Calmcacil/wg-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

bd sync: 2026-01-12 17:21:52

Browse Source
This commit is contained in:
Calmcacil
2026-01-12 17:21:52 +01:00
parent 1c76b64e2f
commit 718432911b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.beads/issues.jsonl
View File

@@ -4,7 +4,7 @@
{"id":"wg-admin-1b9","title":"Update documentation for refactored scripts","description":"Update README.md and all documentation to reflect new architecture. Document: wg-install.sh usage (interactive prompts, WGI_ env vars), wg-client-manager commands (add, remove, list, show, qr), environment variable reference, security hardening features, backup/restore procedures. Update examples with new patterns.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:33:43.749727154+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:13:12.828613341+01:00","closed_at":"2026-01-12T17:13:12.828613341+01:00","close_reason":"Documentation updated on main branch. README.md reflects new wg-install.sh and wg-client-manager scripts, WGI_ environment variables, and all usage patterns.","dependencies":[{"issue_id":"wg-admin-1b9","depends_on_id":"wg-admin-slj","type":"blocks","created_at":"2026-01-12T16:33:56.00899014+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-2pl","title":"Improve nftables firewall configuration","description":"Enhance firewall rules based on best practices: add TCP MSS clamping for MTU issues, add connection tracking bypass (notrack) for WireGuard traffic, implement proper rate limiting, ensure ICMPv6 neighbor discovery is allowed, validate rules before applying with nft check.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.15783619+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:37:11.050440729+01:00","closed_at":"2026-01-12T16:37:11.050440729+01:00","close_reason":"Improved nftables firewall configuration with TCP MSS clamping (1360), connection tracking bypass (notrack) for WireGuard UDP traffic, rate limiting for SSH (3/min) and WireGuard (10/s), ensured ICMPv6 neighbor discovery (including nd-router-* messages), and added nft check validation before applying rules."}
{"id":"wg-admin-37o","title":"Add security hardening","description":"Implement: client name sanitization with regex, pre-shared key (PSK) support option, proper temporary key cleanup with trap handlers, atomic config file operations (write to temp then mv), chmod 0600 for all key files, verify no hardcoded secrets in generated files.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.148392501+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:44:11.582485544+01:00","closed_at":"2026-01-12T16:44:11.582485544+01:00","close_reason":"Implemented all security hardening features: client name sanitization with regex (validate_client_name function), pre-shared key (PSK) support with --psk option, proper temporary key cleanup with trap handlers (cleanup_handler), atomic config file operations (mktemp + mv), chmod 0600 for all key files, and verified no hardcoded secrets (keys generated dynamically or read from files)"}
{"id":"wg-admin-3d4","title":"Implement configuration loading system","description":"Implement configuration system to load /etc/wg-admin/config.conf using native Go or Viper library. Support environment variable overrides. Validate required config (SERVER_DOMAIN, WG_PORT, VPN_IPV4_RANGE, VPN_IPV6_RANGE, DNS_SERVERS). Provide clear error messages for missing config.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T17:02:57.198865993+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:04:03.828918596+01:00","dependencies":[{"issue_id":"wg-admin-3d4","depends_on_id":"wg-admin-4ji","type":"blocks","created_at":"2026-01-12T17:04:44.279588181+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-3d4","title":"Implement configuration loading system","description":"Implement configuration system to load /etc/wg-admin/config.conf using native Go or Viper library. Support environment variable overrides. Validate required config (SERVER_DOMAIN, WG_PORT, VPN_IPV4_RANGE, VPN_IPV6_RANGE, DNS_SERVERS). Provide clear error messages for missing config.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T17:02:57.198865993+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:21:51.863786437+01:00","closed_at":"2026-01-12T17:21:51.863786437+01:00","close_reason":"Configuration system implemented in internal/config/config.go. Loads from /etc/wg-admin/config.conf, supports environment variable overrides with WGI_ prefix, validates required fields (SERVER_DOMAIN, WG_PORT, CIDR formats). Provides helper methods for network extraction.","dependencies":[{"issue_id":"wg-admin-3d4","depends_on_id":"wg-admin-4ji","type":"blocks","created_at":"2026-01-12T17:04:44.279588181+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-4fb","title":"Set up basic TUI skeleton with Bubble Tea","description":"Create main TUI application entry point implementing Bubble Tea's Model-Update-View pattern. Set up root check and logging. Create empty screen types (list, add, detail, qr, help). Implement basic keyboard navigation (q=quit). Add status bar with version and help shortcut (?).","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T17:02:57.195332445+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:04:03.844815527+01:00","dependencies":[{"issue_id":"wg-admin-4fb","depends_on_id":"wg-admin-4ji","type":"blocks","created_at":"2026-01-12T17:04:26.666043249+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-4fb","depends_on_id":"wg-admin-3d4","type":"blocks","created_at":"2026-01-12T17:04:26.672887205+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-4ji","title":"Initialize Go module and project structure","description":"Initialize Go project with go mod init. Create directory structure following plan: cmd/, internal/config, internal/wireguard, internal/tui (screens, components, theme), internal/validation, internal/backup. Add README with project setup instructions.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T17:02:57.197740013+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:20:34.471816058+01:00","closed_at":"2026-01-12T17:20:34.471816058+01:00","close_reason":"Go module initialized, directory structure created (cmd/, internal/ subdirectories), dependencies added (bubbletea, lipgloss, bubbles, huh, qrterminal), basic TUI skeleton with Model-Update-View pattern implemented. Root check added. Builds successfully.","dependencies":[{"issue_id":"wg-admin-4ji","depends_on_id":"wg-admin-gp4","type":"blocks","created_at":"2026-01-12T17:04:26.670875524+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-69b","title":"Implement WireGuard client parsing","description":"Parse WireGuard client configuration files from /etc/wireguard/conf.d/client-*.conf. Extract client name, IPv4, IPv6, public key, and PSK status. Create Client struct. Handle file read errors and malformed configs. Validate config syntax.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T17:02:57.199808074+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:04:03.837012941+01:00","dependencies":[{"issue_id":"wg-admin-69b","depends_on_id":"wg-admin-4fb","type":"blocks","created_at":"2026-01-12T17:04:44.265421971+01:00","created_by":"Calmcacil"}]}