Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updating little aspects #420

Closed
wants to merge 12 commits into from
8 changes: 4 additions & 4 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,11 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v2
uses: actions/checkout@v3

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
Expand All @@ -53,7 +53,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
uses: github/codeql-action/autobuild@v3

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
Expand All @@ -67,4 +67,4 @@ jobs:
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
uses: github/codeql-action/analyze@v3
49 changes: 49 additions & 0 deletions .github/workflows/docker-analyzer.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Docker-Analyze

on:
schedule:
- cron: "0 0 * * *" # Daily at midnight UTC
workflow_dispatch:
inputs:
trigger-build:
description: 'Trigger a manual build and push'
default: 'true'

env:
DOCKER_IMAGE: dselen/wgdashboard

jobs:
docker_analyze:
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}

- name: Install Docker Scout
run: |
echo "Installing Docker Scout..."
curl -fsSL https://raw.githubusercontent.com/docker/scout-cli/main/install.sh | sh -s --
echo "Docker Scout installed successfully."

- name: Analyze Docker image with Docker Scout
id: analyze-image
run: |
echo "Analyzing Docker image with Docker Scout..."
docker scout cves ${{ env.DOCKER_IMAGE }}:latest > scout-results.txt
cat scout-results.txt
echo "Docker Scout analysis completed."

- name: Fail if critical CVEs are found
run: |
if grep -q "CRITICAL" scout-results.txt; then
echo "Critical vulnerabilities found! Failing the job."
exit 1
fi
38 changes: 38 additions & 0 deletions .github/workflows/docker-builder.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Docker-Build

on:
schedule:
- cron: "0 0 * * *" # Daily at midnight UTC
workflow_dispatch:
inputs:
trigger-build:
description: 'Trigger a manual build and push'
default: 'true'

env:
DOCKER_IMAGE: dselen/wgdashboard

jobs:
docker_build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_PASSWORD }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and export
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: ${{ env.DOCKER_IMAGE }}:latest
56 changes: 0 additions & 56 deletions .github/workflows/main.yml

This file was deleted.

16 changes: 8 additions & 8 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -18,18 +18,21 @@ RUN apk update \
iptables ip6tables openrc curl wireguard-tools \
sudo py3-psutil py3-bcrypt

# Using WGDASH -- like wg_net functionally as a ARG command. But it is needed in entrypoint.sh so it needs to be exported as environment variable.
# Using WGDASH is needed in entrypoint.sh so it needs to be exported as environment variable.
ENV WGDASH=/opt/wireguarddashboard

# Removing the Linux Image package to preserve space on the image, for this reason also deleting apt lists, to be able to install packages: run apt update.
# Set the volume to be used for WireGuard configuration persistency.
VOLUME /etc/wireguard
VOLUME ${WGDASH}

# Doing WireGuard Dashboard installation measures. Modify the git clone command to get the preferred version, with a specific branch for example.
RUN mkdir -p /setup/conf && mkdir /setup/app && mkdir ${WGDASH}

# Copy the basic working files.
COPY ./src /setup/app/src

# Set the volume to be used for WireGuard configuration persistency.
VOLUME /etc/wireguard
VOLUME ${WGDASH}
COPY ./wg-dashboard.ini /setup/conf/wg-dashboard.ini
COPY entrypoint.sh /entrypoint.sh

# Generate basic WireGuard interface. Echoing the WireGuard interface config for readability, adjust if you want it for efficiency.
# Also setting the pipefail option, verbose: https://github.com/hadolint/hadolint/wiki/DL4006.
Expand All @@ -51,9 +54,6 @@ DNS = ${global_dns}" > /setup/conf/wg0.conf \
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD sh -c 'pgrep gunicorn > /dev/null && pgrep tail > /dev/null' || exit 1

# Copy the basic entrypoint.sh script.
COPY entrypoint.sh /entrypoint.sh

# Exposing the default WireGuard Dashboard port for web access.
EXPOSE 10086
ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
10 changes: 6 additions & 4 deletions docker/compose.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
services:
wireguard-dashboard:
image: test:latest
image: dselen/wgdashboard:latest
restart: unless-stopped
container_name: wgdashboard
environment:
Expand All @@ -13,11 +13,13 @@ services:
- 10086:10086/tcp
- 51820:51820/udp
volumes: # Can be customized to only the /opt/wireguarddashboard/src/db folder with the /opt/wireguarddashboard/src/wg-dashboard.ini file.
- ./app:/opt/wireguarddashboard
- ./conf:/etc/wireguard
- conf:/etc/wireguard
- db:/opt/wireguarddashboard/db
- ini:/opt/wireguarddashboard/src/wg-dashboard.ini
cap_add:
- NET_ADMIN

volumes:
app:
conf:
db:
ini:
21 changes: 12 additions & 9 deletions entrypoint.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

echo "------------------------- START ----------------------------"
echo "Starting the WireGuard Dashboard Docker container."
echo "Working dir: ${WGDASH}"

ensure_installation() {
# When using a custom directory to store the files, this part moves over and makes sure the installation continues.
Expand All @@ -17,8 +18,7 @@ ensure_installation() {
. "${WGDASH}/src/venv/bin/activate"

# Extra step for Alpine
mv /usr/lib/python3.12/site-packages/psutil* "${WGDASH}"/src/venv/lib/python3.12/site-packages
mv /usr/lib/python3.12/site-packages/bcrypt* "${WGDASH}"/src/venv/lib/python3.12/site-packages
mv /usr/lib/python3.12/site-packages/{psutil*,bcrypt*} "${WGDASH}/src/venv/lib/python3.12/site-packages"

chmod +x "${WGDASH}"/src/wgd.sh
cd "${WGDASH}"/src || exit
Expand All @@ -31,20 +31,26 @@ ensure_installation() {

# This first step is to ensure the wg0.conf file exists, and if not, then its copied over from the ephemeral container storage.
if [ ! -f "/etc/wireguard/wg0.conf" ]; then
echo "Standard wg0 Configuration file not found, grabbing template."
echo "No wg0 Configuration file not found, grabbing a template from ephemerality."
cp -a "/setup/conf/wg0.conf" "/etc/wireguard/wg0.conf"

echo "Setting a secure private key."

local privateKey
privateKey=$(wg genkey)

sed -i "s|^PrivateKey =$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf
sed -i "s|^PrivateKey *=.*$|PrivateKey = ${privateKey}|g" /etc/wireguard/wg0.conf
echo "Done setting template."
else
echo "Existing wg0 configuration file found, using that."
fi

if [ ! -f "${WGDASH}/src/wg-dashboard.ini" ]; then
echo "No wg-dashboard.ini file not found, grabbing a template from ephemerality."
cp -a "/setup/conf/wg-dashboard.ini" "${WGDASH}/src/wg-dashboard.ini"
else
echo "Existing wg-dashboard.ini configuration file found, using that."
fi
}

# === CLEAN UP ===
Expand Down Expand Up @@ -84,7 +90,7 @@ clean_up() {

# === SET ENV VARS ===
set_envvars() {
#printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n"
printf "\n------------- SETTING ENVIRONMENT VARIABLES ----------------\n"

# Changing the DNS used for clients and the dashboard itself.
if [ "${global_dns}" != "$(grep "peer_global_dns = " /opt/wireguarddashboard/src/wg-dashboard.ini | awk '{print $NF}')" ]; then
Expand Down Expand Up @@ -114,9 +120,6 @@ start_core() {
printf "\n---------------------- STARTING CORE -----------------------\n"

echo "Activating Python venv and executing the WireGuard Dashboard service."
. "${WGDASH}"/src/venv/bin/activate
cd "${WGDASH}"/src || return
bash wgd.sh start &>> /dev/null

# Isolated peers feature, first converting the existing configuration files and the given names to arrays.
local configurations=(/etc/wireguard/*)
Expand Down Expand Up @@ -201,7 +204,7 @@ ensure_blocking() {

. "${WGDASH}"/src/venv/bin/activate
cd "${WGDASH}"/src || return
bash wgd.sh restart
bash wgd.sh start

sleep 1s
echo "Ensuring container continuation."
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -337,7 +337,7 @@ export default {
tooltip: {
callbacks: {
label: (tooltipItem) => {
return `${tooltipItem.formattedValue} MB/s`
return `${tooltipItem.formattedValue} Mb/s`
}
}
}
Expand All @@ -354,7 +354,7 @@ export default {
y:{
ticks: {
callback: (val, index) => {
return `${val} MB/s`
return `${val} Mb/s`
}
},
grid: {
Expand Down
32 changes: 32 additions & 0 deletions wg-dashboard.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
[Account]
username = admin
password = $2b$12$nGfoVvOilY8peew4vrRbl.pO1ENj6T8ey7VPBua/TwcHgxVXJXI8W
enable_totp = false
totp_verified = false
totp_key = 35NQDYTN6V6NB4TJMZFKGCJIB5YEIF3N

[Server]
wg_conf_path = /etc/wireguard
app_prefix =
app_ip = 0.0.0.0
app_port = 10086
auth_req = true
version = v4.0.4
dashboard_refresh_interval = 60000
dashboard_sort = status
dashboard_theme = dark
dashboard_api_key = false

[Peers]
peer_global_dns = 9.9.9.9
peer_endpoint_allowed_ip = 0.0.0.0/0
peer_display_mode = grid
remote_endpoint = 86.107.186.160
peer_mtu = 1420
peer_keep_alive = 21

[Other]
welcome_session = true

[Database]
type = sqlite
Loading