Calmcacil/wg-admin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity

bd sync: 2026-01-12 18:04:46

Browse Source
This commit is contained in:
Calmcacil
2026-01-12 18:04:46 +01:00
parent 88d4ca79d1
commit c638800137
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.beads/issues.jsonl
View File

@@ -1,6 +1,6 @@
{"id":"wg-admin-0va","title":"Add configuration backup and rollback","description":"Create backup functions: backup_config() (creates timestamped backups), restore_config(), auto-backup before destructive operations (add, remove, install). Store backups in /etc/wg-admin/backups/ with retention policy (e.g., keep last 10).","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.161279119+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:44:03.357384383+01:00","closed_at":"2026-01-12T16:44:03.357384383+01:00","close_reason":"Implemented configuration backup and rollback functionality: added backup_config() function (creates timestamped backups in /etc/wg-admin/backups/), restore_config() function (interactive restore from backup), apply_retention_policy() (keeps last 10 backups), and auto-backup before destructive operations (install, add, remove commands)."}
{"id":"wg-admin-0wc","title":"Remove hardcoded sensitive information","description":"Identify and remove all hardcoded sensitive values from wireguard.sh. Replace with config file reads. Remove: SERVER_DOMAIN (velkhana.calmcacil.dev), VPN_IP_RANGES, any other identifiable information. Document config file structure in README.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.158448895+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:43:08.224554317+01:00","closed_at":"2026-01-12T16:43:08.224554317+01:00","close_reason":"Removed all hardcoded sensitive information: SERVER_DOMAIN, VPN_IPV4_RANGE, VPN_IPV6_RANGE, DNS_SERVERS now configurable via /etc/wg-admin/config.conf. Added load_config() function. Created config.example template. Updated README with configuration documentation. All IP ranges in script now reference config variables."}
{"id":"wg-admin-11o","title":"Implement backup operations","description":"Create backup functionality that saves WireGuard configs, client configs, and metadata to /etc/wg-admin/backups/ with timestamp. Set proper permissions (600 for sensitive files).","status":"open","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T17:03:30.288606376+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:03:30.288606376+01:00","dependencies":[{"issue_id":"wg-admin-11o","depends_on_id":"wg-admin-wf1","type":"blocks","created_at":"2026-01-12T17:04:36.19397874+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-11o","title":"Implement backup operations","description":"Create backup functionality that saves WireGuard configs, client configs, and metadata to /etc/wg-admin/backups/ with timestamp. Set proper permissions (600 for sensitive files).","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T17:03:30.288606376+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T18:04:45.62304371+01:00","closed_at":"2026-01-12T18:04:45.62304371+01:00","close_reason":"Implemented backup functionality with Backup struct (Name, Path, Operation, Timestamp, Size), CreateBackup(), ListBackups(), RestoreBackup() functions. Features: saves to /etc/wg-admin/backups/\u003ctimestamp\u003e/, creates backup-info.txt, 0600/0700 permissions, 10-backup retention policy, pre-restore safety backup. Integration: backup already called in client add/delete operations (wireguard/client.go). Backup package builds successfully.","dependencies":[{"issue_id":"wg-admin-11o","depends_on_id":"wg-admin-wf1","type":"blocks","created_at":"2026-01-12T17:04:36.19397874+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-1b9","title":"Update documentation for refactored scripts","description":"Update README.md and all documentation to reflect new architecture. Document: wg-install.sh usage (interactive prompts, WGI_ env vars), wg-client-manager commands (add, remove, list, show, qr), environment variable reference, security hardening features, backup/restore procedures. Update examples with new patterns.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:33:43.749727154+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T17:13:12.828613341+01:00","closed_at":"2026-01-12T17:13:12.828613341+01:00","close_reason":"Documentation updated on main branch. README.md reflects new wg-install.sh and wg-client-manager scripts, WGI_ environment variables, and all usage patterns.","dependencies":[{"issue_id":"wg-admin-1b9","depends_on_id":"wg-admin-slj","type":"blocks","created_at":"2026-01-12T16:33:56.00899014+01:00","created_by":"Calmcacil"}]}
{"id":"wg-admin-2pl","title":"Improve nftables firewall configuration","description":"Enhance firewall rules based on best practices: add TCP MSS clamping for MTU issues, add connection tracking bypass (notrack) for WireGuard traffic, implement proper rate limiting, ensure ICMPv6 neighbor discovery is allowed, validate rules before applying with nft check.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.15783619+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:37:11.050440729+01:00","closed_at":"2026-01-12T16:37:11.050440729+01:00","close_reason":"Improved nftables firewall configuration with TCP MSS clamping (1360), connection tracking bypass (notrack) for WireGuard UDP traffic, rate limiting for SSH (3/min) and WireGuard (10/s), ensured ICMPv6 neighbor discovery (including nd-router-* messages), and added nft check validation before applying rules."}
{"id":"wg-admin-37o","title":"Add security hardening","description":"Implement: client name sanitization with regex, pre-shared key (PSK) support option, proper temporary key cleanup with trap handlers, atomic config file operations (write to temp then mv), chmod 0600 for all key files, verify no hardcoded secrets in generated files.","status":"closed","priority":2,"issue_type":"task","owner":"Calmcacil@Raion","created_at":"2026-01-12T16:27:53.148392501+01:00","created_by":"Calmcacil","updated_at":"2026-01-12T16:44:11.582485544+01:00","closed_at":"2026-01-12T16:44:11.582485544+01:00","close_reason":"Implemented all security hardening features: client name sanitization with regex (validate_client_name function), pre-shared key (PSK) support with --psk option, proper temporary key cleanup with trap handlers (cleanup_handler), atomic config file operations (mktemp + mv), chmod 0600 for all key files, and verified no hardcoded secrets (keys generated dynamically or read from files)"}