theis.gaedigk/wg-easy-ca-lose
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
7fbc1cef68ea9919479b66b924150a2f2005cfc6
wg-easy-ca-lose/docs/content/advanced/config/unattended-setup.md
T
copilot-swe-agent[bot] 7fbc1cef68 Allow override vars to skip initial setup; split username/password from host/port in groups 
- Modified initialSetup to use WG_* override vars as fallback for INIT_* vars
- Split group 1: USERNAME and PASSWORD remain in group 1
- Moved HOST and PORT to group 2 (can use WG_HOST and WG_CLIENT_PORT)
- DNS moved to group 3 (can use WG_DEFAULT_DNS)
- CIDR moved to group 4 (can use WG_IPV4_CIDR and WG_IPV6_CIDR)
- Allowed IPs moved to group 5 (can use WG_DEFAULT_ALLOWED_IPS)
- Updated documentation to explain override fallback behavior
- Setup can now be skipped with INIT_USERNAME, INIT_PASSWORD, and override vars

Co-authored-by: kaaax0815 <32197462+kaaax0815@users.noreply.github.com>
2025-11-17 09:34:01 +00:00

2.5 KiB
Raw Blame History

title
title
Unattended Setup

If you want to run the setup without any user interaction, e.g. with a tool like Ansible, you can use these environment variables to configure the setup.

These will only be used during the first start of the container. After that, the setup will be disabled.

Env Example Description Group
INIT_ENABLED true Enables the below env vars 0
INIT_USERNAME admin Sets admin username 1
INIT_PASSWORD Se!ureP%ssw Sets admin password 1
INIT_HOST vpn.example.com Host clients will connect to 2
INIT_PORT 51820 Port clients will connect to 2
INIT_DNS 1.1.1.1,8.8.8.8 Sets global dns setting 3
INIT_IPV4_CIDR 10.8.0.0/24 Sets IPv4 cidr 4
INIT_IPV6_CIDR 2001:0DB8::/32 Sets IPv6 cidr 4
INIT_ALLOWED_IPS 10.8.0.0/24,2001:0DB8::/32 Sets global Allowed IPs 5

/// warning | Variables have to be used together

If variables are in the same group, you have to set all of them. For example, if you set INIT_IPV4_CIDR, you also have to set INIT_IPV6_CIDR.

To skip the setup process, you must configure group 1 (username and password). Groups 2-5 can optionally use the corresponding WG_* override environment variables instead (see Configuration Overrides):

  • Group 2 (Host & Port): Can use WG_HOST and WG_CLIENT_PORT instead of INIT_HOST and INIT_PORT
  • Group 3 (DNS): Can use WG_DEFAULT_DNS instead of INIT_DNS
  • Group 4 (CIDR): Can use WG_IPV4_CIDR and WG_IPV6_CIDR instead of INIT_IPV4_CIDR and INIT_IPV6_CIDR
  • Group 5 (Allowed IPs): Can use WG_DEFAULT_ALLOWED_IPS instead of INIT_ALLOWED_IPS

This allows you to skip the initial setup while using override variables for runtime configuration. ///

/// note | Security

The initial username and password is not checked for complexity. Make sure to set a long enough username and password. Otherwise, the user won't be able to log in.

It's recommended to remove the variables after the setup is done to prevent the password from being exposed. ///

Reference in New Issue View Git Blame Copy Permalink