# # ============================================================================= # GENERAL CONFIGURATION # ============================================================================= # APP_NAME = name of application for use in scripts # COMPOSE_FILE = default for no app_name in docker-compose file name, app if there is # BACKUP = if true, include this application in backup operations # HEALTHCHECK = if true, default docker health checks for that container will be enabled # AUTHELIA = if true, use Authelia authentication, if false turned off. # HEADSCALE = options : false, local, remote (see general config). e.g false or local,remote # MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed) # CFG_WIREGUARD_APP_NAME=wireguard CFG_WIREGUARD_SUBNET= CFG_WIREGUARD_BACKUP=true CFG_WIREGUARD_BACKUP_STRATEGY=auto CFG_WIREGUARD_COMPOSE_FILE=default CFG_WIREGUARD_HEALTHCHECK=true CFG_WIREGUARD_AUTHELIA=false CFG_WIREGUARD_HEADSCALE=false CFG_WIREGUARD_MONITORING=false # # ============================================================================= # APPLICATION CONFIGURATION # ============================================================================= # PASSWORD = plain text password for Web UI (will be automatically converted to bcrypt hash) # WG_HOST = server hostname/IP that clients will connect to # WG_DEFAULT_ADDRESS = VPN subnet for clients # WG_MTU = MTU size for VPN connections # WG_ALLOWED_IPS = allowed IP ranges for VPN clients # CFG_WIREGUARD_PASSWORD=RANDOMIZEDPASSWORD1 # # ============================================================================= # METADATA # ============================================================================= # CATEGORY = application category for grouping # TITLE = display name for the application # DESCRIPTION = short description of the application # LONG_DESCRIPTION = detailed description of the application # URL = source repository or documentation URL # ACTIONS = available actions for this application # CFG_WIREGUARD_CATEGORY="networking,recommended" CFG_WIREGUARD_TITLE="Wireguard Easy" CFG_WIREGUARD_DESCRIPTION="VPN Server" CFG_WIREGUARD_LONG_DESCRIPTION="WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography" CFG_WIREGUARD_URL="https://github.com/WireGuard/wireguard-tools" CFG_WIREGUARD_ACTIONS="configure|install|restart|shutdown|uninstall" # # ============================================================================= # NETWORK CONFIGURATION # ============================================================================= # DOMAIN = number of domain from the general config, useful when using multiple domains # WHITELIST = if true only allow whitelisted ips on traefik, if false allow all # CFG_WIREGUARD_DOMAIN=1 CFG_WIREGUARD_WHITELIST=false CFG_WIREGUARD_NETWORK=default # # ============================================================================= # PORT CONFIGURATION # ============================================================================= # PORT_ = port configuration: app|name|external:internal|access|protocol|login|traefik|webui|description # - app: application name # - name: service identifier (webui, api, ssh, etc.) # - external:internal: port mapping (external can be 'random' for auto-allocation) # - access: 'public' (internet accessible), 'private' (local network only), 'disabled' (not running) # - protocol: 'tcp' or 'udp' # - login: if true, this port requires basic-auth via Traefik (only meaningful when traefik=true) # - traefik: if true, Traefik handles this port (reverse proxy) # - webui: if true, this port serves the main web interface # - description: human-readable description of the service # CFG_WIREGUARD_PORT_1="wireguard-service|webui|random:51821|public|tcp|false|true|true|Web Interface|" CFG_WIREGUARD_PORT_2="wireguard-service|vpn|random:51820|public|udp|false|false|false|VPN Server|" CFG_WIREGUARD_PORT_3="wireguard-exporter|metrics|9586:9586|disabled|tcp|false|false|false|Metrics Exporter (shares wireguard-service netns)|"