LibrePortal/containers/wireguard/wireguard.config
librelad 875a60f90f LibrePortal v0.1.0 — initial release
A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys,
Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun
VPN routing, and a web dashboard to manage it all.

Free & open forever to self-host; optional paid hosted services fund it.
See PROMISE.md.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-21 20:37:54 +01:00

79 lines
4.1 KiB
Plaintext
Executable File

#
# =============================================================================
# GENERAL CONFIGURATION
# =============================================================================
# APP_NAME = name of application for use in scripts
# COMPOSE_FILE = default for no app_name in docker-compose file name, app if there is
# BACKUP = if true, include this application in backup operations
# HEALTHCHECK = if true, default docker health checks for that container will be enabled
# AUTHELIA = if true, use Authelia authentication, if false turned off.
# HEADSCALE = options : false, local, remote (see general config). e.g false or local,remote
# MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed)
#
CFG_WIREGUARD_APP_NAME=wireguard
CFG_WIREGUARD_SUBNET=
CFG_WIREGUARD_BACKUP=true
CFG_WIREGUARD_COMPOSE_FILE=default
CFG_WIREGUARD_HEALTHCHECK=true
CFG_WIREGUARD_AUTHELIA=false
CFG_WIREGUARD_HEADSCALE=false
CFG_WIREGUARD_MONITORING=false
#
# =============================================================================
# APPLICATION CONFIGURATION
# =============================================================================
# PASSWORD = plain text password for Web UI (will be automatically converted to bcrypt hash)
# WG_HOST = server hostname/IP that clients will connect to
# WG_DEFAULT_ADDRESS = VPN subnet for clients
# WG_MTU = MTU size for VPN connections
# WG_ALLOWED_IPS = allowed IP ranges for VPN clients
#
CFG_WIREGUARD_PASSWORD=RANDOMIZEDPASSWORD1
#
# =============================================================================
# METADATA
# =============================================================================
# CATEGORY = application category for grouping
# TITLE = display name for the application
# DESCRIPTION = short description of the application
# LONG_DESCRIPTION = detailed description of the application
# URL = source repository or documentation URL
# ACTIONS = available actions for this application
#
CFG_WIREGUARD_CATEGORY="networking,recommended"
CFG_WIREGUARD_TITLE="Wireguard Easy"
CFG_WIREGUARD_DESCRIPTION="VPN Server"
CFG_WIREGUARD_LONG_DESCRIPTION="WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography"
CFG_WIREGUARD_URL="https://github.com/WireGuard/wireguard-tools"
CFG_WIREGUARD_ACTIONS="configure|install|restart|shutdown|uninstall"
#
# =============================================================================
# NETWORK CONFIGURATION
# =============================================================================
# DOMAIN = number of domain from the general config, useful when using multiple domains
# HOST_NAME = subdomain name e.g test is the name for test.website.com
# WHITELIST = if true only allow whitelisted ips on traefik, if false allow all
#
CFG_WIREGUARD_DOMAIN=1
CFG_WIREGUARD_WHITELIST=false
CFG_WIREGUARD_HOST_NAME=wireguard
CFG_WIREGUARD_NETWORK=default
#
# =============================================================================
# PORT CONFIGURATION
# =============================================================================
# PORT_ = port configuration: app|name|external:internal|access|protocol|login|traefik|webui|description
# - app: application name
# - name: service identifier (webui, api, ssh, etc.)
# - external:internal: port mapping (external can be 'random' for auto-allocation)
# - access: 'public' (internet accessible), 'private' (local network only), 'disabled' (not running)
# - protocol: 'tcp' or 'udp'
# - login: if true, this port requires basic-auth via Traefik (only meaningful when traefik=true)
# - traefik: if true, Traefik handles this port (reverse proxy)
# - webui: if true, this port serves the main web interface
# - description: human-readable description of the service
#
CFG_WIREGUARD_PORT_1="wireguard-service|webui|random:51821|public|tcp|false|true|true|Web Interface|"
CFG_WIREGUARD_PORT_2="wireguard-service|vpn|random:51820|public|udp|false|false|false|VPN Server|"
CFG_WIREGUARD_PORT_3="wireguard-exporter|metrics|9586:9586|disabled|tcp|false|false|false|Metrics Exporter (shares wireguard-service netns)|"