit" :label="$t('form.save')" />
-        <FormActionField :label="$t('form.revert')" @click="revert" />
+        <FormPrimaryActionField type="submit" :label="$t('form.save')" />
+        <FormSecondaryActionField :label="$t('form.revert')" @click="revert" />
        <AdminCidrDialog
          trigger-class="col-span-2"
          :ipv4-cidr="data.ipv4Cidr"
          :ipv6-cidr="data.ipv6Cidr"
          @change="changeCidr"
        >
-          <FormActionField
+          <FormSecondaryActionField
            :label="$t('admin.interface.changeCidr')"
            class="w-full"
            tabindex="-1"
@@ -41,7 +41,7 @@
          trigger-class="col-span-2"
          @restart="restartInterface"
        >
-          <FormActionField
+          <FormSecondaryActionField
            :label="$t('admin.interface.restart')"
            class="w-full"
            tabindex="-1"
@@ -86,7 +86,6 @@ const _changeCidr = useSubmit(
  {
    revert,
    successMsg: t('admin.interface.cidrSuccess'),
-    errorMsg: t('admin.interface.cidrError'),
  }
 );

@@ -102,7 +101,6 @@ const _restartInterface = useSubmit(
  {
    revert,
    successMsg: t('admin.interface.restartSuccess'),
-    errorMsg: t('admin.interface.restartError'),
  }
 );

@@ -107,14 +107,17 @@
          </FormGroup>
          <FormGroup>
            <FormHeading>{{ $t('form.actions') }}</FormHeading>
-            <FormActionField type="submit" :label="$t('form.save')" />
-            <FormActionField :label="$t('form.revert')" @click="revert" />
+            <FormPrimaryActionField type="submit" :label="$t('form.save')" />
+            <FormSecondaryActionField
+              :label="$t('form.revert')"
+              @click="revert"
+            />
            <ClientsDeleteDialog
              trigger-class="col-span-2"
              :client-name="data.name"
              @delete="deleteClient"
            >
-              <FormActionField
+              <FormSecondaryActionField
                label="Delete"
                class="w-full"
                type="button"
@@ -30,6 +30,18 @@
        autocomplete="current-password"
      />

+      <BaseInput
+        v-if="totpRequired"
+        v-model="totp"
+        type="text"
+        name="totp"
+        :placeholder="$t('general.2faCode')"
+        autocomplete="one-time-code"
+        inputmode="numeric"
+        maxlength="6"
+        pattern="\d{6}"
+      />
+
      <label
        class="flex gap-2 whitespace-nowrap"
        :title="$t('login.rememberMeDesc')"
@@ -58,10 +70,15 @@
 const authStore = useAuthStore();
 authStore.update();

+const toast = useToast();
+const { t } = useI18n();
+
 const authenticating = ref(false);
 const remember = ref(false);
-const username = ref<null | string>(null);
-const password = ref<null | string>(null);
+const username = ref<string>('');
+const password = ref<string>('');
+const totpRequired = ref(false);
+const totp = ref<string>('');

 const _submit = useSubmit(
  '/api/session',
@@ -69,13 +86,32 @@ const _submit = useSubmit(
    method: 'post',
  },
  {
-    revert: async (success) => {
-      authenticating.value = false;
-      password.value = null;
-
+    revert: async (success, data) => {
      if (success) {
+        if (data?.status === 'success') {
          await navigateTo('/');
+        } else if (data?.status === 'TOTP_REQUIRED') {
+          authenticating.value = false;
+          totpRequired.value = true;
+          toast.showToast({
+            title: t('general.2fa'),
+            message: t('login.2faRequired'),
+            type: 'error',
+          });
+          return;
+        } else if (data?.status === 'INVALID_TOTP_CODE') {
+          authenticating.value = false;
+          totp.value = '';
+          toast.showToast({
+            title: t('general.2fa'),
+            message: t('login.2faWrong'),
+            type: 'error',
+          });
+          return;
        }
+      }
+      authenticating.value = false;
+      password.value = '';
    },
    noSuccessToast: true,
  }
@@ -90,6 +126,7 @@ async function submit() {
    username: username.value,
    password: password.value,
    remember: remember.value,
+    totpCode: totpRequired.value ? totp.value : undefined,
  });
 }
 </script>
@@ -18,7 +18,7 @@
              v-model="email"
              :label="$t('user.email')"
            />
-            <FormActionField type="submit" :label="$t('form.save')" />
+            <FormSecondaryActionField type="submit" :label="$t('form.save')" />
          </FormGroup>
        </FormElement>
        <FormElement @submit.prevent="updatePassword">
@@ -42,18 +42,83 @@
              autocomplete="new-password"
              :label="$t('general.confirmPassword')"
            />
-            <FormActionField
+            <FormSecondaryActionField
              type="submit"
              :label="$t('general.updatePassword')"
            />
          </FormGroup>
        </FormElement>
+        <FormElement @submit.prevent>
+          <FormGroup>
+            <FormHeading>{{ $t('general.2fa') }}</FormHeading>
+            <div
+              v-if="!authStore.userData?.totpVerified && !twofa"
+              class="col-span-2 flex flex-col"
+            >
+              <FormSecondaryActionField
+                :label="$t('me.enable2fa')"
+                @click="setup2fa"
+              />
+            </div>
+            <div
+              v-if="!authStore.userData?.totpVerified && twofa"
+              class="col-span-2"
+            >
+              <p class="text-sm text-gray-500 dark:text-gray-400">
+                {{ $t('me.enable2faDesc') }}
+              </p>
+              <div class="mt-2 flex flex-col gap-2">
+                <img :src="twofa.qrcode" size="128" class="bg-white" />
+                <FormTextField
+                  id="2fakey"
+                  :model-value="twofa.key"
+                  :on-update:model-value="() => {}"
+                  :label="$t('me.2faKey')"
+                  :disabled="true"
+                />
+                <p class="text-sm text-gray-500 dark:text-gray-400">
+                  {{ $t('me.2faCodeDesc') }}
+                </p>
+                <FormTextField
+                  id="2facode"
+                  v-model="code"
+                  :label="$t('general.2faCode')"
+                />
+                <FormSecondaryActionField
+                  :label="$t('me.enable2fa')"
+                  @click="enable2fa"
+                />
+              </div>
+            </div>
+            <div
+              v-if="authStore.userData?.totpVerified"
+              class="col-span-2 flex flex-col gap-2"
+            >
+              <p class="text-sm text-gray-500 dark:text-gray-400">
+                {{ $t('me.disable2faDesc') }}
+              </p>
+              <FormPasswordField
+                id="2fapassword"
+                v-model="disable2faPassword"
+                :label="$t('me.currentPassword')"
+                type="password"
+                autocomplete="current-password"
+              />
+              <FormSecondaryActionField
+                :label="$t('me.disable2fa')"
+                @click="disable2fa"
+              />
+            </div>
+          </FormGroup>
+        </FormElement>
      </PanelBody>
    </Panel>
  </main>
 </template>

 <script setup lang="ts">
+import { encodeQR } from 'qr';
+
 const authStore = useAuthStore();
 authStore.update();

@@ -101,4 +166,81 @@ function updatePassword() {
    confirmPassword: confirmPassword.value,
  });
 }
+
+const twofa = ref<{ key: string; qrcode: string } | null>(null);
+
+const _setup2fa = useSubmit(
+  `/api/me/totp`,
+  {
+    method: 'post',
+  },
+  {
+    revert: async (success, data) => {
+      if (success && data?.type === 'setup') {
+        const qrcode = encodeQR(data.uri, 'svg', {
+          ecc: 'high',
+          scale: 4,
+          encoding: 'byte',
+        });
+        const svg = new Blob([qrcode], { type: 'image/svg+xml' });
+        twofa.value = { key: data.key, qrcode: URL.createObjectURL(svg) };
+      }
+    },
+  }
+);
+
+async function setup2fa() {
+  return _setup2fa({
+    type: 'setup',
+  });
+}
+
+const code = ref<string>('');
+
+const _enable2fa = useSubmit(
+  `/api/me/totp`,
+  {
+    method: 'post',
+  },
+  {
+    revert: async (success, data) => {
+      if (success && data?.type === 'created') {
+        authStore.update();
+        twofa.value = null;
+        code.value = '';
+      }
+    },
+  }
+);
+
+async function enable2fa() {
+  return _enable2fa({
+    type: 'create',
+    code: code.value,
+  });
+}
+
+const disable2faPassword = ref('');
+
+const _disable2fa = useSubmit(
+  `/api/me/totp`,
+  {
+    method: 'post',
+  },
+  {
+    revert: async (success, data) => {
+      if (success && data?.type === 'deleted') {
+        authStore.update();
+        disable2faPassword.value = '';
+      }
+    },
+  }
+);
+
+async function disable2fa() {
+  return _disable2fa({
+    type: 'delete',
+    currentPassword: disable2faPassword.value,
+  });
+}
 </script>
@@ -4,7 +4,9 @@
      {{ $t('setup.welcomeDesc') }}
    </p>
    <NuxtLink to="/setup/2" class="mt-8">
-      <BaseButton as="span">{{ $t('general.continue') }}</BaseButton>
+      <BasePrimaryButton as="span">
+        {{ $t('general.continue') }}
+      </BasePrimaryButton>
    </NuxtLink>
  </div>
 </template>
@@ -29,7 +29,9 @@
        />
      </div>
      <div class="mt-4 flex justify-center">
-        <BaseButton @click="submit">{{ $t('setup.createAccount') }}</BaseButton>
+        <BasePrimaryButton @click="submit">
+          {{ $t('setup.createAccount') }}
+        </BasePrimaryButton>
      </div>
    </div>
  </div>
@@ -5,14 +5,14 @@
    </p>
    <div class="mt-4 flex justify-center gap-3">
      <NuxtLink to="/setup/4" class="w-20">
-        <BaseButton as="span" class="w-full justify-center">
+        <BasePrimaryButton as="span" class="w-full justify-center">
          {{ $t('general.no') }}
-        </BaseButton>
+        </BasePrimaryButton>
      </NuxtLink>
      <NuxtLink to="/setup/migrate" class="w-20">
-        <BaseButton as="span" class="w-full justify-center">
+        <BaseSecondaryButton as="span" class="w-full justify-center">
          {{ $t('general.yes') }}
-        </BaseButton>
+        </BaseSecondaryButton>
      </NuxtLink>
    </div>
  </div>
@@ -23,7 +23,9 @@
        />
      </div>
      <div class="mt-4 flex justify-center">
-        <BaseButton @click="submit">{{ $t('general.continue') }}</BaseButton>
+        <BasePrimaryButton @click="submit">
+          {{ $t('general.continue') }}
+        </BasePrimaryButton>
      </div>
    </div>
  </div>
@@ -8,7 +8,9 @@
      <input id="migration" type="file" @change="onChangeFile" />
    </div>
    <div class="mt-4">
-      <BaseButton @click="submit">{{ $t('setup.upload') }}</BaseButton>
+      <BasePrimaryButton @click="submit">
+        {{ $t('setup.upload') }}
+      </BasePrimaryButton>
    </div>
  </div>
 </template>
@@ -2,7 +2,7 @@
  <div class="flex flex-col items-center">
    <p>{{ $t('setup.successful') }}</p>
    <NuxtLink to="/login" class="mt-4">
-      <BaseButton as="span">{{ $t('login.signIn') }}</BaseButton>
+      <BasePrimaryButton as="span">{{ $t('login.signIn') }}</BasePrimaryButton>
    </NuxtLink>
  </div>
 </template>
@@ -0,0 +1,25 @@
+// @ts-check
+
+import { fileURLToPath } from 'node:url';
+import esbuild from 'esbuild';
+
+esbuild.build({
+  entryPoints: [fileURLToPath(new URL('./index.ts', import.meta.url))],
+  bundle: true,
+  outfile: fileURLToPath(new URL('../.output/server/cli.mjs', import.meta.url)),
+  platform: 'node',
+  format: 'esm',
+  plugins: [
+    {
+      name: 'make-all-packages-external',
+      setup(build) {
+        let filter = /^[^./]|^\.[^./]|^\.\.[^/]/; // Must not start with "/" or "./" or "../"
+        build.onResolve({ filter }, (args) => ({
+          path: args.path,
+          external: true,
+        }));
+      },
+    },
+  ],
+  logLevel: 'info',
+});
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -e
+
+node /app/server/cli.mjs "$@"
@@ -0,0 +1,92 @@
+#!/usr/bin/env node
+
+// ! Auto Imports are not supported in this file
+
+import { drizzle } from 'drizzle-orm/libsql';
+import { createClient } from '@libsql/client';
+import { defineCommand, runMain } from 'citty';
+import { consola } from 'consola';
+import { eq } from 'drizzle-orm';
+
+import packageJson from '../package.json';
+import * as schema from '../server/database/schema';
+import { hashPassword } from '../server/utils/password';
+
+const client = createClient({ url: 'file:/etc/wireguard/wg-easy.db' });
+const db = drizzle({ client, schema });
+
+const dbAdminReset = defineCommand({
+  meta: {
+    name: 'db:admin:reset',
+    description: 'Reset the admin user',
+  },
+  args: {
+    password: {
+      type: 'string',
+      description: 'New password for the admin user',
+      required: false,
+    },
+  },
+  async run(ctx) {
+    let password = ctx.args.password || undefined;
+    if (!password) {
+      password = await consola.prompt('Please enter a new password:', {
+        type: 'text',
+      });
+    }
+    if (!password) {
+      consola.error('Password is required');
+      return;
+    }
+    if (password.length < 12) {
+      consola.error('Password must be at least 12 characters long');
+      return;
+    }
+    console.info('Setting new password for admin user...');
+    const hash = await hashPassword(password);
+
+    const user = await db.transaction(async (tx) => {
+      const user = await tx
+        .select()
+        .from(schema.user)
+        .where(eq(schema.user.id, 1))
+        .get();
+
+      if (!user) {
+        consola.error('Admin user not found');
+        return;
+      }
+
+      await tx
+        .update(schema.user)
+        .set({
+          password: hash,
+        })
+        .where(eq(schema.user.id, 1));
+
+      return user;
+    });
+
+    if (!user) {
+      consola.error('Failed to update admin user');
+      return;
+    }
+
+    consola.success(
+      `Successfully updated admin user ${user.id} (${user.username})`
+    );
+  },
+});
+
+const main = defineCommand({
+  meta: {
+    name: 'wg-easy',
+    version: packageJson.version,
+    description: 'Command Line Interface',
+  },
+  subCommands: {
+    'db:admin:reset': dbAdminReset,
+  },
+});
+
+runMain(main);
@@ -1,9 +1,19 @@
 import en from './locales/en.json';
+import uk from './locales/uk.json';
+import fr from './locales/fr.json';
+import de from './locales/de.json';
+import zhhk from './locales/zh-HK.json';
+import zhcn from './locales/zh-CN.json';

 export default defineI18nConfig(() => ({
  legacy: false,
  fallbackLocale: 'en',
  messages: {
    en,
+    uk,
+    fr,
+    de,
+    'zh-HK': zhhk,
+    'zh-CN': zhcn,
  },
 }));
@@ -0,0 +1,237 @@
+{
+  "pages": {
+    "me": "Konto",
+    "clients": "Clients",
+    "admin": {
+      "panel": "Admin-Konsole",
+      "general": "Allgemein",
+      "config": "Konfiguration",
+      "interface": "Oberfläche",
+      "hooks": "Hooks"
+    }
+  },
+  "user": {
+    "email": "Email"
+  },
+  "me": {
+    "currentPassword": "Aktuelles Passwort",
+    "enable2fa": "Zwei-Faktor-Authentifizierunng aktivieren",
+    "enable2faDesc": "Scannen Sie den QR-Code mit ihrer Authentifizierungs-App oder geben Sie den Schlüssel manuell ein.",
+    "2faKey": "TOTP-Schlüssel",
+    "2faCodeDesc": "Geben Sie den Code aus Ihrer Authentifizierungs-App ein.",
+    "disable2fa": "Zwei-Faktor-Authentifizierung deaktivieren",
+    "disable2faDesc": "Geben Sie Ihr Passwort ein, um die Zwei-Faktor-Authentifizierung zu deaktivieren."
+  },
+  "general": {
+    "name": "Name",
+    "username": "Benutzername",
+    "password": "Passwort",
+    "newPassword": "Neues Passwort",
+    "updatePassword": "Passwort aktualisieren",
+    "mtu": "MTU",
+    "allowedIps": "Erlaubte IP-Adressen",
+    "dns": "DNS",
+    "persistentKeepalive": "Dauerhaftes Keepalive",
+    "logout": "Abmelden",
+    "continue": "Weiter",
+    "host": "Host",
+    "port": "Port",
+    "yes": "Ja",
+    "no": "Nein",
+    "confirmPassword": "Passwort bestätigen",
+    "loading": "Laden...",
+    "2fa": "Zwei-Faktor-Authentifizierung",
+    "2faCode": "TOTP-Code"
+  },
+  "setup": {
+    "welcome": "Willkommen zur Ersteinrichtung von wg-easy",
+    "welcomeDesc": "Das ist der einfachste Weg, um Wireguard auf jedem Linux-Server zu installieren und zu betreiben.",
+    "existingSetup": "Haben Sie eine bestehende Einrichtung?",
+    "createAdminDesc": "Bitte geben Sie zuerst einen Admin-Benutzernamen sowie ein starkes, sicheres Passwort ein. Diese Anmeldedaten benötigen Sie, um sich im Admin-Panel anzumelden.",
+    "setupConfigDesc": "Bitte geben Sie die Host- und Portinformationen ein. Diese werden für die Client-Konfiguration verwendet, wenn Sie WireGuard auf Ihren Geräten einrichten.",
+    "setupMigrationDesc": "Bitte halten Sie die Sicherungsdatei bereit, wenn Sie Ihre Daten von Ihrer vorherigen wg-easy Version auf ihre neue Einrichtung migrieren möchten.",
+    "upload": "Hochladen",
+    "migration": "Sicherung wiederherstellen:",
+    "createAccount": "Konto erstellen",
+    "successful": "Einrichtung erfolgreich",
+    "hostDesc": "Öffentlicher Hostname mit dem sich die Clients verbinden",
+    "portDesc": "Öffentlicher UDP-Port an dem sich die Clients verbinden und auf dem Wireguard läuft"
+  },
+  "update": {
+    "updateAvailable": "Es ist ein neue Aktualisierung verfügbar!",
+    "update": "Aktualisieren"
+  },
+  "theme": {
+    "dark": "Dunkles Thema",
+    "light": "Helles Thema",
+    "system": "System-Thema"
+  },
+  "layout": {
+    "toggleCharts": "Statistiken ein-/ausblenden",
+    "donate": "Spenden"
+  },
+  "login": {
+    "signIn": "Anmelden",
+    "rememberMe": "Angemeldet bleiben",
+    "rememberMeDesc": "Bleiben Sie auch nach dem Schließen des Browsers angemeldet",
+    "insecure": "Sie können sich nicht über eine unsichere Verbindung anmelden. Bitte benutzen Sie HTTPS.",
+    "2faRequired": "Zwei-Faktor-Authentifizierung wird benötigt",
+    "2faWrong": "Zwei-Faktor-Authentifizierung ist fehlgeschlagen"
+  },
+  "client": {
+    "empty": "Es gibt noch keine Clients.",
+    "newShort": "Neu",
+    "sort": "Sortieren",
+    "create": "Client erstellen",
+    "created": "Client wurde erstellt",
+    "new": "Neuer client",
+    "name": "Name",
+    "expireDate": "Ablaufdatum",
+    "expireDateDesc": "Datum, an dem der Client deaktiviert wird. Leer lassen, damit dies nie passiert.",
+    "deleteClient": "Client löschen",
+    "deleteDialog1": "Sind Sie sicher, dass Sie diesen Client löschen wollen",
+    "deleteDialog2": "Diese Aktion kann nicht rückgängig gemacht werden.",
+    "enabled": "Aktiviert",
+    "address": "Adresse",
+    "serverAllowedIps": "serverseitig erlaubte IP-Adressen",
+    "otlDesc": "Einen kurzen Einmal-Link erzeugen",
+    "permanent": "Dauerhaft",
+    "createdOn": "Angelegt am ",
+    "lastSeen": "Zuletzt verbunden am ",
+    "totalDownload": "Gesamt-Download: ",
+    "totalUpload": "Gesamt-Upload: ",
+    "newClient": "Neuer Client",
+    "disableClient": "Client deaktivieren",
+    "enableClient": "Client aktivieren",
+    "noPrivKey": "Dieser Client hat keinen bekannten privaten Schlüssel, weshalb keine Konfiguration angelegt werden kann.",
+    "showQR": "QR-Code anzeigen",
+    "downloadConfig": "Konfiguration herunterladen",
+    "allowedIpsDesc": "Welche IP-Adressen durch das VPN geleitet werden (überschreibt die globale Konfiguration)",
+    "serverAllowedIpsDesc": "Welche IP-Adressen der Server zum Client leiten wird",
+    "mtuDesc": "Setzt die maximale Übertragungsgröße (Paketgröße) für den VPN-Tunnel",
+    "persistentKeepaliveDesc": "Legt das Intervall (in Sekunden) für Keepalive-Pakete fest. 0 deaktiviert es",
+    "hooks": "Hooks",
+    "hooksDescription": "Hooks funktionieren nur mit wg-quick",
+    "hooksLeaveEmpty": "Nur für wg-quick. Sonst leer lassen",
+    "dnsDesc": "DNS-Server, den die Clients benutzen (überschreibt die globale Konfiguration)"
+  },
+  "dialog": {
+    "change": "Ändern",
+    "cancel": "Abbrechen",
+    "create": "Erstellen"
+  },
+  "toast": {
+    "success": "Erfolg",
+    "saved": "Gespeichert",
+    "error": "Fehler"
+  },
+  "form": {
+    "actions": "Aktionen",
+    "save": "Speichern",
+    "revert": "Rückgängig machen",
+    "sectionGeneral": "Allgemein",
+    "sectionAdvanced": "Erweitert",
+    "noItems": "Keine Einträge",
+    "nullNoItems": "Keine Einträge. Die globale Konfiguration wird benutzt",
+    "add": "Hinzufügen"
+  },
+  "admin": {
+    "general": {
+      "sessionTimeout": "Sitzungszeitüberschreitung",
+      "sessionTimeoutDesc": "Sitzungsdauer für \"Angemeldet bleiben\" (Sekunden)",
+      "metrics": "Statistiken",
+      "metricsPassword": "Passwort",
+      "metricsPasswordDesc": "Bearer-Passwort für den Statistik-Endpunkt (Passwort oder Argon2-Hash)",
+      "json": "JSON",
+      "jsonDesc": "Pfad zu den Statistiken als JSON",
+      "prometheus": "Prometheus",
+      "prometheusDesc": "Pfad zu den Prometheus-Statistiken"
+    },
+    "config": {
+      "connection": "Verbindung",
+      "hostDesc": "Öffentlicher Hostname mit dem sich die Clients verbinden (überschreibt die Konfiguration)",
+      "portDesc": "Öffentlicher UDP-Port an dem sich die Clients verbinden (überschreibt die Konfiguration, vermutlich wollen Sie ebenfalls den Port der Weboberfläche ändern)",
+      "allowedIpsDesc": "Erlaubte IP-Adressen, die die Clients nutzen werden (Globale Konfiguration)",
+      "dnsDesc": "DNS-Server, den die Clients nutzen werden (Globale Konfiguration)",
+      "mtuDesc": "MTU, den die Clients benutzen werden (nur für neue Clients)",
+      "persistentKeepaliveDesc": "Intervall in Sekunden, in dem Keepalive-Packete an den Server gesendet werden. 0 = deaktiviert (nur für neue Clients)",
+      "suggest": "Vorschlagen",
+      "suggestDesc": "Wählen Sie eine IP-Adresse oder einen Hostnamen für das Host-Feld aus"
+    },
+    "interface": {
+      "cidrSuccess": "CIDR wurde geändert",
+      "device": "Gerät",
+      "deviceDesc": "Ethernet-Gerät, durch das der Wireguard-Datenverkehr geleitet werden soll",
+      "mtuDesc": "MTU, den WireGuard benutzen wird",
+      "portDesc": "UDP Port, auf dem WireGuard lauschen wird (Sie wollen wahrscheinlich auch den Config-Port ändern)",
+      "changeCidr": "CIDR ändern",
+      "restart": "Interface neu starten",
+      "restartDesc": "Das WireGuard-Interface neu starten",
+      "restartWarn": "Sind Sie sicher, dass Sie das Interface neu starten wollen? Dies wird die Verbindungen aller Clients trennen.",
+      "restartSuccess": "Interface neu gestartet"
+    },
+    "introText": "Willkommen in der Admin-Konsole.\n\nHier können Sie die allgemeinen Einstellungen, die Konfiguration, die Schnittstelleneinstellungen und die Hooks verwalten.\n\nBeginnen Sie, indem Sie einen der Bereiche in der Seitenleiste auswählen."
+  },
+  "zod": {
+    "generic": {
+      "required": "{0} ist erforderlich",
+      "validNumber": "{0} muss eine Zahl sein",
+      "validString": "{0} muss eine Zeichenkette sein",
+      "validBoolean": "{0} muss ein Wahrheitswert sein",
+      "validArray": "{0} muss eine Liste sein",
+      "stringMin": "{0} muss mindestens {1} Zeichen lang sein",
+      "numberMin": "{0} muss mindestens {1} sein"
+    },
+    "client": {
+      "id": "Client-ID",
+      "name": "Name",
+      "expiresAt": "Läuft ab am",
+      "address4": "IPv4-Adresse",
+      "address6": "IPv6-Adresse",
+      "serverAllowedIps": "serverseitig erlaubte IP-Adressen"
+    },
+    "user": {
+      "username": "Benutzername",
+      "password": "Passwort",
+      "remember": "Merken",
+      "name": "Name",
+      "email": "Email",
+      "emailInvalid": "Die Email-Adresse muss valide sein",
+      "passwordMatch": "Die Passwörter müssen übereinstimmen",
+      "totpEnable": "TOTP aktivieren",
+      "totpEnableTrue": "\"TOTP aktivieren\" muss ausgewählt sein",
+      "totpCode": "TOTP-Code"
+    },
+    "userConfig": {
+      "host": "Host"
+    },
+    "general": {
+      "sessionTimeout": "Sitzungszeitüberschreitung",
+      "metricsEnabled": "Statistiken",
+      "metricsPassword": "Passwort für Statistiken"
+    },
+    "interface": {
+      "cidr": "CIDR",
+      "device": "Geräte",
+      "cidrValid": "CIDR muss valide sein"
+    },
+    "otl": "Einmal-Link",
+    "stringMalformed": "Zeichenkette ist fehlerhaft",
+    "body": "Body muss ein gültiges Objekt sein",
+    "hook": "Hook",
+    "enabled": "Aktiviert",
+    "mtu": "MTU",
+    "port": "Port",
+    "persistentKeepalive": "Dauerhaftes Keepalive",
+    "address": "IP-Adresse",
+    "dns": "DNS",
+    "allowedIps": "Erlaubte IP-Adressen",
+    "file": "Datei"
+  },
+  "hooks": {
+    "preUp": "PreUp",
+    "postUp": "PostUp",
+    "preDown": "PreDown",
+    "postDown": "PostDown"
+  }
+}
@@ -14,7 +14,13 @@
    "email": "E-Mail"
  },
  "me": {
-    "currentPassword": "Current Password"
+    "currentPassword": "Current Password",
+    "enable2fa": "Enable Two Factor Authentication",
+    "enable2faDesc": "Scan the QR code with your authenticator app or enter the key manually.",
+    "2faKey": "TOTP Key",
+    "2faCodeDesc": "Enter the code from your authenticator app.",
+    "disable2fa": "Disable Two Factor Authentication",
+    "disable2faDesc": "Enter your password to disable Two Factor Authentication."
  },
  "general": {
    "name": "Name",
@@ -33,7 +39,9 @@
    "yes": "Yes",
    "no": "No",
    "confirmPassword": "Confirm Password",
-    "loading": "Loading..."
+    "loading": "Loading...",
+    "2fa": "Two Factor Authentication",
+    "2faCode": "TOTP Code"
  },
  "setup": {
    "welcome": "Welcome to your first setup of wg-easy",
@@ -66,11 +74,9 @@
    "signIn": "Sign In",
    "rememberMe": "Remember me",
    "rememberMeDesc": "Stay logged after closing the browser",
-    "insecure": "You can't log in with an insecure connection. Use HTTPS."
-  },
-  "error": {
-    "clear": "Clear",
-    "login": "Log in error"
+    "insecure": "You can't log in with an insecure connection. Use HTTPS.",
+    "2faRequired": "Two Factor Authentication is required",
+    "2faWrong": "Two Factor Authentication is wrong"
  },
  "client": {
    "empty": "There are no clients yet.",
@@ -117,8 +123,7 @@
  "toast": {
    "success": "Success",
    "saved": "Saved",
-    "error": "Error",
-    "errored": "Failed to save"
+    "error": "Error"
  },
  "form": {
    "actions": "Actions",
@@ -155,7 +160,6 @@
    },
    "interface": {
      "cidrSuccess": "Changed CIDR",
-      "cidrError": "Failed to change CIDR",
      "device": "Device",
      "deviceDesc": "Ethernet device the wireguard traffic should be forwarded through",
      "mtuDesc": "MTU WireGuard will use",
@@ -164,8 +168,7 @@
      "restart": "Restart Interface",
      "restartDesc": "Restart the WireGuard interface",
      "restartWarn": "Are you sure to restart the interface? This will disconnect all clients.",
-      "restartSuccess": "Interface restarted",
-      "restartError": "Failed to restart interface"
+      "restartSuccess": "Interface restarted"
    },
    "introText": "Welcome to the admin panel.\n\nHere you can manage the general settings, the configuration, the interface settings and the hooks.\n\nStart by choosing one of the sections in the sidebar."
  },
@@ -194,7 +197,10 @@
      "name": "Name",
      "email": "Email",
      "emailInvalid": "Email must be a valid email",
-      "passwordMatch": "Passwords must match"
+      "passwordMatch": "Passwords must match",
+      "totpEnable": "TOTP Enable",
+      "totpEnableTrue": "TOTP Enable must be true",
+      "totpCode": "TOTP Code"
    },
    "userConfig": {
      "host": "Host"
@@ -0,0 +1,237 @@
+{
+  "pages": {
+    "me": "Compte",
+    "clients": "Clients",
+    "admin": {
+      "panel": "Panel Admin",
+      "general": "Général",
+      "config": "Config",
+      "interface": "Interface",
+      "hooks": "Hooks"
+    }
+  },
+  "user": {
+    "email": "E-Mail"
+  },
+  "me": {
+    "currentPassword": "Mot de passe actuel",
+    "enable2fa": "Activer l'authentification à double facteur",
+    "enable2faDesc": "Scannez le code QR avec votre application d'authentification ou saisissez la clé manuellement.",
+    "2faKey": "Clé TOTP",
+    "2faCodeDesc": "Saisissez le code de votre application d'authentification.",
+    "disable2fa": "Désactiver l'authentification à double facteur",
+    "disable2faDesc": "Saisissez votre mot de passe pour désactiver l'authentification à double facteur"
+  },
+  "general": {
+    "name": "Nom",
+    "username": "Nom d'utilisateur",
+    "password": "Mot de passe",
+    "newPassword": "Nouveau mot de passe",
+    "updatePassword": "Mettre à jour le mot de passe",
+    "mtu": "MTU",
+    "allowedIps": "IPs autorisées",
+    "dns": "DNS",
+    "persistentKeepalive": "Keepalive persistant",
+    "logout": "Déconnexion",
+    "continue": "Continuer",
+    "host": "Hôte",
+    "port": "Port",
+    "yes": "Oui",
+    "no": "Non",
+    "confirmPassword": "Confirmer le mot de passe",
+    "loading": "Chargement...",
+    "2fa": "Authentification à double facteur",
+    "2faCode": "Code TOTP"
+  },
+  "setup": {
+    "welcome": "Bienvenue dans votre première installation de wg-easy",
+    "welcomeDesc": "Vous avez trouvé la façon la plus simple d'installer et de gérer WireGuard sur n'importe quel hôte Linux.",
+    "existingSetup": "Avez-vous une installation existante ?",
+    "createAdminDesc": "Veuillez d'abord saisir un nom d'utilisateur administrateur et un mot de passe sécurisé. Ces informations seront utilisées pour vous connecter à votre panel d'administration.",
+    "setupConfigDesc": "Veuillez saisir les informations relatives à l'hôte et au port. Ceci sera utilisé pour la configuration du client lors de la mise en place de WireGuard sur les appareils.",
+    "setupMigrationDesc": "Veuillez fournir le fichier de sauvegarde si vous souhaitez migrer vos données de la version précédente de wg-easy vers votre nouvelle installation.",
+    "upload": "Téléverser",
+    "migration": "Restaurer la sauvegarde:",
+    "createAccount": "Créer un compte",
+    "successful": "Installation réussie",
+    "hostDesc": "Nom d'hôte public auquel les clients se connecteront",
+    "portDesc": "Port UDP public auquel les clients se connecteront et sur lequel WireGuard écoutera"
+  },
+  "update": {
+    "updateAvailable": "Une mise à jour est disponible!",
+    "update": "Mise à jour"
+  },
+  "theme": {
+    "dark": "Thème sombre",
+    "light": "Thème clair",
+    "system": "Thème système"
+  },
+  "layout": {
+    "toggleCharts": "Afficher/masquer les graphiques",
+    "donate": "Donation"
+  },
+  "login": {
+    "signIn": "Se connecter",
+    "rememberMe": "Se souvenir de moi",
+    "rememberMeDesc": "Rester connecté après avoir fermé le navigateur",
+    "insecure": "Vous ne pouvez pas vous connecter avec une connexion non sécurisée. Utilisez HTTPS.",
+    "2faRequired": "Une authentification à double facteur est requise",
+    "2faWrong": "L'authentification à double facteur est incorrecte"
+  },
+  "client": {
+    "empty": "Il n'y a pas encore de clients.",
+    "newShort": "Nouveau",
+    "sort": "Trier",
+    "create": "Créer un client",
+    "created": "Client créé",
+    "new": "Nouveau client",
+    "name": "Nom",
+    "expireDate": "Date d'expiration",
+    "expireDateDesc": "Date à laquelle le client sera désactivé. Vide pour permanent",
+    "deleteClient": "Supprimer le client",
+    "deleteDialog1": "Êtes-vous sûr de vouloir supprimer",
+    "deleteDialog2": "Cette action ne peut être annulée.",
+    "enabled": "Activé",
+    "address": "Adresse",
+    "serverAllowedIps": "Serveur IPs autorisées",
+    "otlDesc": "Générer un lien court et unique",
+    "permanent": "Permanent",
+    "createdOn": "Créé le ",
+    "lastSeen": "Dernière visite le ",
+    "totalDownload": "Téléchargement total: ",
+    "totalUpload": "Téléversement total: ",
+    "newClient": "Nouveau client",
+    "disableClient": "Désactiver le client",
+    "enableClient": "Activer le client",
+    "noPrivKey": "Ce client n'a pas de clé privée connue. Impossible de créer une configuration.",
+    "showQR": "Afficher le code QR",
+    "downloadConfig": "Télécharger la configuration",
+    "allowedIpsDesc": "Quelles IPs seront acheminées par le VPN (remplace la configuration globale)",
+    "serverAllowedIpsDesc": "Les IPs que le serveur acheminera vers le client",
+    "mtuDesc": "Définit le nombre maximum d'unités de transmission (taille des paquets) pour le tunnel VPN.",
+    "persistentKeepaliveDesc": "Définit l'intervalle (en secondes) pour les paquets keep-alive. 0 le désactive",
+    "hooks": "Hooks",
+    "hooksDescription": "Les hooks ne fonctionnent qu'avec wg-quick",
+    "hooksLeaveEmpty": "Uniquement pour wg-quick. Sinon, laissez-le vide",
+    "dnsDesc": "Serveur DNS que les clients utiliseront (remplace la configuration globale)"
+  },
+  "dialog": {
+    "change": "Modifier",
+    "cancel": "Annuler",
+    "create": "Créer"
+  },
+  "toast": {
+    "success": "Réussite",
+    "saved": "Sauvegardé",
+    "error": "Erreur"
+  },
+  "form": {
+    "actions": "Actions",
+    "save": "Sauvegarder",
+    "revert": "Revenir en arrière",
+    "sectionGeneral": "Général",
+    "sectionAdvanced": "Avancé",
+    "noItems": "Aucun élément",
+    "nullNoItems": "Aucun élément. Utilisation de la configuration globale",
+    "add": "Ajouter"
+  },
+  "admin": {
+    "general": {
+      "sessionTimeout": "Délai d'expiration de la session",
+      "sessionTimeoutDesc": "Durée de la session pour Se souvenir de moi (secondes)",
+      "metrics": "Métriques",
+      "metricsPassword": "Mot de passe",
+      "metricsPasswordDesc": "Mot de passe Bearer pour le endpoint des métriques (mot de passe ou argon2 hash)",
+      "json": "JSON",
+      "jsonDesc": "Acheminement pour les métriques au format JSON",
+      "prometheus": "Prometheus",
+      "prometheusDesc": "Acheminement pour les métriques de Prometheus"
+    },
+    "config": {
+      "connection": "Connexion",
+      "hostDesc": "Nom d'hôte public auquel les clients se connecteront (invalide la configuration)",
+      "portDesc": "Port UDP public auquel les clients se connecteront (invalide la configuration, vous souhaiterez probablement modifier le port d'interface également)",
+      "allowedIpsDesc": "IPs autorisées que les clients utiliseront (configuration globale)",
+      "dnsDesc": "Serveur DNS que les clients utiliseront (configuration globale)",
+      "mtuDesc": "MTU que les clients utiliseront (uniquement pour les nouveaux clients)",
+      "persistentKeepaliveDesc": "Intervalle en secondes keepalives du serveur. 0 = désactivé (uniquement pour les nouveaux clients)",
+      "suggest": "Suggérer",
+      "suggestDesc": "Choisissez une adresse IP ou un nom d'hôte pour le champ Hôte."
+    },
+    "interface": {
+      "cidrSuccess": "CIDR modifié",
+      "device": "Périphérique",
+      "deviceDesc": "Périphérique Ethernet dans lequel le trafic wireguard sera transmis.",
+      "mtuDesc": "MTU que WireGuard utilisera",
+      "portDesc": "Port UDP sur lequel WireGuard écoutera (vous souhaiterez probablement changer le port de configuration aussi)",
+      "changeCidr": "Modifier CIDR",
+      "restart": "Redémarrer l'interface",
+      "restartDesc": "Redémarre l'interface WireGuard",
+      "restartWarn": "Êtes-vous sûr de redémarrer l'interface ? Cela déconnectera tous les clients.",
+      "restartSuccess": "Interface redémarrée"
+    },
+    "introText": "Bienvenue dans le panel d'administration.\n\nVous pouvez y gérer les paramètres généraux, la configuration, les paramètres de l'interface et les hooks.\n\nCommencez par choisir l'une des sections de la barre latérale."
+  },
+  "zod": {
+    "generic": {
+      "required": "{0} est requis",
+      "validNumber": "{0} doit être un nombre valide",
+      "validString": "{0} doit être une chaîne de caractères valide",
+      "validBoolean": "{0} doit être une variable valide",
+      "validArray": "{0} doit être un tableau valide",
+      "stringMin": "{0} doit être d'au moins {1} Caractère",
+      "numberMin": "{0} doit être d'au moins {1}"
+    },
+    "client": {
+      "id": "Client ID",
+      "name": "Nom",
+      "expiresAt": "Expire le",
+      "address4": "Adresse IPv4",
+      "address6": "Adresse IPv6",
+      "serverAllowedIps": "Serveur IPs autorisées"
+    },
+    "user": {
+      "username": "Nom d'utilisateur",
+      "password": "Mot de passe",
+      "remember": "Se souvenir",
+      "name": "Nom",
+      "email": "Email",
+      "emailInvalid": "L'email doit être valide",
+      "passwordMatch": "Les mots de passe doivent correspondre",
+      "totpEnable": "Activer TOTP",
+      "totpEnableTrue": "Activer TOTP doit être activé",
+      "totpCode": "Code TOTP"
+    },
+    "userConfig": {
+      "host": "Hôte"
+    },
+    "general": {
+      "sessionTimeout": "Délai d'expiration de la session",
+      "metricsEnabled": "Métriques",
+      "metricsPassword": "Mot de passe métriques"
+    },
+    "interface": {
+      "cidr": "CIDR",
+      "device": "Périphérique",
+      "cidrValid": "CIDR doit être valide"
+    },
+    "otl": "Lien unique",
+    "stringMalformed": "La chaîne est malformée",
+    "body": "Le corps doit être un objet valide",
+    "hook": "Hook",
+    "enabled": "Activé",
+    "mtu": "MTU",
+    "port": "Port",
+    "persistentKeepalive": "Keepalive persistant",
+    "address": "Adresse IP",
+    "dns": "DNS",
+    "allowedIps": "IPs autorisées",
+    "file": "Fichier"
+  },
+  "hooks": {
+    "preUp": "PreUp",
+    "postUp": "PostUp",
+    "preDown": "PreDown",
+    "postDown": "PostDown"
+  }
+}
@@ -0,0 +1,237 @@
+{
+  "pages": {
+    "me": "Обліковий запис",
+    "clients": "Клієнти",
+    "admin": {
+      "panel": "Панель адміністратора",
+      "general": "Загальні налаштування",
+      "config": "Конфігурація",
+      "interface": "Інтерфейс",
+      "hooks": "Hooks"
+    }
+  },
+  "user": {
+    "email": "Електронна пошта"
+  },
+  "me": {
+    "currentPassword": "Поточний пароль",
+    "enable2fa": "Увімкнути двофакторну автентифікацію",
+    "enable2faDesc": "Відскануйте QR-код за допомогою програми автентифікації або введіть ключ вручну.",
+    "2faKey": "TOTP Ключ",
+    "2faCodeDesc": "Введіть код з вашої програми автентифікатора.",
+    "disable2fa": "Вимкнути двофакторну автентифікацію",
+    "disable2faDesc": "Введіть свій пароль, щоб вимкнути двофакторну автентифікацію."
+  },
+  "general": {
+    "name": "Ім'я",
+    "username": "Ім'я користувача",
+    "password": "Пароль",
+    "newPassword": "Новий пароль",
+    "updatePassword": "Оновити пароль",
+    "mtu": "MTU",
+    "allowedIps": "Дозволені IP",
+    "dns": "DNS",
+    "persistentKeepalive": "Постійна підтримка активності",
+    "logout": "Вийти",
+    "continue": "Продовжити",
+    "host": "Хост",
+    "port": "Порт",
+    "yes": "Так",
+    "no": "Ні",
+    "confirmPassword": "Підтвердити пароль",
+    "loading": "Завантаження...",
+    "2fa": "Двофакторна автентифікація",
+    "2faCode": "TOTP код"
+  },
+  "setup": {
+    "welcome": "Ласкаво просимо до вашого першого налаштування wg-easy",
+    "welcomeDesc": "Ви знайшли найпростіший спосіб встановити та керувати WireGuard на будь-якому хості Linux",
+    "existingSetup": "Ви маєте існуючу конфігурацію?",
+    "createAdminDesc": "Спочатку введіть ім'я адміністратора та надійний пароль. Ці дані використовуватимуться для входу в панель адміністратора.",
+    "setupConfigDesc": "Введіть інформацію про хост і порт. Вона буде використана у конфігурації клієнта при налаштуванні WireGuard на їх пристроях.",
+    "setupMigrationDesc": "Будь ласка, надайте файл резервної копії, якщо ви хочете перенести дані з попередньої версії wg-easy до нової конфігурації.",
+    "upload": "Завантажити",
+    "migration": "Відновити резервну копію:",
+    "createAccount": "Створити обліковий запис",
+    "successful": "Налаштування успішне",
+    "hostDesc": "Публічне ім'я хоста для підключення клієнтів",
+    "portDesc": "Публічний UDP порт, на якому клієнти підключаються і який слухає WireGuard"
+  },
+  "update": {
+    "updateAvailable": "Доступне оновлення!",
+    "update": "Оновлення"
+  },
+  "theme": {
+    "dark": "Темна тема",
+    "light": "Світла тема",
+    "system": "Системна тема"
+  },
+  "layout": {
+    "toggleCharts": "Показати/приховати діаграми",
+    "donate": "Пожертвувати"
+  },
+  "login": {
+    "signIn": "Увійти",
+    "rememberMe": "Запам'ятай мене",
+    "rememberMeDesc": "Залишатися в системі після закриття браузера",
+    "insecure": "Ви не можете увійти через незахищене з'єднання. Використовуйте HTTPS.",
+    "2faRequired": "Потрібна двофакторна автентифікація",
+    "2faWrong": "Неправильний код двофакторної автентифікації"
+  },
+  "client": {
+    "empty": "Клієнтів поки немає.",
+    "newShort": "Новий",
+    "sort": "Сортувати",
+    "create": "Створити клієнта",
+    "created": "Клієнт створено",
+    "new": "Новий клієнт",
+    "name": "Ім'я",
+    "expireDate": "Термін дії",
+    "expireDateDesc": "Дата, коли клієнт буде відключений. Порожнє для постійного користування",
+    "deleteClient": "Видалити клієнта",
+    "deleteDialog1": "Ви впевнені, що бажаєте видалити",
+    "deleteDialog2": "Цю дію неможливо скасувати.",
+    "enabled": "Увімкнено",
+    "address": "Адреса",
+    "serverAllowedIps": "Дозволені IP-адреси сервера",
+    "otlDesc": "Створити коротке одноразове посилання",
+    "permanent": "Постійний",
+    "createdOn": "Створено ",
+    "lastSeen": "Останнє підключення в ",
+    "totalDownload": "Всього завантажено: ",
+    "totalUpload": "Всього відправлено: ",
+    "newClient": "Новий клієнт",
+    "disableClient": "Вимкнути клієнта",
+    "enableClient": "Увімкнути клієнта",
+    "noPrivKey": "У цього клієнта відсутній приватний ключ. Неможливо створити конфігурацію.",
+    "showQR": "Показати QR-код",
+    "downloadConfig": "Завантажити конфігурацію",
+    "allowedIpsDesc": "Які IP-адреси будуть маршрутизовані через VPN (перевизначає глобальну конфігурацію)",
+    "serverAllowedIpsDesc": "Які IP-адреси сервер буде перенаправляти до клієнта",
+    "mtuDesc": "Встановлює максимальний розмір пакета (одиницю передачі) для VPN-тунелю",
+    "persistentKeepaliveDesc": "Встановлює інтервал (у секундах) для пакетів keep-alive. 0 вимикає його",
+    "hooks": "Hooks",
+    "hooksDescription": "Hooks працюють лише з wg-quick",
+    "hooksLeaveEmpty": "Тільки для wg-quick. Інакше залиште порожнім",
+    "dnsDesc": "DNS сервер, який використовуватимуть клієнти (перевизначає глобальну конфігурацію)"
+  },
+  "dialog": {
+    "change": "Змінити",
+    "cancel": "Скасувати",
+    "create": "Створити"
+  },
+  "toast": {
+    "success": "Успіх",
+    "saved": "Збережено",
+    "error": "Помилка"
+  },
+  "form": {
+    "actions": "Дії",
+    "save": "Зберегти",
+    "revert": "Повернути",
+    "sectionGeneral": "Загальні",
+    "sectionAdvanced": "Додатково",
+    "noItems": "Немає елементів",
+    "nullNoItems": "Немає елементів. Використовується глобальна конфігурація",
+    "add": "Додати"
+  },
+  "admin": {
+    "general": {
+      "sessionTimeout": "Час очікування сеансу",
+      "sessionTimeoutDesc": "Тривалість сеансу для функції 'Запам'ятати мене' (секунди)",
+      "metrics": "Метрики",
+      "metricsPassword": "Пароль",
+      "metricsPasswordDesc": "Пароль Bearer для точки доступу метрик (пароль або хеш argon2)",
+      "json": "JSON",
+      "jsonDesc": "Маршрут для метрик у форматі JSON",
+      "prometheus": "Prometheus",
+      "prometheusDesc": "Маршрут для метрики Prometheus"
+    },
+    "config": {
+      "connection": "З'єднання",
+      "hostDesc": "Публічне ім'я хоста для підключення клієнтів (спрацьовує при зміні конфігурації)",
+      "portDesc": "Публічний UDP порт для підключення клієнтів (спрацьовує при зміні конфігурації, можливо, варто змінити порт інтерфейсу теж)",
+      "allowedIpsDesc": "Дозволені IP-адреси, які використовуватимуть клієнти (глобальна конфігурація)",
+      "dnsDesc": "DNS-сервера, який використовуватимуть клієнти (глобальну конфігурацію)",
+      "mtuDesc": "MTU, який використовуватимуть клієнти (лише для нових клієнтів)",
+      "persistentKeepaliveDesc": "Інтервал у секундах для надсилання keepalive на сервер. 0 = вимкнено (лише для нових клієнтів)",
+      "suggest": "Запропонувати",
+      "suggestDesc": "Виберіть IP-адресу або ім'я хоста для поля 'Хост'"
+    },
+    "interface": {
+      "cidrSuccess": "CIDR змінено",
+      "device": "Пристрій",
+      "deviceDesc": "Ethernet-пристрій, через який має проходити трафік WireGuard",
+      "mtuDesc": "MTU, яке використовуватиме WireGuard",
+      "portDesc": "UDP порт, який слухатиме WireGuard (ймовірно, варто змінити порт у конфігурації теж)",
+      "changeCidr": "Змінити CIDR",
+      "restart": "Перезавантажити інтерфейс",
+      "restartDesc": "Перезавантажити інтерфейс WireGuard",
+      "restartWarn": "Ви впевнені, що бажаєте перезавантажити інтерфейс? Це призведе до відключення всіх клієнтів.",
+      "restartSuccess": "Інтерфейс перезавантажено"
+    },
+    "introText": "Ласкаво просимо до панелі адміністратора.\n\nТут ви можете керувати загальними налаштуваннями, конфігурацією, налаштуваннями інтерфейсу та перехоплювачами.\n\nПочніть з вибору одного з розділів на боковій панелі."
+  },
+  "zod": {
+    "generic": {
+      "required": "{0} обов'язковий",
+      "validNumber": "{0} має бути дійсним числом",
+      "validString": "{0} має бути дійсним рядком",
+      "validBoolean": "{0} має бути дійсним логічним значенням",
+      "validArray": "{0} має бути дійсним масивом",
+      "stringMin": "{0} має містити щонайменше {1} символів",
+      "numberMin": "{0} має бути щонайменше {1}"
+    },
+    "client": {
+      "id": "Ідентифікатор клієнта",
+      "name": "Ім'я",
+      "expiresAt": "Термін дії закінчується о",
+      "address4": "IPv4-адреса",
+      "address6": "IPv6-адреса",
+      "serverAllowedIps": "Дозволені IP-адреси сервера"
+    },
+    "user": {
+      "username": "Ім'я користувача",
+      "password": "Пароль",
+      "remember": "Пам'ятати",
+      "name": "Ім'я",
+      "email": "Електронна пошта",
+      "emailInvalid": "Email має бути дійсною",
+      "passwordMatch": "Паролі мають збігатися",
+      "totpEnable": "Увімкнути TOTP",
+      "totpEnableTrue": "Увімкнення TOTP має бути true",
+      "totpCode": "TOTP Код"
+    },
+    "userConfig": {
+      "host": "Хост"
+    },
+    "general": {
+      "sessionTimeout": "Час очікування сеансу",
+      "metricsEnabled": "Метрики",
+      "metricsPassword": "Пароль метрик"
+    },
+    "interface": {
+      "cidr": "CIDR",
+      "device": "Пристрій",
+      "cidrValid": "CIDR має бути дійсним"
+    },
+    "otl": "Одноразове посилання",
+    "stringMalformed": "Рядок має неправильний формат",
+    "body": "Тіло має бути коректним об'єктом",
+    "hook": "Hook",
+    "enabled": "Увімкнено",
+    "mtu": "MTU",
+    "port": "Порт",
+    "persistentKeepalive": "Постійна підтримка активності",
+    "address": "IP-адреса",
+    "dns": "DNS",
+    "allowedIps": "Дозволені IP-адреси",
+    "file": "Файл"
+  },
+  "hooks": {
+    "preUp": "PreUp",
+    "postUp": "PostUp",
+    "preDown": "PreDown",
+    "postDown": "PostDown"
+  }
+}
@@ -0,0 +1,236 @@
+{
+  "pages": {
+    "me": "账户管理",
+    "clients": "客户端管理",
+    "admin": {
+      "panel": "管理面板",
+      "general": "通用设置",
+      "config": "网络配置",
+      "interface": "接口配置",
+      "hooks": "钩子脚本"
+    }
+  },
+  "user": {
+    "email": "电子邮箱"
+  },
+  "me": {
+    "currentPassword": "当前密码",
+    "enable2fa": "启用双重认证",
+    "enable2faDesc": "使用认证器应用扫描二维码或手动输入密钥进行配置",
+    "2faKey": "TOTP密钥",
+    "2faCodeDesc": "请输入您的认证器应用生成的验证码",
+    "disable2fa": "禁用双重认证",
+    "disable2faDesc": "您需要输入当前密码来禁用双重认证功能"
+  },
+  "general": {
+    "name": "名称",
+    "username": "用户名",
+    "password": "密码",
+    "newPassword": "新密码",
+    "updatePassword": "更新密码",
+    "mtu": "MTU",
+    "allowedIps": "允许的IP",
+    "dns": "DNS",
+    "persistentKeepalive": "保活间隔",
+    "logout": "注销登录",
+    "continue": "继续",
+    "host": "主机",
+    "port": "端口",
+    "yes": "是",
+    "no": "否",
+    "confirmPassword": "确认密码",
+    "loading": "加载中...",
+    "2fa": "双重认证",
+    "2faCode": "验证码"
+  },
+  "setup": {
+    "welcome": "欢迎使用wg-easy安装向导",
+    "welcomeDesc": "您正在使用最简单的WireGuard Linux主机安装和管理方案",
+    "existingSetup": "是否已有现有配置？",
+    "createAdminDesc": "请首先输入管理员用户名和强密码。这些信息将用于登录管理面板。",
+    "setupConfigDesc": "请输入服务器主机和端口信息。这些设置将用于客户端设备连接WireGuard时的配置。",
+    "setupMigrationDesc": "如果您希望从旧版wg-easy迁移数据到新安装，请提供备份文件。",
+    "upload": "上传文件",
+    "migration": "从备份恢复配置：",
+    "createAccount": "创建账户",
+    "successful": "安装配置成功",
+    "hostDesc": "客户端将连接到的公共主机名或IP地址",
+    "portDesc": "客户端将连接到的公共UDP端口，也是WireGuard服务监听的端口"
+  },
+  "update": {
+    "updateAvailable": "检测到可用更新！",
+    "update": "立即更新"
+  },
+  "theme": {
+    "dark": "深色模式",
+    "light": "浅色模式",
+    "system": "系统默认"
+  },
+  "layout": {
+    "toggleCharts": "显示/隐藏 流量图表",
+    "donate": "捐赠支持"
+  },
+  "login": {
+    "signIn": "登录系统",
+    "rememberMe": "记住我",
+    "rememberMeDesc": "关闭浏览器后保持登录状态",
+    "insecure": "无法通过不安全连接登录。请使用HTTPS。",
+    "2faRequired": "需要进行双重认证",
+    "2faWrong": "双重认证验证码错误"
+  },
+  "client": {
+    "empty": "当前没有客户端配置",
+    "newShort": "新建",
+    "sort": "排序",
+    "create": "创建客户端",
+    "created": "客户端创建成功",
+    "new": "新建客户端",
+    "name": "客户端名称",
+    "expireDate": "过期日期",
+    "expireDateDesc": "客户端将被自动禁用的日期。留空表示永久有效",
+    "deleteClient": "删除客户端",
+    "deleteDialog1": "您确定要删除此客户端吗？",
+    "deleteDialog2": "此操作无法撤销。",
+    "enabled": "已启用",
+    "address": "IP地址",
+    "serverAllowedIps": "服务端允许的IP",
+    "otlDesc": "生成一次性使用的短链接配置",
+    "permanent": "永久有效",
+    "createdOn": "创建于 ",
+    "lastSeen": "最后在线时间 ",
+    "totalDownload": "总下载流量： ",
+    "totalUpload": "总上传流量： ",
+    "newClient": "新建客户端",
+    "disableClient": "禁用客户端",
+    "enableClient": "启用客户端",
+    "noPrivKey": "此客户端没有已知的私钥，无法创建配置文件",
+    "showQR": "显示二维码",
+    "downloadConfig": "下载配置文件",
+    "allowedIpsDesc": "指定将通过VPN路由的IP地址（覆盖全局配置）",
+    "serverAllowedIpsDesc": "指定服务端将路由到客户端的IP地址范围",
+    "mtuDesc": "设置VPN隧道的MTU（最大传输单元）",
+    "persistentKeepaliveDesc": "设置保活数据包的发送间隔（秒）。0表示禁用",
+    "hooks": "钩子脚本",
+    "hooksDescription": "钩子脚本仅在使用wg-quick时有效",
+    "hooksLeaveEmpty": "如果不使用wg-quick，请留空此字段"
+  },
+  "dialog": {
+    "change": "确认修改",
+    "cancel": "取消",
+    "create": "创建"
+  },
+  "toast": {
+    "success": "操作成功",
+    "saved": "保存成功",
+    "error": "发生错误"
+  },
+  "form": {
+    "actions": "操作",
+    "save": "保存更改",
+    "revert": "恢复默认",
+    "sectionGeneral": "基本配置",
+    "sectionAdvanced": "高级选项",
+    "noItems": "未配置",
+    "nullNoItems": "未配置。将使用全局配置",
+    "add": "添加"
+  },
+  "admin": {
+    "general": {
+      "sessionTimeout": "会话超时时间",
+      "sessionTimeoutDesc": "'记住我'功能的会话持续时间（秒）",
+      "metrics": "监控指标",
+      "metricsPassword": "密码",
+      "metricsPasswordDesc": "用于监控端点的Bearer密码（支持密码或Argon2哈希）",
+      "json": "JSON格式",
+      "jsonDesc": "获取JSON格式的监控数据路由",
+      "prometheus": "Prometheus格式",
+      "prometheusDesc": "获取Prometheus格式监控数据的路由"
+    },
+    "config": {
+      "connection": "连接设置",
+      "hostDesc": "客户端将连接到的公共主机名（修改会使现有配置失效）",
+      "portDesc": "客户端将连接到的公共UDP端口（修改会使现有配置失效，通常需要同时修改接口端口）",
+      "allowedIpsDesc": "客户端使用的全局允许的IP范围",
+      "dnsDesc": "客户端使用的全局DNS设置",
+      "mtuDesc": "新客户端将使用的MTU（仅影响新客户端）",
+      "persistentKeepaliveDesc": "向服务器发送保活数据包的间隔秒数。0表示禁用（仅影响新客户端）",
+      "suggest": "自动检测",
+      "suggestDesc": "为'主机'字段选择IP地址或主机名"
+    },
+    "interface": {
+      "cidrSuccess": "CIDR修改成功",
+      "device": "网络设备",
+      "deviceDesc": "用于转发WireGuard流量的以太网设备",
+      "mtuDesc": "WireGuard接口使用的MTU",
+      "portDesc": "WireGuard监听的UDP端口（通常需要同时修改配置端口）",
+      "changeCidr": "修改CIDR",
+      "restart": "重启接口",
+      "restartDesc": "重新启动WireGuard接口",
+      "restartWarn": "确定要重启接口吗？这将断开所有客户端的连接。",
+      "restartSuccess": "接口重启成功"
+    },
+    "introText": "欢迎使用管理控制台。\n\n您可以在这里管理通用设置、网络配置、接口设置和钩子脚本。\n\n请从侧边栏选择一个功能模块开始。"
+  },
+  "zod": {
+    "generic": {
+      "required": "{0}是必填项",
+      "validNumber": "{0}必须是有效数字",
+      "validString": "{0}必须是有效文本",
+      "validBoolean": "{0}必须是是/否选项",
+      "validArray": "{0}必须是有效数组",
+      "stringMin": "{0}至少需要{1}个字符",
+      "numberMin": "{0}不能小于{1}"
+    },
+    "client": {
+      "id": "客户端ID",
+      "name": "客户端名称",
+      "expiresAt": "过期时间",
+      "address4": "IPv4地址",
+      "address6": "IPv6地址",
+      "serverAllowedIps": "服务端允许的IP"
+    },
+    "user": {
+      "username": "用户名",
+      "password": "密码",
+      "remember": "记住登录",
+      "name": "姓名",
+      "email": "电子邮箱",
+      "emailInvalid": "请输入有效的电子邮箱地址",
+      "passwordMatch": "两次输入的密码必须一致",
+      "totpEnable": "启用TOTP",
+      "totpEnableTrue": "必须启用双重认证",
+      "totpCode": "验证码"
+    },
+    "userConfig": {
+      "host": "服务器地址"
+    },
+    "general": {
+      "sessionTimeout": "会话超时",
+      "metricsEnabled": "启用监控",
+      "metricsPassword": "监控密码"
+    },
+    "interface": {
+      "cidr": "CIDR",
+      "device": "网络设备",
+      "cidrValid": "CIDR必须有效"
+    },
+    "otl": "一次性链接",
+    "stringMalformed": "文本格式错误",
+    "body": "请求体必须是有效对象",
+    "hook": "钩子脚本",
+    "enabled": "启用状态",
+    "mtu": "MTU",
+    "port": "端口",
+    "persistentKeepalive": "保活间隔",
+    "address": "IP地址",
+    "dns": "DNS",
+    "allowedIps": "允许的IP",
+    "file": "文件"
+  },
+  "hooks": {
+    "preUp": "启动前脚本",
+    "postUp": "启动后脚本",
+    "preDown": "停止前脚本",
+    "postDown": "停止后脚本"
+  }
+}
@@ -0,0 +1,237 @@
+{
+  "pages": {
+    "me": "帳戶",
+    "clients": "客戶端",
+    "admin": {
+      "panel": "管理員版面",
+      "general": "一般設定",
+      "config": "配置設定",
+      "interface": "介面設定",
+      "hooks": "掛鉤設定"
+    }
+  },
+  "user": {
+    "email": "電郵"
+  },
+  "me": {
+    "currentPassword": "目前密碼",
+    "enable2fa": "啟用雙重認證",
+    "enable2faDesc": "使用認證應用程式掃描二維碼，或手動輸入密匙。",
+    "2faKey": "TOTP密匙",
+    "2faCodeDesc": "請輸入認證應用程式中的驗證碼。",
+    "disable2fa": "停用雙重認證",
+    "disable2faDesc": "請輸入密碼以停用雙重認證。"
+  },
+  "general": {
+    "name": "名稱",
+    "username": "用戶名",
+    "password": "密碼",
+    "newPassword": "新密碼",
+    "updatePassword": "更改密碼",
+    "mtu": "MTU",
+    "allowedIps": "IP白名單",
+    "dns": "域名系統",
+    "persistentKeepalive": "保持連線",
+    "logout": "登出",
+    "continue": "繼續",
+    "host": "主機",
+    "port": "連接埠",
+    "yes": "是",
+    "no": "否",
+    "confirmPassword": "確認新密碼",
+    "loading": "載入中...",
+    "2fa": "雙重認證",
+    "2faCode": "TOTP驗證碼"
+  },
+  "setup": {
+    "welcome": "歡迎首次設定wg-easy",
+    "welcomeDesc": "這是最簡單的方法讓你在任何Linux主機上安裝及管理WireGuard",
+    "existingSetup": "你有現存設定嗎？",
+    "createAdminDesc": "請輸入管理員用戶名及一個高強度密碼。這些資料將用於登入管理員版面。",
+    "setupConfigDesc": "請輸入主機及連接埠資料。這將用於客戶端設定，以便在他們的裝置上設定WireGuard。",
+    "setupMigrationDesc": "如果你想將舊版wg-easy的資料轉移到新設定，請提供備份檔案。",
+    "upload": "上傳",
+    "migration": "還原備份：",
+    "createAccount": "建立帳戶",
+    "successful": "設定成功",
+    "hostDesc": "客戶端連接的公共主機名稱",
+    "portDesc": "客戶端和WireGuard使用的公共UDP連接埠"
+  },
+  "update": {
+    "updateAvailable": "有新版本更新！",
+    "update": "更新"
+  },
+  "theme": {
+    "dark": "深色模式",
+    "light": "淺色模式",
+    "system": "系統預設"
+  },
+  "layout": {
+    "toggleCharts": "顯示或隱藏圖表",
+    "donate": "贊助"
+  },
+  "login": {
+    "signIn": "登入",
+    "rememberMe": "保持登入",
+    "rememberMeDesc": "關閉瀏覽器後仍保持登入",
+    "insecure": "連線不安全，請使用HTTPS。",
+    "2faRequired": "需要雙重認證",
+    "2faWrong": "雙重認證失敗"
+  },
+  "client": {
+    "empty": "目前沒有客戶端。",
+    "newShort": "新增",
+    "sort": "排序",
+    "create": "建立客戶端",
+    "created": "客戶端已建立",
+    "new": "新增客戶端",
+    "name": "名稱",
+    "expireDate": "有效期",
+    "expireDateDesc": "客戶端將於此日期停用。留空則為永久有效",
+    "deleteClient": "刪除客戶端",
+    "deleteDialog1": "你確定要刪除",
+    "deleteDialog2": "此操作無法還原。",
+    "enabled": "已啟用",
+    "address": "IP地址",
+    "serverAllowedIps": "伺服器IP白名單",
+    "otlDesc": "生成短暫單次超連結",
+    "permanent": "永久",
+    "createdOn": "建立於",
+    "lastSeen": "上次活動於",
+    "totalDownload": "總下載量：",
+    "totalUpload": "總上傳量：",
+    "newClient": "新客戶端",
+    "disableClient": "停用客戶端",
+    "enableClient": "啟用客戶端",
+    "noPrivKey": "此客戶端沒有已知的密匙。無法建立配置。",
+    "showQR": "顯示二維碼",
+    "downloadConfig": "下載配置",
+    "allowedIpsDesc": "通過VPN的IP地址（取代全局配置）",
+    "serverAllowedIpsDesc": "伺服器路由到客戶端的IP地址",
+    "mtuDesc": "設定VPN隧道的最大傳輸單位（封包大小）",
+    "persistentKeepaliveDesc": "設定保持連線封包的秒數間隔。0代表停用",
+    "hooks": "掛鉤",
+    "hooksDescription": "掛鉤僅適用於wg-quick",
+    "hooksLeaveEmpty": "僅適用於wg-quick，否則請留空",
+    "dnsDesc": "客戶端使用的域名系統伺服器（取代全局配置）"
+  },
+  "dialog": {
+    "change": "更改",
+    "cancel": "取消",
+    "create": "創建"
+  },
+  "toast": {
+    "success": "成功",
+    "saved": "已保存",
+    "error": "錯誤"
+  },
+  "form": {
+    "actions": "操作",
+    "save": "保存",
+    "revert": "重置",
+    "sectionGeneral": "一般設定",
+    "sectionAdvanced": "進階",
+    "noItems": "未有設定",
+    "nullNoItems": "未有設定，使用全局配置",
+    "add": "新增"
+  },
+  "admin": {
+    "general": {
+      "sessionTimeout": "工作階段逾時",
+      "sessionTimeoutDesc": "「保持登入」的工作階段持續時間（秒）",
+      "metrics": "指標",
+      "metricsPassword": "密碼",
+      "metricsPasswordDesc": "指標端點的Bearer密碼（密碼或argon2雜湊）",
+      "json": "JSON",
+      "jsonDesc": "JSON格式指標的路由",
+      "prometheus": "Prometheus",
+      "prometheusDesc": "Prometheus指標的路由"
+    },
+    "config": {
+      "connection": "連線",
+      "hostDesc": "客戶端連接的公共主機名稱（使配置無效）",
+      "portDesc": "客戶端連接的公共UDP連接埠（使配置無效，你可能也想更改介面連接埠）",
+      "allowedIpsDesc": "客戶端使用的IP白名單（全局配置）",
+      "dnsDesc": "客戶端使用的域名系統伺服器（全局配置）",
+      "mtuDesc": "客戶端使用的MTU（僅適用於新客戶端）",
+      "persistentKeepaliveDesc": "向伺服器發送保持連線封包的秒數間隔。0代表停用（僅適用於新客戶端）",
+      "suggest": "建議",
+      "suggestDesc": "選擇一個IP地址或主機名稱"
+    },
+    "interface": {
+      "cidrSuccess": "成功更改CIDR",
+      "device": "裝置",
+      "deviceDesc": "WireGuard流量通過的乙太網路裝置",
+      "mtuDesc": "WireGuard使用的MTU",
+      "portDesc": "WireGuard監聽的UDP連接埠 (你可能也想更改設定連接埠)",
+      "changeCidr": "更改CIDR",
+      "restart": "重啟介面",
+      "restartDesc": "重啟WireGuard介面",
+      "restartWarn": "你確定要重新啟動介面嗎？這將中斷所有客戶端連線。",
+      "restartSuccess": "介面已重啟"
+    },
+    "introText": "歡迎來到管理員版面。\n\n你可以在側邊欄中管理一般、配置、介面和掛鉤設定。"
+  },
+  "zod": {
+    "generic": {
+      "required": "{0}為必填項",
+      "validNumber": "{0}必須是有效的數字",
+      "validString": "{0}必須是有效的字串",
+      "validBoolean": "{0}必須是有效的布林值",
+      "validArray": "{0}必須是有效的陣列",
+      "stringMin": "{0}至少需要{1}個字元",
+      "numberMin": "{0}至少為{1}"
+    },
+    "client": {
+      "id": "客戶端ID",
+      "name": "名稱",
+      "expiresAt": "到期於",
+      "address4": "IPv4地址",
+      "address6": "IPv6地址",
+      "serverAllowedIps": "伺服器IP白名單"
+    },
+    "user": {
+      "username": "用戶名",
+      "password": "密碼",
+      "remember": "保持",
+      "name": "名稱",
+      "email": "電郵",
+      "emailInvalid": "必須是有效的電郵地址",
+      "passwordMatch": "密碼必須一致",
+      "totpEnable": "TOTP啟用",
+      "totpEnableTrue": "TOTP啟用必須為正確",
+      "totpCode": "TOTP驗證碼"
+    },
+    "userConfig": {
+      "host": "主機"
+    },
+    "general": {
+      "sessionTimeout": "工作階段逾時",
+      "metricsEnabled": "指標",
+      "metricsPassword": "指標密碼"
+    },
+    "interface": {
+      "cidr": "CIDR",
+      "device": "裝置",
+      "cidrValid": "CIDR必須有效"
+    },
+    "otl": "單次超連結",
+    "stringMalformed": "字串格式不正確",
+    "body": "主體必須是有效的物件",
+    "hook": "掛鉤",
+    "enabled": "已啟動",
+    "mtu": "MTU",
+    "port": "連接埠",
+    "persistentKeepalive": "保持連線",
+    "address": "IP地址",
+    "dns": "域名系統",
+    "allowedIps": "IP白名單",
+    "file": "文件"
+  },
+  "hooks": {
+    "preUp": "PreUp",
+    "postUp": "PostUp",
+    "preDown": "PreDown",
+    "postDown": "PostDown"
+  }
+}
@@ -34,6 +34,31 @@ export default defineNuxtConfig({
        language: 'en-US',
        name: 'English',
      },
+      {
+        code: 'uk',
+        language: 'uk-UA',
+        name: 'Українська',
+      },
+      {
+        code: 'fr',
+        language: 'fr-FR',
+        name: 'Français',
+      },
+      {
+        code: 'de',
+        language: 'de-DE',
+        name: 'Deutsch',
+      },
+      {
+        code: 'zh-HK',
+        language: 'zh-HK',
+        name: '繁體中文（香港）',
+      },
+      {
+        code: 'zh-CN',
+        language: 'zh-CN',
+        name: '简体中文',
+      },
    ],
    defaultLocale: 'en',
    vueI18n: './i18n.config.ts',
@@ -41,6 +66,9 @@ export default defineNuxtConfig({
    detectBrowserLanguage: {
      useCookie: true,
    },
+    bundle: {
+      optimizeTranslationDirective: false,
+    },
  },
  nitro: {
    esbuild: {
@@ -52,6 +80,9 @@ export default defineNuxtConfig({
    alias: {
      '#db': fileURLToPath(new URL('./server/database/', import.meta.url)),
    },
+    externals: {
+      traceInclude: [fileURLToPath(new URL('./cli/index.ts', import.meta.url))],
+    },
  },
  alias: {
    // for typecheck reasons (https://github.com/nuxt/cli/issues/323)
@@ -1,11 +1,11 @@
 {
  "name": "wg-easy",
-  "version": "15.0.0-beta.11",
+  "version": "15.1.0",
  "description": "The easiest way to run WireGuard VPN + Web-based Admin UI.",
  "private": true,
  "type": "module",
  "scripts": {
-    "build": "nuxt build",
+    "build": "nuxt build && pnpm cli:build",
    "dev": "nuxt dev",
    "generate": "nuxt generate",
    "preview": "nuxt preview",
@@ -15,53 +15,57 @@
    "format:check": "prettier . --check",
    "typecheck": "nuxt typecheck",
    "check:all": "pnpm typecheck && pnpm lint && pnpm format:check && pnpm build",
-    "db:generate": "drizzle-kit generate"
+    "db:generate": "drizzle-kit generate",
+    "cli:build": "node cli/build.js",
+    "cli:dev": "tsx cli/index.ts"
  },
  "dependencies": {
    "@eschricht/nuxt-color-mode": "^1.1.5",
    "@heroicons/vue": "^2.2.0",
-    "@libsql/client": "^0.15.1",
-    "@nuxtjs/i18n": "^9.4.0",
-    "@nuxtjs/tailwindcss": "^6.13.2",
+    "@libsql/client": "^0.15.9",
+    "@nuxtjs/i18n": "^9.5.6",
+    "@nuxtjs/tailwindcss": "^6.14.0",
    "@phc/format": "^1.0.0",
-    "@pinia/nuxt": "^0.10.1",
+    "@pinia/nuxt": "^0.11.1",
    "@tailwindcss/forms": "^0.5.10",
-    "apexcharts": "^4.5.0",
-    "argon2": "^0.41.1",
-    "basic-auth": "^2.0.1",
+    "apexcharts": "^4.7.0",
+    "argon2": "^0.43.0",
    "cidr-tools": "^11.0.3",
+    "citty": "^0.1.6",
+    "consola": "^3.4.2",
    "crc-32": "^1.2.2",
-    "debug": "^4.4.0",
-    "drizzle-orm": "^0.41.0",
+    "debug": "^4.4.1",
+    "drizzle-orm": "^0.44.2",
    "ip-bigint": "^8.2.1",
    "is-cidr": "^5.1.1",
    "is-ip": "^5.0.1",
-    "js-sha256": "^0.11.0",
-    "lowdb": "^7.0.1",
-    "nuxt": "^3.16.1",
-    "pinia": "^3.0.1",
-    "qrcode": "^1.5.4",
+    "js-sha256": "^0.11.1",
+    "nuxt": "^3.17.5",
+    "otpauth": "^9.4.0",
+    "pinia": "^3.0.3",
+    "qr": "^0.5.0",
    "radix-vue": "^1.9.17",
-    "semver": "^7.7.1",
+    "semver": "^7.7.2",
    "tailwindcss": "^3.4.17",
    "timeago.js": "^4.0.2",
    "vue": "latest",
    "vue3-apexcharts": "^1.8.0",
-    "zod": "^3.24.2"
+    "zod": "^3.25.67"
  },
  "devDependencies": {
-    "@nuxt/eslint": "1.3.0",
+    "@nuxt/eslint": "^1.4.1",
    "@types/debug": "^4.1.12",
    "@types/phc__format": "^1.0.1",
-    "@types/qrcode": "^1.5.5",
    "@types/semver": "^7.7.0",
-    "drizzle-kit": "^0.30.6",
-    "eslint": "^9.23.0",
-    "eslint-config-prettier": "^10.1.1",
-    "prettier": "^3.5.3",
-    "prettier-plugin-tailwindcss": "^0.6.11",
-    "typescript": "^5.8.2",
-    "vue-tsc": "^2.2.8"
+    "drizzle-kit": "^0.31.4",
+    "esbuild": "^0.25.5",
+    "eslint": "^9.30.0",
+    "eslint-config-prettier": "^10.1.5",
+    "prettier": "^3.6.2",
+    "prettier-plugin-tailwindcss": "^0.6.13",
+    "tsx": "^4.20.3",
+    "typescript": "^5.8.3",
+    "vue-tsc": "^2.2.10"
  },
-  "packageManager": "pnpm@10.7.0"
+  "packageManager": "pnpm@10.12.4"
 }
@@ -0,0 +1,65 @@
+import { Secret, TOTP } from 'otpauth';
+import { UserUpdateTotpSchema } from '#db/repositories/user/types';
+
+type Response =
+  | {
+      success: boolean;
+      type: 'setup';
+      key: string;
+      uri: string;
+    }
+  | { success: boolean; type: 'created' }
+  | { success: boolean; type: 'deleted' };
+
+export default definePermissionEventHandler(
+  'me',
+  'update',
+  async ({ event, user, checkPermissions }) => {
+    const body = await readValidatedBody(
+      event,
+      validateZod(UserUpdateTotpSchema, event)
+    );
+
+    checkPermissions(user);
+
+    if (body.type === 'setup') {
+      const key = new Secret({ size: 20 });
+
+      const totp = new TOTP({
+        issuer: 'wg-easy',
+        label: user.username,
+        algorithm: 'SHA1',
+        digits: 6,
+        period: 30,
+        secret: key,
+      });
+
+      await Database.users.updateTotpKey(user.id, key.base32);
+
+      return {
+        success: true,
+        type: 'setup',
+        key: key.base32,
+        uri: totp.toString(),
+      } as Response;
+    } else if (body.type === 'create') {
+      await Database.users.verifyTotp(user.id, body.code);
+
+      return {
+        success: true,
+        type: 'created',
+      } as Response;
+    } else if (body.type === 'delete') {
+      await Database.users.deleteTotpKey(user.id, body.currentPassword);
+
+      return {
+        success: true,
+        type: 'deleted',
+      } as Response;
+    }
+    throw createError({
+      statusCode: 400,
+      statusMessage: 'Invalid request',
+    });
+  }
+);
@@ -20,5 +20,6 @@ export default defineEventHandler(async (event) => {
    username: user.username,
    name: user.name,
    email: user.email,
+    totpVerified: user.totpVerified,
  };
 });
@@ -1,28 +1,41 @@
 import { UserLoginSchema } from '#db/repositories/user/types';

 export default defineEventHandler(async (event) => {
-  const { username, password, remember } = await readValidatedBody(
+  const { username, password, remember, totpCode } = await readValidatedBody(
    event,
    validateZod(UserLoginSchema, event)
  );

-  // TODO: timing can be used to enumerate usernames
+  const result = await Database.users.login(username, password, totpCode);

-  const user = await Database.users.getByUsername(username);
-  if (!user)
+  // TODO: add localization support
+
+  if (!result.success) {
+    switch (result.error) {
+      case 'INCORRECT_CREDENTIALS':
        throw createError({
          statusCode: 401,
-      statusMessage: 'Incorrect credentials',
+          statusMessage: 'Invalid username or password',
        });
-
-  const userHashPassword = user.password;
-  const passwordValid = await isPasswordValid(password, userHashPassword);
-  if (!passwordValid) {
+      case 'TOTP_REQUIRED':
+        return { status: 'TOTP_REQUIRED' };
+      case 'INVALID_TOTP_CODE':
+        return { status: 'INVALID_TOTP_CODE' };
+      case 'USER_DISABLED':
        throw createError({
          statusCode: 401,
-      statusMessage: 'Incorrect credentials',
+          statusMessage: 'User disabled',
+        });
+      case 'UNEXPECTED_ERROR':
+        throw createError({
+          statusCode: 500,
+          statusMessage: 'Unexpected error',
        });
    }
+    assertUnreachable(result.error);
+  }
+
+  const user = result.user;

  const session = await useWGSession(event, remember);

@@ -34,5 +47,5 @@ export default defineEventHandler(async (event) => {

  SERVER_DEBUG(`New Session: ${data.id} for ${user.id} (${user.username})`);

-  return { success: true };
+  return { status: 'success' };
 });
@@ -1,6 +1,7 @@
 CREATE TABLE `clients_table` (
 	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
 	`user_id` integer NOT NULL,
+	`interface_id` text NOT NULL,
 	`name` text NOT NULL,
 	`ipv4_address` text NOT NULL,
 	`ipv6_address` text NOT NULL,
@@ -17,10 +18,12 @@ CREATE TABLE `clients_table` (
 	`persistent_keepalive` integer NOT NULL,
 	`mtu` integer NOT NULL,
 	`dns` text,
+	`server_endpoint` text,
 	`enabled` integer NOT NULL,
 	`created_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
 	`updated_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
-	FOREIGN KEY (`user_id`) REFERENCES `users_table`(`id`) ON UPDATE cascade ON DELETE restrict
+	FOREIGN KEY (`user_id`) REFERENCES `users_table`(`id`) ON UPDATE cascade ON DELETE restrict,
+	FOREIGN KEY (`interface_id`) REFERENCES `interfaces_table`(`name`) ON UPDATE cascade ON DELETE cascade
 );
 --> statement-breakpoint
 CREATE UNIQUE INDEX `clients_table_ipv4_address_unique` ON `clients_table` (`ipv4_address`);--> statement-breakpoint
@@ -80,6 +83,8 @@ CREATE TABLE `users_table` (
 	`email` text,
 	`name` text NOT NULL,
 	`role` integer NOT NULL,
+	`totp_key` text,
+	`totp_verified` integer NOT NULL,
 	`enabled` integer NOT NULL,
 	`created_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL,
 	`updated_at` text DEFAULT (CURRENT_TIMESTAMP) NOT NULL
@@ -1,7 +1,7 @@
 {
  "version": "6",
  "dialect": "sqlite",
-  "id": "8c2af02b-c4bd-4880-a9ad-b38805636208",
+  "id": "dae61656-1107-4729-ac83-f43d4cab3881",
  "prevId": "00000000-0000-0000-0000-000000000000",
  "tables": {
    "clients_table": {
@@ -21,6 +21,13 @@
          "notNull": true,
          "autoincrement": false
        },
+        "interface_id": {
+          "name": "interface_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
        "name": {
          "name": "name",
          "type": "text",
@@ -137,6 +144,13 @@
          "notNull": false,
          "autoincrement": false
        },
+        "server_endpoint": {
+          "name": "server_endpoint",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
        "enabled": {
          "name": "enabled",
          "type": "integer",
@@ -190,6 +204,19 @@
          ],
          "onDelete": "restrict",
          "onUpdate": "cascade"
+        },
+        "clients_table_interface_id_interfaces_table_name_fk": {
+          "name": "clients_table_interface_id_interfaces_table_name_fk",
+          "tableFrom": "clients_table",
+          "tableTo": "interfaces_table",
+          "columnsFrom": [
+            "interface_id"
+          ],
+          "columnsTo": [
+            "name"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "cascade"
        }
      },
      "compositePrimaryKeys": {},
@@ -558,6 +585,20 @@
          "notNull": true,
          "autoincrement": false
        },
+        "totp_key": {
+          "name": "totp_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "totp_verified": {
+          "name": "totp_verified",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
        "enabled": {
          "name": "enabled",
          "type": "integer",
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Bernd Storath	9368b857e8	Bump version to 15.1.0	2025-07-01 08:50:21 +02:00
Bernd Storath	0f663df7f6	Add option to disable ipv6 (#1951 ) * add option to disable ipv6 * don't add ipv6 address * update docs	2025-07-01 07:57:14 +02:00
Kirill Dvoretskov	68fde7d165	Updated container launch commands (#1989 ) * Updated container launch commands * one more occurrence --------- Co-authored-by: Bernd Storath <999999bst@gmail.com>	2025-06-30 08:01:26 +02:00
杨黄林	501a784264	Add Chinese Simplified (#1990 ) * Add Chinese Simplified * fix formatting --------- Co-authored-by: Bernd Storath <999999bst@gmail.com>	2025-06-30 07:55:00 +02:00
Bernd Storath	629c184195	update packages	2025-06-30 07:54:45 +02:00
Rayyamhk	76b8818a33	feat: Add Traditional Chinese (zh-HK) i18n Support (#1988 ) * feat:add translation for zh-hk * fix formatting issues	2025-06-27 08:25:02 +02:00
Pascal Dietrich	6c52301a64	Add german translations (#1889 )	2025-06-26 16:05:44 +02:00
Bernd Storath	be26db63ca	add docs on how to add/update translation	2025-06-26 15:27:27 +02:00
Bernd Storath	962bfa213f	update screenshot	2025-06-26 14:56:15 +02:00
Bernd Storath	ee00e5c914	update packages	2025-06-23 09:53:30 +02:00
Bernd Storath	6343213538	v14 migration env vars make note that the env vars from v14 won't be migrated	2025-06-11 11:14:13 +02:00
Bernd Storath	187bdc0836	update packages	2025-06-11 07:42:21 +02:00
wh!le	f2520f0481	docs for caddy example (#1939 )	2025-06-09 16:04:59 +02:00
Ezmana	5e9a73645b	Add French language (#1924 ) * French translation file creation * Add French language	2025-06-09 15:55:12 +02:00
Bernd Storath	783fa3286c	update packages removed override as every package updated	2025-06-02 08:23:26 +02:00
Nikolas	77b4f9db65	Added Ukrainian language (#1906 ) * Add files via upload Ukrainian language * Update ua.json * Update i18n.config.ts * Update i18n.config.ts * Rename ua.json to uk.json * Update i18n.config.ts * Update nuxt.config.ts * Update uk.json	2025-06-01 16:40:31 +02:00
Bernd Storath	0f6f07161b	update docker compose	2025-05-28 13:50:13 +02:00
Bernd Storath	d75a836de9	update changelog	2025-05-28 12:33:44 +02:00
Bernd Storath	f79b0fd025	Bump version to 15.0.0	2025-05-28 12:22:42 +02:00
Bernd Storath	d2ce82241b	Bump version to 15.0.0-beta.13	2025-05-28 12:11:03 +02:00
Bernd Storath	8c395ec275	fix pre-release	2025-05-28 12:10:47 +02:00
Bernd Storath	10f42170f3	Bump version to 15.0.0-beta.13	2025-05-28 11:59:38 +02:00
Bernd Storath	a8aa85bdaa	Feat: map client to interface (#1886 ) map client to interface	2025-05-28 11:58:33 +02:00
Bernd Storath	7e1aa5807d	Feat: variants (#1885 ) add primary & secondary button & actionfield	2025-05-28 11:44:16 +02:00
Bernd Storath	df57921b8e	update packages	2025-05-27 09:39:37 +02:00
Bernd Storath	4fbf059e61	add armv7 support override until - https://github.com/nuxt/nuxt/issues/32124 - https://github.com/nuxt-modules/i18n/issues/3605 are fixed	2025-05-16 09:11:50 +02:00
Bernd Storath	b150e3f3b4	update packages	2025-05-16 08:54:52 +02:00
Bernd Storath	aed10ab0bd	update packages	2025-05-12 07:41:40 +02:00
Bernd Storath	478e7207b2	don't hoist libsql not needed anymore	2025-05-05 11:15:24 +02:00
Bernd Storath	c8dc710435	update packages	2025-05-05 10:25:28 +02:00
Bernd Storath	19d9e3b7d7	update packages this greatly improves qr code size and quality	2025-04-26 16:49:51 +02:00
Bernd Storath	c4efb1d03a	update packages argon2 now prebuilds for armv7 only libsql is missing: https://github.com/tursodatabase/libsql-js/pull/169	2025-04-24 11:50:35 +02:00
Bernd Storath	529b9eeb88	improve image size	2025-04-22 16:09:18 +02:00
Bernd Storath	69ee741d7e	Feat: distributed build (#1829 ) * distribute build across runners * better formatting * fix issues * fix matrix * retrigger build	2025-04-22 14:11:28 +02:00
Bernd Storath	f2dc38e91b	add setup guide	2025-04-22 10:47:55 +02:00
Bernd Storath	64e9484331	update packages	2025-04-22 07:46:33 +02:00
Bernd Storath	c777fa30b3	publish stable docker compose (#1828 )	2025-04-22 07:44:28 +02:00
Bernd Storath	734d91fd98	replace nightly with edge (#1819 )	2025-04-17 15:58:45 +02:00
Bernd Storath	84ed7b299f	Feat: Cli (#1818 ) * add cli * fix lint * add docs, include cli packages * fix docs, username instead of name	2025-04-16 14:17:02 +02:00
Bernd Storath	1cfe6404b2	Feat docs (#1814 ) * improve docs and formatting * lint in ci avoid using bundled prettier from vscode extension * fix action, typos * remove header * remove unused deps	2025-04-15 12:43:57 +02:00
Bernd Storath	2a32c1b9c0	remove unused dependencies	2025-04-14 08:36:07 +02:00
Bernd Storath	3ef258a28a	Bump version to 15.0.0-beta.12	2025-04-11 23:35:51 +02:00
Bernd Storath	ff783fd4d1	Feat: Improve Docs (#1791 ) * improve docs * preplan guides * fix spelling * fix nftables rules * consistent wg-easy code block * fix grammar	2025-04-11 23:25:58 +02:00
Bernd Storath	65aa067100	update packages	2025-04-11 22:46:03 +02:00
Edgars	48e6949a4d	Update `docker-run.md` (#1804 ) Small fixes were made to: - adjust indentation for the first line in code blocks; - fix backticks; - make the URL interactive.	2025-04-09 11:25:30 +02:00
Bernd Storath	9ebf2c1d33	chore: disable latest tag for docker so old installations wont break until v15 is stable enough	2025-04-02 09:32:52 +02:00
Bernd Storath	d0f85316a6	chore: delete changelog from docs	2025-04-02 09:20:18 +02:00
Bernd Storath	ff9fd553c5	Fix: sync / rekey issue (#1789 ) only sync if needed	2025-04-02 08:49:04 +02:00
Bernd Storath	e92ee0464e	Feat: Server Endpoint (#1785 ) * add server endpoint to client * be able to update endpoint over api	2025-04-01 16:13:51 +02:00
Bernd Storath	9df049d3f4	Feat: startup info (#1784 ) add startup info	2025-04-01 15:18:13 +02:00
Bernd Storath	32b73b850a	Feat: 2fa (#1783 ) * preplan otp, better qrcode library * add 2fa as feature * add totp generation * working totp lifecycle * don't allow disabled user to log in not a security issue as permission handler would fail anyway * require 2fa on login if enabled * update packages * fix typo * remove console.logs	2025-04-01 14:43:48 +02:00