diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index fc002bb3..8f9dad6e 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -15,6 +15,12 @@ services: cap_add: - NET_ADMIN - SYS_MODULE + environment: + - INIT_ENABLED=true + - INIT_HOST=test + - INIT_PORT=51820 + - INIT_USERNAME=testtest + - INIT_PASSWORD=Qweasdyxcv!2 # folders should be generated inside container volumes: diff --git a/docs/content/advanced/config/unattended-setup.md b/docs/content/advanced/config/unattended-setup.md index 18736167..ee864efe 100644 --- a/docs/content/advanced/config/unattended-setup.md +++ b/docs/content/advanced/config/unattended-setup.md @@ -11,20 +11,22 @@ These will only be used during the first start of the container. After that, the | `INIT_ENABLED` | `true` | Enables the below env vars | 0 | | `INIT_USERNAME` | `admin` | Sets admin username | 1 | | `INIT_PASSWORD` | `Se!ureP%ssw` | Sets admin password | 1 | +| `INIT_HOST` | `vpn.example.com` | Host clients will connect to | 1 | +| `INIT_PORT` | `51820` | Port clients will connect to and wireguard will listen on | 1 | | `INIT_DNS` | `1.1.1.1,8.8.8.8` | Sets global dns setting | 2 | -| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets ipv4 cidr | 3 | -| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | sets ipv6 cidr | 3 | -| `INIT_HOST` | `vpn.example.com` | host clients will connect to | 4 | -| `INIT_PORT` | `51820` | port clients will connect to and wireguard will listen on | 4 | +| `INIT_IPV4_CIDR` | `10.8.0.0/24` | Sets IPv4 cidr | 3 | +| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 3 | /// warning | Variables have to be used together -If variables are in the same group, you have to set them both. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`. +If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`. + +If you want to skip the setup process, you have to configure group `1` /// -/// note | Password security +/// note | Security -The initial password is not checked for complexity. Make sure to set a secure password. +The initial username and password is not checked for complexity. Make sure to set a long enough username and a secure password. Otherwise, the user won't be able to log in. Its recommended to remove the variables after the setup is done to prevent the password from being exposed. /// diff --git a/src/server/database/sqlite.ts b/src/server/database/sqlite.ts index 301a0fc8..dbfade9b 100644 --- a/src/server/database/sqlite.ts +++ b/src/server/database/sqlite.ts @@ -73,11 +73,6 @@ async function initialSetup(db: DBServiceType) { return; } - if (WG_INITIAL_ENV.USERNAME && WG_INITIAL_ENV.PASSWORD) { - DB_DEBUG('Creating initial user...'); - await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD); - } - if (WG_INITIAL_ENV.IPV4_CIDR && WG_INITIAL_ENV.IPV6_CIDR) { DB_DEBUG('Setting initial CIDR...'); await db.interfaces.updateCidr({ @@ -95,13 +90,21 @@ async function initialSetup(db: DBServiceType) { }); } - if (WG_INITIAL_ENV.HOST && WG_INITIAL_ENV.PORT) { + if ( + WG_INITIAL_ENV.USERNAME && + WG_INITIAL_ENV.PASSWORD && + WG_INITIAL_ENV.HOST && + WG_INITIAL_ENV.PORT + ) { + DB_DEBUG('Creating initial user...'); + await db.users.create(WG_INITIAL_ENV.USERNAME, WG_INITIAL_ENV.PASSWORD); + DB_DEBUG('Setting initial host and port...'); await db.userConfigs.updateHostPort( WG_INITIAL_ENV.HOST, WG_INITIAL_ENV.PORT ); - } - await db.general.setSetupStep(0); + await db.general.setSetupStep(0); + } }