Calmcacil/wg-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

bd sync: 2026-01-12 16:43:17

Browse Source
This commit is contained in:
Calmcacil
2026-01-12 16:43:17 +01:00
parent 719ce14235
commit 8f12aa36e2
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.beads/issues.jsonl
View File

@@ -1,12 +1,12 @@
{"id":"wg-admin-0va","title":"Add configuration backup and rollback","description":"Create backup functions: backup_config() (creates timestamped backups), restore_config(), auto-backup before destructive operations (add, remove, install). Store backups in /etc/wg-admin/backups/ with retention policy (e.g., keep last 10).","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.161279119+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:27:53.161279119+01:00"} {"id":"wg-admin-0va","title":"Add configuration backup and rollback","description":"Create backup functions: backup_config() (creates timestamped backups), restore_config(), auto-backup before destructive operations (add, remove, install). Store backups in /etc/wg-admin/backups/ with retention policy (e.g., keep last 10).","status":"in_progress","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.161279119+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:37:15.129911025+01:00"}
{"id":"wg-admin-0wc","title":"Remove hardcoded sensitive information","description":"Identify and remove all hardcoded sensitive values from wireguard.sh. Replace with config file reads. Remove: SERVER_DOMAIN (velkhana.calmcacil.dev), VPN_IP_RANGES, any other identifiable information. Document config file structure in README.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.158448895+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:27:53.158448895+01:00"} {"id":"wg-admin-0wc","title":"Remove hardcoded sensitive information","description":"Identify and remove all hardcoded sensitive values from wireguard.sh. Replace with config file reads. Remove: SERVER_DOMAIN (velkhana.calmcacil.dev), VPN_IP_RANGES, any other identifiable information. Document config file structure in README.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.158448895+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:43:08.224554317+01:00","closed_at":"2026-01-12T16:43:08.224554317+01:00","close_reason":"Removed all hardcoded sensitive information: SERVER_DOMAIN, VPN_IPV4_RANGE, VPN_IPV6_RANGE, DNS_SERVERS now configurable via /etc/wg-admin/config.conf. Added load_config() function. Created config.example template. Updated README with configuration documentation. All IP ranges in script now reference config variables."}
{"id":"wg-admin-1b9","title":"Update documentation for refactored scripts","description":"Update README.md and all documentation to reflect new architecture. Document: wg-install.sh usage (interactive prompts, WGI_ env vars), wg-client-manager commands (add, remove, list, show, qr), environment variable reference, security hardening features, backup/restore procedures. Update examples with new patterns.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:33:43.749727154+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:33:43.749727154+01:00","dependencies":[{"issue_id":"wg-admin-1b9","depends_on_id":"wg-admin-slj","type":"blocks","created_at":"2026-01-12T16:33:56.00899014+01:00","created_by":"Calmcacil"}]} {"id":"wg-admin-1b9","title":"Update documentation for refactored scripts","description":"Update README.md and all documentation to reflect new architecture. Document: wg-install.sh usage (interactive prompts, WGI_ env vars), wg-client-manager commands (add, remove, list, show, qr), environment variable reference, security hardening features, backup/restore procedures. Update examples with new patterns.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:33:43.749727154+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:33:43.749727154+01:00","dependencies":[{"issue_id":"wg-admin-1b9","depends_on_id":"wg-admin-slj","type":"blocks","created_at":"2026-01-12T16:33:56.00899014+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-2pl","title":"Improve nftables firewall configuration","description":"Enhance firewall rules based on best practices: add TCP MSS clamping for MTU issues, add connection tracking bypass (notrack) for WireGuard traffic, implement proper rate limiting, ensure ICMPv6 neighbor discovery is allowed, validate rules before applying with nft check.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.15783619+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:27:53.15783619+01:00"} {"id":"wg-admin-2pl","title":"Improve nftables firewall configuration","description":"Enhance firewall rules based on best practices: add TCP MSS clamping for MTU issues, add connection tracking bypass (notrack) for WireGuard traffic, implement proper rate limiting, ensure ICMPv6 neighbor discovery is allowed, validate rules before applying with nft check.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.15783619+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:37:11.050440729+01:00","closed_at":"2026-01-12T16:37:11.050440729+01:00","close_reason":"Improved nftables firewall configuration with TCP MSS clamping (1360), connection tracking bypass (notrack) for WireGuard UDP traffic, rate limiting for SSH (3/min) and WireGuard (10/s), ensured ICMPv6 neighbor discovery (including nd-router-* messages), and added nft check validation before applying rules."}
{"id":"wg-admin-37o","title":"Add security hardening","description":"Implement: client name sanitization with regex, pre-shared key (PSK) support option, proper temporary key cleanup with trap handlers, atomic config file operations (write to temp then mv), chmod 0600 for all key files, verify no hardcoded secrets in generated files.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.148392501+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:27:53.148392501+01:00"} {"id":"wg-admin-37o","title":"Add security hardening","description":"Implement: client name sanitization with regex, pre-shared key (PSK) support option, proper temporary key cleanup with trap handlers, atomic config file operations (write to temp then mv), chmod 0600 for all key files, verify no hardcoded secrets in generated files.","status":"in_progress","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.148392501+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:36:56.4897634+01:00"}
{"id":"wg-admin-abw","title":"Create wg-client-manager script","description":"Create new wg-client-manager script for client operations: add, remove, list, show, qr. Implement proper command parsing, use interactive 'read' with 'WGI_' environment variable overrides, call validation functions, use atomic config updates.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.150007325+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:48.570258431+01:00","dependencies":[{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-cwb","type":"blocks","created_at":"2026-01-12T16:28:20.280054863+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-37o","type":"blocks","created_at":"2026-01-12T16:28:20.299310073+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-lzl","type":"blocks","created_at":"2026-01-12T16:28:20.300924186+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-wsk","type":"blocks","created_at":"2026-01-12T16:28:20.354270061+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-0va","type":"blocks","created_at":"2026-01-12T16:28:21.926811217+01:00","created_by":"Calmcacil"}]} {"id":"wg-admin-abw","title":"Create wg-client-manager script","description":"Create new wg-client-manager script for client operations: add, remove, list, show, qr. Implement proper command parsing, use interactive 'read' with 'WGI_' environment variable overrides, call validation functions, use atomic config updates.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.150007325+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:48.570258431+01:00","dependencies":[{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-cwb","type":"blocks","created_at":"2026-01-12T16:28:20.280054863+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-37o","type":"blocks","created_at":"2026-01-12T16:28:20.299310073+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-lzl","type":"blocks","created_at":"2026-01-12T16:28:20.300924186+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-wsk","type":"blocks","created_at":"2026-01-12T16:28:20.354270061+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-abw","depends_on_id":"wg-admin-0va","type":"blocks","created_at":"2026-01-12T16:28:21.926811217+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-cwb","title":"Implement input validation functions","description":"Create robust validation functions: validate_client_name() (regex check for [a-zA-Z0-9_-]), validate_ip_availability(), validate_dns_servers(), validate_port_range(), validate_config_syntax(). Add validation before client creation and config changes.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.143579452+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:27:53.143579452+01:00"} {"id":"wg-admin-cwb","title":"Implement input validation functions","description":"Create robust validation functions: validate_client_name() (regex check for [a-zA-Z0-9_-]), validate_ip_availability(), validate_dns_servers(), validate_port_range(), validate_config_syntax(). Add validation before client creation and config changes.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.143579452+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:38:18.705584126+01:00","closed_at":"2026-01-12T16:38:18.705584126+01:00","close_reason":"Implemented all validation functions: validate_client_name(), validate_ip_availability(), validate_dns_servers(), validate_port_range(), validate_config_syntax(). Added validation calls in cmd_add and cmd_load_clients."}
{"id":"wg-admin-kfs","title":"Create configuration file format for WireGuard settings","description":"Design and implement /etc/wg-admin/config file to replace hardcoded values. Include: SERVER_DOMAIN, WG_PORT, VPN_IPV4_RANGE, VPN_IPV6_RANGE, WG_INTERFACE, DNS_SERVERS, and other configurable parameters. Support both file-based and environment variable override.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.148859434+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:29.339557739+01:00","closed_at":"2026-01-12T16:31:29.339557739+01:00","close_reason":"Config file approach replaced with interactive prompts using 'read', with 'WGI_' prefixed environment variable overrides. No persistent config file needed."} {"id":"wg-admin-kfs","title":"Create configuration file format for WireGuard settings","description":"Design and implement /etc/wg-admin/config file to replace hardcoded values. Include: SERVER_DOMAIN, WG_PORT, VPN_IPV4_RANGE, VPN_IPV6_RANGE, WG_INTERFACE, DNS_SERVERS, and other configurable parameters. Support both file-based and environment variable override.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.148859434+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:29.339557739+01:00","closed_at":"2026-01-12T16:31:29.339557739+01:00","close_reason":"Config file approach replaced with interactive prompts using 'read', with 'WGI_' prefixed environment variable overrides. No persistent config file needed."}
{"id":"wg-admin-lzl","title":"Add improved error handling and traps","description":"Implement: EXIT trap for cleanup on script interruption, pre-install validation (disk space, port availability, root check), rollback mechanism for failed operations, better error messages with actionable guidance, log all operations with timestamps.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.154445252+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:27:53.154445252+01:00"} {"id":"wg-admin-lzl","title":"Add improved error handling and traps","description":"Implement: EXIT trap for cleanup on script interruption, pre-install validation (disk space, port availability, root check), rollback mechanism for failed operations, better error messages with actionable guidance, log all operations with timestamps.","status":"in_progress","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.154445252+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:36:56.495419147+01:00"}
{"id":"wg-admin-qpy","title":"Refactor installation into wg-install.sh","description":"Extract install logic from wireguard.sh into dedicated wg-install.sh script. Handle: dependency checks, package installation, firewall setup (nftables), server key generation, interface initialization, systemd service setup. Use interactive 'read' prompts for settings with 'WGI_' prefixed environment variable overrides.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.151817177+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:48.566723974+01:00","dependencies":[{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-37o","type":"blocks","created_at":"2026-01-12T16:28:20.30398105+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-wsk","type":"blocks","created_at":"2026-01-12T16:28:20.305872992+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-0wc","type":"blocks","created_at":"2026-01-12T16:28:27.88358441+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-cwb","type":"blocks","created_at":"2026-01-12T16:28:27.890595849+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-2pl","type":"blocks","created_at":"2026-01-12T16:28:27.948214112+01:00","created_by":"Calmcacil"}]} {"id":"wg-admin-qpy","title":"Refactor installation into wg-install.sh","description":"Extract install logic from wireguard.sh into dedicated wg-install.sh script. Handle: dependency checks, package installation, firewall setup (nftables), server key generation, interface initialization, systemd service setup. Use interactive 'read' prompts for settings with 'WGI_' prefixed environment variable overrides.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.151817177+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:48.566723974+01:00","dependencies":[{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-37o","type":"blocks","created_at":"2026-01-12T16:28:20.30398105+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-wsk","type":"blocks","created_at":"2026-01-12T16:28:20.305872992+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-0wc","type":"blocks","created_at":"2026-01-12T16:28:27.88358441+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-cwb","type":"blocks","created_at":"2026-01-12T16:28:27.890595849+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-qpy","depends_on_id":"wg-admin-2pl","type":"blocks","created_at":"2026-01-12T16:28:27.948214112+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-slj","title":"Refactor WireGuard scripts into modular architecture","description":"Refactor monolithic wireguard.sh into two separate scripts: wg-install.sh for initial setup, wg-client-manager for client operations. Use interactive 'read' prompts with 'WGI_' prefixed environment variable overrides. Add validation functions, security hardening, and remove all hardcoded sensitive information from repository.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:18.232667092+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:55.321378801+01:00","dependencies":[{"issue_id":"wg-admin-slj","depends_on_id":"wg-admin-abw","type":"blocks","created_at":"2026-01-12T16:28:21.930404739+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-slj","depends_on_id":"wg-admin-qpy","type":"blocks","created_at":"2026-01-12T16:28:21.936380993+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-slj","depends_on_id":"wg-admin-0wc","type":"blocks","created_at":"2026-01-12T16:28:21.983754904+01:00","created_by":"Calmcacil"}]} {"id":"wg-admin-slj","title":"Refactor WireGuard scripts into modular architecture","description":"Refactor monolithic wireguard.sh into two separate scripts: wg-install.sh for initial setup, wg-client-manager for client operations. Use interactive 'read' prompts with 'WGI_' prefixed environment variable overrides. Add validation functions, security hardening, and remove all hardcoded sensitive information from repository.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:18.232667092+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:31:55.321378801+01:00","dependencies":[{"issue_id":"wg-admin-slj","depends_on_id":"wg-admin-abw","type":"blocks","created_at":"2026-01-12T16:28:21.930404739+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-slj","depends_on_id":"wg-admin-qpy","type":"blocks","created_at":"2026-01-12T16:28:21.936380993+01:00","created_by":"Calmcacil"},{"issue_id":"wg-admin-slj","depends_on_id":"wg-admin-0wc","type":"blocks","created_at":"2026-01-12T16:28:21.983754904+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-wsk","title":"Add configuration validation and syntax checking","description":"Implement validate_config_syntax() to check WireGuard config format before applying: verify [Interface] and [Peer] sections, check key format (44 base64 characters), validate IP addresses and CIDR notation, validate DNS format, ensure no duplicate public keys.","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.159692055+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:27:53.159692055+01:00"} {"id":"wg-admin-wsk","title":"Add configuration validation and syntax checking","description":"Implement validate_config_syntax() to check WireGuard config format before applying: verify [Interface] and [Peer] sections, check key format (44 base64 characters), validate IP addresses and CIDR notation, validate DNS format, ensure no duplicate public keys.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.159692055+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:38:35.611667005+01:00","closed_at":"2026-01-12T16:38:35.611667005+01:00","close_reason":"validate_config_syntax() implemented in previous task with full WireGuard config format validation: [Interface]/[Peer] sections, key format (44 base64 chars), IP/CIDR notation, DNS format, duplicate public key detection. Integrated into cmd_load_clients."}