diff --git a/.vscode/settings.json b/.vscode/settings.json
index f62f2c98..691bcfba 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -26,5 +26,8 @@
"i18n-ally.sortKeys": false,
"i18n-ally.keepFulfilled": false,
"i18n-ally.keystyle": "nested",
- "editor.gotoLocation.multipleDefinitions": "goto"
+ "editor.gotoLocation.multipleDefinitions": "goto",
+ "[toml]": {
+ "editor.defaultFormatter": "tamasfe.even-better-toml"
+ }
}
diff --git a/docs/.gitignore b/docs/.gitignore
new file mode 100644
index 00000000..decfc7a5
--- /dev/null
+++ b/docs/.gitignore
@@ -0,0 +1,2 @@
+site
+.cache
\ No newline at end of file
diff --git a/docs/content/advanced/api.md b/docs/content/advanced/api.md
index 58d5df2d..d7de3a97 100644
--- a/docs/content/advanced/api.md
+++ b/docs/content/advanced/api.md
@@ -2,10 +2,9 @@
title: API
---
-/// warning | Breaking Changes
+!!! warning "Breaking Changes"
-This API is not yet stable and may change in the future. The API is currently in development and is subject to change without notice. The API is not yet documented, but we will add documentation as the API stabilizes.
-///
+ This API is not yet stable and may change in the future. The API is currently in development and is subject to change without notice. The API is not yet documented, but we will add documentation as the API stabilizes.
You can use the API to interact with the application programmatically. The API is available at `/api` and supports both GET and POST requests. The API is designed to be simple and easy to use, with a focus on providing a consistent interface for all endpoints.
diff --git a/docs/content/advanced/config/amnezia.md b/docs/content/advanced/config/amnezia.md
index 1d4f2b5b..3e8d4d0a 100644
--- a/docs/content/advanced/config/amnezia.md
+++ b/docs/content/advanced/config/amnezia.md
@@ -39,14 +39,14 @@ If a parameter is not set, it will not be added to the configuration. If all Amn
### Parameter Compatibility Table
-| Parameter | Can differ between server and client | Configurable on server | Configurable on client |
-| --------- | ------------------------------------ | ---------------------- | ----------------------- |
-| Jc | ✅ Yes | ✅ | ✅ |
-| Jmin | ✅ Yes | ✅ | ✅ |
-| Jmax | ✅ Yes | ✅ | ✅ |
-| S1-S4 | ❌ No, must match | ✅ | ❌ (copied from server) |
-| H1-H4 | ❌ No, must match | ✅ | ❌ (copied from server) |
-| I1-I5 | ✅ Yes | ✅ | ✅ |
+| Parameter | Can differ between server and client | Configurable on server | Configurable on client |
+| --------- | ------------------------------------ | ---------------------- | ------------------------ |
+| Jc | :white_check_mark: Yes | :white_check_mark: | :white_check_mark: |
+| Jmin | :white_check_mark: Yes | :white_check_mark: | :white_check_mark: |
+| Jmax | :white_check_mark: Yes | :white_check_mark: | :white_check_mark: |
+| S1-S4 | :x: No, must match | :white_check_mark: | :x: (copied from server) |
+| H1-H4 | :x: No, must match | :white_check_mark: | :x: (copied from server) |
+| I1-I5 | :white_check_mark: Yes | :white_check_mark: | :white_check_mark: |
## Client Applications
diff --git a/docs/content/advanced/config/external-authentication.md b/docs/content/advanced/config/external-authentication.md
index 420c3275..95a95af0 100644
--- a/docs/content/advanced/config/external-authentication.md
+++ b/docs/content/advanced/config/external-authentication.md
@@ -22,9 +22,9 @@ e.g. `google,github`
To automatically register users that log in with an OAuth provider, set the following environment variable to `true`:
-| Env | Required | Default | Description |
-| --------------------- | -------- | ------- | ------------------------ |
-| `OAUTH_AUTO_REGISTER` | ✖️ | `false` | Enable auto-registration |
+| Env | Required | Default | Description |
+| --------------------- | ------------------ | ------- | ------------------------ |
+| `OAUTH_AUTO_REGISTER` | :white_check_mark: | `false` | Enable auto-registration |
When enabled:
@@ -32,13 +32,11 @@ When enabled:
- If a user logs in with an email address that is already registered, their account will be linked to the OAuth provider (if not already linked), regardless of the value of `OAUTH_AUTO_REGISTER`.
-/// warning | Security
+!!! warning "Security"
-Users will be created with Admin Permissions, as the permissions system is not yet implemented. Only enable this if you trust all users that can log in with the OAuth provider.
+ Users will be created with Admin Permissions, as the permissions system is not yet implemented. Only enable this if you trust all users that can log in with the OAuth provider.
-Use [Allowed Domains](#allowed-domains) to restrict which users can log in.
-
-///
+ Use [Allowed Domains](#allowed-domains) to restrict which users can log in.
### Allowed Domains
@@ -46,7 +44,7 @@ To only allow users with an email address from a specific domain to log in, set
| Env | Required | Default | Description |
| ----------------------- | -------- | ------- | --------------------- |
-| `OAUTH_ALLOWED_DOMAINS` | ✖️ | - | Allowed email domains |
+| `OAUTH_ALLOWED_DOMAINS` | :x: | - | Allowed email domains |
You can allow multiple domains by separating them with a comma:
@@ -58,7 +56,7 @@ To automatically launch the OAuth login flow when visiting the login page, set t
| Env | Required | Default | Description |
| ------------------- | -------- | ------- | ----------------------------- |
-| `OAUTH_AUTO_LAUNCH` | ✖️ | - | Auto launch an OAuth provider |
+| `OAUTH_AUTO_LAUNCH` | :x: | - | Auto launch an OAuth provider |
When enabled:
@@ -83,10 +81,10 @@ If your provider does not support multiple redirect URIs (e.g. GitHub) but allow
#### Google
-| Env | Required | Description |
-| ---------------------------- | -------- | -------------------- |
-| `OAUTH_GOOGLE_CLIENT_ID` | ✔️ | Google Client ID |
-| `OAUTH_GOOGLE_CLIENT_SECRET` | ✔️ | Google Client Secret |
+| Env | Required | Description |
+| ---------------------------- | ------------------ | -------------------- |
+| `OAUTH_GOOGLE_CLIENT_ID` | :white_check_mark: | Google Client ID |
+| `OAUTH_GOOGLE_CLIENT_SECRET` | :white_check_mark: | Google Client Secret |
Setup
@@ -97,10 +95,10 @@ If your provider does not support multiple redirect URIs (e.g. GitHub) but allow
#### GitHub
-| Env | Required | Description |
-| ---------------------------- | -------- | -------------------- |
-| `OAUTH_GITHUB_CLIENT_ID` | ✔️ | GitHub Client ID |
-| `OAUTH_GITHUB_CLIENT_SECRET` | ✔️ | GitHub Client Secret |
+| Env | Required | Description |
+| ---------------------------- | ------------------ | -------------------- |
+| `OAUTH_GITHUB_CLIENT_ID` | :white_check_mark: | GitHub Client ID |
+| `OAUTH_GITHUB_CLIENT_SECRET` | :white_check_mark: | GitHub Client Secret |
Setup
@@ -122,12 +120,12 @@ The provider needs to support:
The provider needs to be available with HTTPS and have a valid certificate.
-| Env | Required | Default | Example | Description |
-| -------------------------- | -------- | ------- | -------------------------- | ------------------ |
-| `OAUTH_OIDC_SERVER` | ✔️ | - | `https://auth.example.com` | OIDC Server |
-| `OAUTH_OIDC_CLIENT_ID` | ✔️ | - | - | OIDC Client ID |
-| `OAUTH_OIDC_CLIENT_SECRET` | ✔️ | - | - | OIDC Client Secret |
-| `OAUTH_OIDC_NAME` | ✖️ | OIDC | `Authelia` | Provider Name |
+| Env | Required | Default | Example | Description |
+| -------------------------- | ------------------ | ------- | -------------------------- | ------------------ |
+| `OAUTH_OIDC_SERVER` | :white_check_mark: | - | `https://auth.example.com` | OIDC Server |
+| `OAUTH_OIDC_CLIENT_ID` | :white_check_mark: | - | - | OIDC Client ID |
+| `OAUTH_OIDC_CLIENT_SECRET` | :white_check_mark: | - | - | OIDC Client Secret |
+| `OAUTH_OIDC_NAME` | :x: | OIDC | `Authelia` | Provider Name |
##### Authelia Setup
@@ -167,16 +165,14 @@ To disable password-based authentication and only allow login via OAuth provider
| Env | Required | Default | Description |
| ----------------------- | -------- | ------- | ------------------------------- |
-| `DISABLE_PASSWORD_AUTH` | ✖️ | `false` | Disable password authentication |
+| `DISABLE_PASSWORD_AUTH` | :x: | `false` | Disable password authentication |
When enabled:
- Users will not be able to log in with a password
-/// warning | Access Recovery
-
-Before disabling password authentication, ensure that at least one OAuth provider is configured and that you have successfully linked an administrator account.
+!!! warning "Access Recovery"
-If no login method is available, you will not be able to log in to the application and will need to reset the configuration to regain access.
+ Before disabling password authentication, ensure that at least one OAuth provider is configured and that you have successfully linked an administrator account.
-///
+ If no login method is available, you will not be able to log in to the application and will need to reset the configuration to regain access.
diff --git a/docs/content/advanced/config/optional-config.md b/docs/content/advanced/config/optional-config.md
index 2f450b03..45dee954 100644
--- a/docs/content/advanced/config/optional-config.md
+++ b/docs/content/advanced/config/optional-config.md
@@ -12,12 +12,10 @@ You can set these environment variables to configure the container. They are not
| `DISABLE_IPV6` | `false` | `true` | If IPv6 support should be disabled |
| `DISABLE_VERSION_CHECK` | `false` | `true` | If wg-easy should check for new updates |
-/// note | IPv6 Caveats
+!!! note "IPv6 Caveats"
-Disabling IPv6 will disable the creation of the default IPv6 firewall rules and won't add a IPv6 address to the interface and clients.
+ Disabling IPv6 will disable the creation of the default IPv6 firewall rules and won't add a IPv6 address to the interface and clients.
-You will however still see a IPv6 address in the Web UI, but it won't be used.
+ You will however still see a IPv6 address in the Web UI, but it won't be used.
-This option can be removed in the future, as more devices support IPv6.
-
-///
+ This option can be removed in the future, as more devices support IPv6.
diff --git a/docs/content/advanced/config/unattended-setup.md b/docs/content/advanced/config/unattended-setup.md
index b0444d93..4bd367ca 100644
--- a/docs/content/advanced/config/unattended-setup.md
+++ b/docs/content/advanced/config/unattended-setup.md
@@ -18,16 +18,14 @@ These will only be used during the first start of the container. After that, the
| `INIT_IPV6_CIDR` | `2001:0DB8::/32` | Sets IPv6 cidr | 3 |
| `INIT_ALLOWED_IPS` | `10.8.0.0/24,2001:0DB8::/32` | Sets global Allowed IPs | 4 |
-/// warning | Variables have to be used together
+!!! warning "Variables have to be used together"
-If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.
+ If variables are in the same group, you have to set all of them. For example, if you set `INIT_IPV4_CIDR`, you also have to set `INIT_IPV6_CIDR`.
-If you want to skip the setup process, you have to configure group `1`
-///
+ If you want to skip the setup process, you have to configure group `1`
-/// note | Security
+!!! note "Security"
-The initial username and password is not checked for complexity. Make sure to set a long enough username and password. Otherwise, the user won't be able to log in.
+ The initial username and password is not checked for complexity. Make sure to set a long enough username and password. Otherwise, the user won't be able to log in.
-It's recommended to remove the variables after the setup is done to prevent the password from being exposed.
-///
+ It's recommended to remove the variables after the setup is done to prevent the password from being exposed.
diff --git a/docs/content/advanced/metrics/prometheus.md b/docs/content/advanced/metrics/prometheus.md
index 09ad087b..ea023540 100644
--- a/docs/content/advanced/metrics/prometheus.md
+++ b/docs/content/advanced/metrics/prometheus.md
@@ -35,8 +35,7 @@ You can use the following Grafana dashboard to visualize the metrics:
[21733](https://grafana.com/grafana/dashboards/21733-wireguard/)
-/// note | Unofficial
+!!! note "Unofficial"
-The Grafana dashboard is not official and is not maintained by the `wg-easy` team. If you have any issues with the dashboard, please contact the author of the dashboard.
-See [#1299](https://github.com/wg-easy/wg-easy/pull/1299) for more information.
-///
+ The Grafana dashboard is not official and is not maintained by the `wg-easy` team. If you have any issues with the dashboard, please contact the author of the dashboard.
+ See [#1299](https://github.com/wg-easy/wg-easy/pull/1299) for more information.
diff --git a/docs/content/assets/fonts/InterVariable.woff2 b/docs/content/assets/fonts/InterVariable.woff2
new file mode 100644
index 00000000..5a8d3e72
Binary files /dev/null and b/docs/content/assets/fonts/InterVariable.woff2 differ
diff --git a/docs/content/assets/fonts/JetBrainsMonoVariable.woff2 b/docs/content/assets/fonts/JetBrainsMonoVariable.woff2
new file mode 100644
index 00000000..856547f8
Binary files /dev/null and b/docs/content/assets/fonts/JetBrainsMonoVariable.woff2 differ
diff --git a/docs/content/assets/stylesheets/extra.css b/docs/content/assets/stylesheets/extra.css
new file mode 100644
index 00000000..ea48ef40
--- /dev/null
+++ b/docs/content/assets/stylesheets/extra.css
@@ -0,0 +1,18 @@
+@font-face {
+ font-family: 'Inter Variable';
+ src: url('/wg-easy/assets/fonts/InterVariable.woff2') format('woff2');
+ font-weight: 100 900;
+ font-display: swap;
+}
+@font-face {
+ font-family: 'JetBrains Mono';
+ src: url('/wg-easy/assets/fonts/JetBrainsMonoVariable.woff2')
+ format('woff2');
+ font-weight: 100 900;
+ font-display: swap;
+}
+
+:root {
+ --md-text-font: 'Inter Variable';
+ --md-code-font: 'JetBrains Mono';
+}
diff --git a/docs/content/contributing/issues-and-pull-requests.md b/docs/content/contributing/issues-and-pull-requests.md
index 92f36016..081d358d 100644
--- a/docs/content/contributing/issues-and-pull-requests.md
+++ b/docs/content/contributing/issues-and-pull-requests.md
@@ -6,17 +6,15 @@ This project is Open Source. That means that you can contribute on enhancements,
## Opening an Issue
-/// note | Attention
+!!! note "Attention"
-**Before opening an issue**, read the [`README`][github-file-readme] carefully, study the docs for your version (maybe [latest][docs-latest]) and your search engine you trust. The issue tracker is not meant to be used for unrelated questions!
-///
+ **Before opening an issue**, read the [`README`][github-file-readme] carefully, study the docs for your version (maybe [latest][docs-latest]) and your search engine you trust. The issue tracker is not meant to be used for unrelated questions!
When opening an issue, please provide details use case to let the community reproduce your problem.
-/// note | Attention
+!!! note "Attention"
-**Use the issue templates** to provide the necessary information. Issues which do not use these templates are not worked on and closed.
-///
+ **Use the issue templates** to provide the necessary information. Issues which do not use these templates are not worked on and closed.
By raising issues, I agree to these terms and I understand, that the rules set for the issue tracker will help both maintainers as well as everyone to find a solution.
@@ -36,10 +34,9 @@ When an option is marked with "not officially supported" / "unsupported", then s
## Pull Requests
-/// question | Motivation
+!!! question "Motivation"
-You want to add a feature? Feel free to start creating an issue explaining what you want to do and how you're thinking doing it. Other users may have the same need and collaboration may lead to better results.
-///
+ You want to add a feature? Feel free to start creating an issue explaining what you want to do and how you're thinking doing it. Other users may have the same need and collaboration may lead to better results.
### Submit a Pull-Request
diff --git a/docs/content/examples/tutorials/adguard.md b/docs/content/examples/tutorials/adguard.md
index 8f357b1c..1dded71f 100644
--- a/docs/content/examples/tutorials/adguard.md
+++ b/docs/content/examples/tutorials/adguard.md
@@ -8,11 +8,11 @@ This tutorial is a follow-up to the official [Traefik tutorial](./traefik.md). I
- A working [wg-easy](./basic-installation.md) and [Traefik](./traefik.md) setup from the previous guides.
-/// warning | Important: Following this guide will reset your WireGuard configuration.
-The process involves re-creating the `wg-easy` container and its data, which means **all existing WireGuard clients and settings will be deleted.**
+!!! warning "Important: Following this guide will reset your WireGuard configuration."
-You will need to create your clients again after completing this guide.
-///
+ The process involves re-creating the `wg-easy` container and its data, which means **all existing WireGuard clients and settings will be deleted.**
+
+ You will need to create your clients again after completing this guide.
## Add `adguard` configuration
@@ -151,13 +151,13 @@ networks:
2. Navigate to `https://adguard.$example.com$` to begin the AdGuard Home setup.
-/// warning | Important: Configure AdGuard Home Admin Web Interface Port
-During the initial AdGuard Home setup on the `Step 2/5` page, you **must** set the **Admin Web Interface Port** to **3000**. Do not use the default port 80, as it will not work with the Traefik configuration.
+!!! warning "Important: Configure AdGuard Home Admin Web Interface Port"
+
+ During the initial AdGuard Home setup on the `Step 2/5` page, you **must** set the **Admin Web Interface Port** to **3000**. Do not use the default port 80, as it will not work with the Traefik configuration.
-After completing the setup, the AdGuard UI might appear unresponsive. This is expected. **Simply reload the page**, and the panel will display correctly.
-///
+ After completing the setup, the AdGuard UI might appear unresponsive. This is expected. **Simply reload the page**, and the panel will display correctly.
-> If you accidentally left it default (80), you will need to manually edit the `docker-compose.yml` file for AdGuard Home (`/etc/docker/containers/adguard/docker-compose.yml`) and change the line `traefik.http.services.adguard.loadbalancer.server.port=3000` to `traefik.http.services.adguard.loadbalancer.server.port=80`. After making this change, restart AdGuard Home by navigating to `/etc/docker/containers/adguard` and running `sudo docker compose up -d`.
+ > If you accidentally left it default (80), you will need to manually edit the `docker-compose.yml` file for AdGuard Home (`/etc/docker/containers/adguard/docker-compose.yml`) and change the line `traefik.http.services.adguard.loadbalancer.server.port=3000` to `traefik.http.services.adguard.loadbalancer.server.port=80`. After making this change, restart AdGuard Home by navigating to `/etc/docker/containers/adguard` and running `sudo docker compose up -d`.
## Final System Checks
diff --git a/docs/content/examples/tutorials/caddy.md b/docs/content/examples/tutorials/caddy.md
index b3bc2d95..7bb08e1f 100644
--- a/docs/content/examples/tutorials/caddy.md
+++ b/docs/content/examples/tutorials/caddy.md
@@ -2,10 +2,9 @@
title: Caddy
---
-/// note | Opinionated
+!!! note "Opinionated"
-This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
-///
+ This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
We're using [Caddy](https://caddyserver.com/) here as reverse proxy to serve `wg-easy` on [https://wg-easy.example.com](https://wg-easy.example.com) via TLS.
diff --git a/docs/content/examples/tutorials/reverse-proxyless.md b/docs/content/examples/tutorials/reverse-proxyless.md
index 2dfc1191..d11ffaf1 100644
--- a/docs/content/examples/tutorials/reverse-proxyless.md
+++ b/docs/content/examples/tutorials/reverse-proxyless.md
@@ -2,12 +2,11 @@
title: No Reverse Proxy
---
-/// warning | Insecure
+!!! warning "Insecure"
-This is insecure. You should use a reverse proxy to secure the connection.
+ This is insecure. You should use a reverse proxy to secure the connection.
-Only use this method if you know what you are doing.
-///
+ Only use this method if you know what you are doing.
If you only allow access to the web UI from your local network, you can skip the reverse proxy setup. This is not recommended, but it is possible.
diff --git a/docs/content/examples/tutorials/routed.md b/docs/content/examples/tutorials/routed.md
index 3ed4070d..02d09fa5 100644
--- a/docs/content/examples/tutorials/routed.md
+++ b/docs/content/examples/tutorials/routed.md
@@ -58,10 +58,9 @@ Pick an IPv4 and IPv6 subnet for your clients and add static routes on your rout
### Example
-/// note | 2001:db8::/32
+!!! note "2001:db8::/32"
-The _documentation prefix_ `2001:db8::/32` (RFC 3849) used in this example is not meant for production use, replace it with your own ISP-assigned IPv6 prefix (GUA) or local prefix (ULA)
-///
+ The _documentation prefix_ `2001:db8::/32` (RFC 3849) used in this example is not meant for production use, replace it with your own ISP-assigned IPv6 prefix (GUA) or local prefix (ULA)
I want my WireGuard clients in `192.168.0.0/24` and `2001:db8:abc:0::/64`.
@@ -94,18 +93,16 @@ PostDown
iptables -D INPUT -p udp -m udp --dport {{port}} -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 -j ACCEPT; ip6tables -D INPUT -p udp -m udp --dport {{port}} -j ACCEPT; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -D FORWARD -o wg0 -j ACCEPT
```
-/// warning | Important: When using nftables use the following hooks instead.
+!!! warning "Important: When using nftables use the following hooks instead."
-PostUp
+ PostUp
-```shell
-nft add chain ip filter WG_EASY; nft add rule ip filter DOCKER-USER jump WG_EASY; nft add rule ip filter WG_EASY iifname {{device}} accept; nft add rule ip filter WG_EASY oifname {{device}} accept; nft add chain ip6 filter WG_EASY; nft add rule ip6 filter DOCKER-USER jump WG_EASY; nft add rule ip6 filter WG_EASY iifname {{device}} accept; nft add rule ip6 filter WG_EASY oifname {{device}} accept;
-```
+ ```shell
+ nft add chain ip filter WG_EASY; nft add rule ip filter DOCKER-USER jump WG_EASY; nft add rule ip filter WG_EASY iifname {{device}} accept; nft add rule ip filter WG_EASY oifname {{device}} accept; nft add chain ip6 filter WG_EASY; nft add rule ip6 filter DOCKER-USER jump WG_EASY; nft add rule ip6 filter WG_EASY iifname {{device}} accept; nft add rule ip6 filter WG_EASY oifname {{device}} accept;
+ ```
-PostDown
-
-```shell
-nft delete rule ip filter DOCKER-USER handle $(nft -a list chain ip filter DOCKER-USER | awk '/jump WG_EASY/ {print $NF}'); nft flush chain ip filter WG_EASY; nft delete chain ip filter WG_EASY; nft delete rule ip6 filter DOCKER-USER handle $(nft -a list chain ip6 filter DOCKER-USER | awk '/jump WG_EASY/ {print $NF}'); nft flush chain ip6 filter WG_EASY; nft delete chain ip6 filter WG_EASY
-```
+ PostDown
-///
+ ```shell
+ nft delete rule ip filter DOCKER-USER handle $(nft -a list chain ip filter DOCKER-USER | awk '/jump WG_EASY/ {print $NF}'); nft flush chain ip filter WG_EASY; nft delete chain ip filter WG_EASY; nft delete rule ip6 filter DOCKER-USER handle $(nft -a list chain ip6 filter DOCKER-USER | awk '/jump WG_EASY/ {print $NF}'); nft flush chain ip6 filter WG_EASY; nft delete chain ip6 filter WG_EASY
+ ```
diff --git a/docs/content/examples/tutorials/traefik.md b/docs/content/examples/tutorials/traefik.md
index 51b9e134..38e962a7 100644
--- a/docs/content/examples/tutorials/traefik.md
+++ b/docs/content/examples/tutorials/traefik.md
@@ -2,10 +2,9 @@
title: Traefik
---
-/// note | Opinionated
+!!! note "Opinionated"
-This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
-///
+ This guide is opinionated. If you use other conventions or folder layouts, feel free to change the commands and paths.
## Create docker compose project
diff --git a/docs/content/faq.md b/docs/content/faq.md
index e39bae4c..da872f31 100644
--- a/docs/content/faq.md
+++ b/docs/content/faq.md
@@ -1,7 +1,5 @@
---
title: FAQ
-hide:
- - navigation
---
Here are some frequently asked questions or errors about `wg-easy`. If you have a question that is not answered here, please feel free to open a discussion on GitHub.
diff --git a/docs/content/getting-started.md b/docs/content/getting-started.md
index 406fbf90..836e199a 100644
--- a/docs/content/getting-started.md
+++ b/docs/content/getting-started.md
@@ -1,7 +1,5 @@
---
title: Getting Started
-hide:
- - navigation
---
This page explains how to get started with `wg-easy`. The guide uses Docker Compose as a reference. In our examples, we mount the named volume `etc_wireguard` to `/etc/wireguard` inside the container.
@@ -20,11 +18,10 @@ There are a few requirements for a suitable host system:
1. You need to have a container runtime installed
-/// note | About the Container Runtime
+!!! note "About the Container Runtime"
-On the host, you need to have a suitable container runtime (like _Docker_ or _Podman_) installed. We assume [_Docker Compose_][docker-compose] is [installed][docker-compose-installation]. We have aligned file names and configuration conventions with the latest [Docker Compose specification][docker-compose-specification].
-If you're using podman, make sure to read the related [documentation][docs-podman].
-///
+ On the host, you need to have a suitable container runtime (like _Docker_ or _Podman_) installed. We assume [_Docker Compose_][docker-compose] is [installed][docker-compose-installation]. We have aligned file names and configuration conventions with the latest [Docker Compose specification][docker-compose-specification].
+ If you're using podman, make sure to read the related [documentation][docs-podman].
[docker-compose]: https://docs.docker.com/compose/
[docker-compose-installation]: https://docs.docker.com/compose/install/
@@ -66,9 +63,8 @@ When publishing a tag we follow the [Semantic Versioning][semver] specification.
- [Simple Installation with Docker Run](./examples/tutorials/docker-run.md)
- [Advanced Installation with Podman](./examples/tutorials/podman-nft.md)
-/// danger | Use the Correct Commands For Stopping and Starting `wg-easy`
+!!! danger "Use the Correct Commands For Stopping and Starting `wg-easy`"
-**Use `sudo docker compose up / down`, not `sudo docker compose start / stop`**. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.
-///
+ **Use `sudo docker compose up / down`, not `sudo docker compose start / stop`**. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.
**That's it! It really is that easy**.
diff --git a/docs/content/guides/admin.md b/docs/content/guides/admin.md
index 66c765b3..54693abb 100644
--- a/docs/content/guides/admin.md
+++ b/docs/content/guides/admin.md
@@ -10,11 +10,9 @@ Enable server-side firewall filtering to enforce network access restrictions per
When enabled, each client can have custom "Firewall Allowed IPs" configured that restrict which destinations they can access through the VPN. These restrictions are enforced by the server using iptables/ip6tables and cannot be bypassed by the client.
-/// warning | Experimental Feature
+!!! warning "Experimental Feature"
-This feature is currently experimental. While functional, it should be thoroughly tested in your environment before relying on it for production security requirements. Always verify that firewall rules are working as expected using test traffic or by manually inspecting the rules.
-
-///
+ This feature is currently experimental. While functional, it should be thoroughly tested in your environment before relying on it for production security requirements. Always verify that firewall rules are working as expected using test traffic or by manually inspecting the rules.
**Requirements:**
@@ -22,9 +20,9 @@ This feature is currently experimental. While functional, it should be thoroughl
- `ip6tables` must be installed if IPv6 is enabled (default)
- The feature cannot be enabled if these tools are not available
-/// note
-Most Linux distributions include iptables by default. If you're running in a minimal container environment, you may need to install the `iptables` package on the host system.
-///
+!!! note
+
+ Most Linux distributions include iptables by default. If you're running in a minimal container environment, you may need to install the `iptables` package on the host system.
**Enable this feature if you want to:**
diff --git a/docs/content/guides/cli.md b/docs/content/guides/cli.md
index f563e427..70e69768 100644
--- a/docs/content/guides/cli.md
+++ b/docs/content/guides/cli.md
@@ -60,12 +60,10 @@ cli clients:qr
Replace `` with the actual client ID you want to show the QR code for.
-/// warning | IPv6 Support
+!!! warning "IPv6 Support"
-IPv6 support is enabled by default, even if you disabled it using environment variables. To disable it pass the `--no-ipv6` flag when running the CLI.
+ IPv6 support is enabled by default, even if you disabled it using environment variables. To disable it pass the `--no-ipv6` flag when running the CLI.
-```shell
-cli clients:qr --no-ipv6
-```
-
-///
+ ```shell
+ cli clients:qr --no-ipv6
+ ```
diff --git a/docs/content/guides/clients.md b/docs/content/guides/clients.md
index 6314adac..e4ecb502 100644
--- a/docs/content/guides/clients.md
+++ b/docs/content/guides/clients.md
@@ -23,11 +23,9 @@ Use the Firewall Allowed IPs feature to prevent access to IP ranges that the use
## Firewall Allowed IPs
-/// note | Attention
+!!! note "Attention"
-This field only appears when **Per-Client Firewall** is enabled in the Admin Panel → Interface settings.
-
-///
+ This field only appears when **Per-Client Firewall** is enabled in the Admin Panel → Interface settings.
Server-side firewall rules that restrict which destinations the client can access, regardless of their local configuration.
@@ -46,14 +44,12 @@ Unlike "Allowed IPs" which only controls routing on the client side, these rules
- `[2001:db8::1]:443` - IPv6 address with port (brackets required)
- `[2001:db8::/32]:443/tcp` - IPv6 CIDR with port and protocol
-/// warning | Invalid Formats
-
-Protocol specifiers (`/tcp` or `/udp`) require a port number. The following formats are **not supported** and will result in an error:
+!!! warning "Invalid Formats"
-- `10.10.0.3/tcp` (use `10.10.0.3:443/tcp` instead)
-- `10.10.0.0/24/udp` (use `10.10.0.0/24:53/udp` instead)
+ Protocol specifiers (`/tcp` or `/udp`) require a port number. The following formats are **not supported** and will result in an error:
-///
+ - `10.10.0.3/tcp` (use `10.10.0.3:443/tcp` instead)
+ - `10.10.0.0/24/udp` (use `10.10.0.0/24:53/udp` instead)
**Behavior:**
@@ -61,9 +57,9 @@ Protocol specifiers (`/tcp` or `/udp`) require a port number. The following form
- **Specified**: Only listed destinations are accessible (allow-only, everything else is blocked)
- **Disable for specific client**: To disable firewall filtering for a single client while keeping it enabled for others, add `0.0.0.0/0, ::/0` to allow all traffic
-/// note
-To allow clients to reach the VPN server itself (e.g. for DNS), include the server's VPN address in the firewall allowed IPs.
-///
+!!! note
+
+ To allow clients to reach the VPN server itself (e.g. for DNS), include the server's VPN address in the firewall allowed IPs.
**Use Case Examples**:
diff --git a/docs/content/index.md b/docs/content/index.md
index e15fd9c0..809a4afa 100644
--- a/docs/content/index.md
+++ b/docs/content/index.md
@@ -1,20 +1,15 @@
---
title: Home
-hide:
- - navigation
---
# Welcome to the Documentation for `wg-easy`
-/// info | This Documentation is Versioned
+!!! info "This Documentation is Versioned"
-**Make sure** to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to [the most recent stable release][docs-tagging].
-///
+ **Make sure** to select the correct version of this documentation! It should match the version of the image you are using. The default version corresponds to [the most recent stable release](./getting-started.md#tagging-convention).
This documentation provides you not only with the basic setup and configuration of `wg-easy` but also with advanced configuration, elaborate usage scenarios, detailed examples, hints and more.
-[docs-tagging]: ./getting-started.md#tagging-convention
-
## About
`wg-easy` is the easiest way to run WireGuard VPN + Web-based Admin UI.
diff --git a/docs/zensical.toml b/docs/zensical.toml
new file mode 100644
index 00000000..e0126426
--- /dev/null
+++ b/docs/zensical.toml
@@ -0,0 +1,97 @@
+[project]
+site_name = "wg-easy"
+site_description = "The easiest way to run WireGuard VPN + Web-based Admin UI."
+site_author = "WireGuard Easy"
+copyright = """
+
+© Wireguard Easy
+This project is licensed under AGPL-3.0-only.
+This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with Jason A. Donenfeld, ZX2C4 or Edge Security
+"WireGuard" and the "WireGuard" logo are registered trademarks of Jason A. Donenfeld
+
+"""
+
+repo_url = "https://github.com/wg-easy/wg-easy"
+repo_name = "wg-easy"
+
+edit_uri = "edit/master/docs/content"
+
+docs_dir = "content/"
+
+site_url = "https://wg-easy.github.io/wg-easy"
+
+extra_css = ["assets/stylesheets/extra.css"]
+
+[project.theme]
+variant = "modern"
+favicon = "assets/logo/favicon.png"
+logo = "assets/logo/logo.png"
+features = [
+ "navigation.instant",
+ "navigation.tabs",
+ "navigation.expand",
+ "navigation.path",
+ "navigation.top",
+ "content.action.edit",
+ "content.action.view",
+ "content.code.copy",
+ "content.code.annotate",
+]
+font = false
+
+[project.theme.icon]
+repo = "fontawesome/brands/github"
+
+# Palette toggle for automatic mode
+[[project.theme.palette]]
+media = "(prefers-color-scheme)"
+toggle.icon = "lucide/sun-moon"
+toggle.name = "Switch to light mode"
+
+# Palette toggle for light mode
+[[project.theme.palette]]
+media = "(prefers-color-scheme: light)"
+scheme = "default"
+primary = "grey"
+accent = "red"
+toggle.icon = "lucide/sun"
+toggle.name = "Switch to dark mode"
+
+# Palette toggle for dark mode
+[[project.theme.palette]]
+media = "(prefers-color-scheme: dark)"
+scheme = "slate"
+primary = "grey"
+accent = "red"
+toggle.icon = "lucide/moon"
+toggle.name = "Switch to system preference"
+
+[project.extra.version]
+provider = "mike"
+
+[project.markdown_extensions.admonition]
+
+[project.markdown_extensions.md_in_html]
+
+[project.markdown_extensions.toc]
+permalink = true
+
+[project.markdown_extensions.pymdownx.details]
+
+[project.markdown_extensions.pymdownx.emoji]
+emoji_generator = "zensical.extensions.emoji.to_svg"
+emoji_index = "zensical.extensions.emoji.twemoji"
+
+[project.markdown_extensions.pymdownx.highlight]
+anchor_linenums = true
+line_spans = "__span"
+pygments_lang_class = true
+
+[project.markdown_extensions.pymdownx.inlinehilite]
+
+[project.markdown_extensions.pymdownx.smartsymbols]
+
+[project.markdown_extensions.pymdownx.superfences]
+custom_fences = [
+ { name = "mermaid", class = "mermaid", format = "pymdownx.superfences.fence_code_format" },
+]
diff --git a/package.json b/package.json
index d95f8df9..78716d30 100644
--- a/package.json
+++ b/package.json
@@ -6,6 +6,7 @@
"cli:dev": "docker compose -f docker-compose.dev.yml run --build --rm -it wg-easy cli:dev",
"build": "docker build -t wg-easy .",
"docs:preview": "docker run --rm -it -p 8080:8080 -v ./docs:/docs squidfunk/mkdocs-material serve -a 0.0.0.0:8080",
+ "docs:test": "docker run --rm -it -p 8080:8080 -v ./docs:/docs zensical/zensical serve -a 0.0.0.0:8080",
"scripts:version": "bash scripts/version.sh",
"scripts:i18n": "bash scripts/i18n.sh",
"format:check:docs": "prettier --check docs"