DMC/wg-selfserve
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
wg-selfserve/config.ini.example
Erik Thuning ca3d536868 Added support for limited client validity 
A new /cron endpoint has been introduced, which triggers a cleanup routine.
The cleanup routine loops over all existing clients and deletes all that are
older than the value configured in config.ini.

Periodically calling the cron endpoint is the responsibility of the server admin.
2025-03-26 13:30:53 +01:00

70 lines
2.1 KiB
Plaintext
Raw Permalink Blame History

[frontend]
# The name of the instance as shown in the page title
site_name = Some Snazzy Name
# Optional:
# An absolute webserver path that returns a html fragment to replace the
# default <details> element in the topbox. The file must be located under
# the public/static/ subdirectory, and the path must begin with /static/.
topbox_content = /static/somefile.html
[wireguard]
# The name of the wireguard tunnel. Will among other things be used for
# the server config filename.
tunnel_id = some-interface-name
# The directory where all users' configs will be stored.
configs_base = some/writable/directory
# The DNS server to advertise to clients
dns_server = a.dns.server.ip
# The IP address and port a client will connect to
server_address = the.public.tunnel.ip
server_port = 51820
# Server keys
server_pubkey_file = path/to/keyfile
server_privkey_file = path/to/other/keyfile
# The network to assign client ip:s from
client_network = a.network.in.cidr/notation
# Optional:
# Any extra configuration directives to include in the config file.
# Will override defaults.
server_extra_config = path/to/a/conf/fragment
# Optional:
# Any extra configuration directives to include in client configs.
# Will override defaults.
client_extra_config = path/to/another/fragment
# Optional:
# The maximum number of clients to allow per user.
# Defaults to unlimited, equivalent to setting this value to 0.
user_client_limit = 3
# Optional:
# The amount of time a client is valid after creation.
# Accepts strings of the format "N <time-units>", where time-units
# is days, weeks, months or years.
# Defaults to unlimited, equivalent to setting this value to 0.
user_client_validity = 0
[security]
# Optional.
# A comma-separated list of entitlements (as read from oauth) that should
# be required to access the site. Access is granted if the user has any of
# the listed entitlements.
required_entitlement = urn:mace:some:entitlement
[oauth]
authorization_url = https://oauth.example/authorize
token_url = https://oauth.example/exchange
introspection_url = https://oauth.example/introspect
client_id = some_id_string
client_secret = some_secret_string
Reference in New Issue View Git Blame Copy Permalink