wg-portal
Example
{config, ...}: {
wg-portal = {
enable = true;
port = 51825;
settings = {
advanved.use_ip_v6 = false;
core = {
admin_user = "admin";
# Read admin password from env variable 'ADMIN_PASSWORD'
admin_password = "\${ADMIN_PASSWORD}";
};
};
# Provide the admin password env variable
extraEnv.ADMIN_PASSWORD.fromFile = config.sops.secrets."wg-portal/admin_password".path;
oidc = {
enable = true;
clientSecretFile = config.sops.secrets."wg-portal/authelia/client_secret".path;
clientSecretHash = "$pbkdf2-sha512$...";
};
};
}Stack Options
nps.stacks.wg-portal.containers.wg-portal
Alias of {option}services.podman.containers.wg-portal.
nps.stacks.wg-portal.enable
Whether to enable wg-portal.
nps.stacks.wg-portal.extraEnv
Extra environment variables to set for the container. Variables can be either set directly or sourced from a file (e.g. for secrets).
Can be used to pass secrets or other environment variables that are referenced in the settings.
attribute set of (null or boolean or signed integer or string or absolute path or (submodule)){ }{
ADMIN_PASSWORD = {
fromFile = "/run/secrets/secret_name";
};
}nps.stacks.wg-portal.oidc.adminGroup
Users of this group will be assigned admin rights
nps.stacks.wg-portal.oidc.clientSecretFile
The file containing the client secret for the OIDC client that will be registered in Authelia.
nps.stacks.wg-portal.oidc.clientSecretHash
The hashed client_secret. Will be set in the Authelia client config. For examples on how to generate a client secret, see
https://www.authelia.com/integration/openid-connect/frequently-asked-questions/#client-secret
nps.stacks.wg-portal.oidc.enable
Whether to enable OIDC login with Authelia. This will register an OIDC client in Authelia and setup the necessary configuration.
For details, see:
nps.stacks.wg-portal.oidc.userGroup
Users of this group will be able to log in
nps.stacks.wg-portal.port
The default port for the first Wireguard interface that will be set up in the UI. Will be exposed and passed as the 'start_listen_port' setting in the configuration.
16 bit unsigned integer; between 0 and 65535 (both inclusive)51820nps.stacks.wg-portal.settings
Settings for the wg-portal container. Will be converted to YAML and passed to the container.
See https://wgportal.org/latest/documentation/configuration/overview/
YAML 1.1 value{
core = {
admin = {
password = "\${ADMIN_PASSWORD}";
username = "admin";
};
};
}