Before this commit, the default was to not validate TLS certificates of
the SMTP server. This is perhaps a rather unexpected default and can be
considered insecure. This commit activates mail server TLS cert validation
by default.
This change might break some users' email configuration, if they did not
explicitly set the `mail.cert_validation` config variable. Nonetheless,
I think that the secure option should be the default option (e.g.,
to prevent man-in-the-middle attacks and breaching mail server login
credentials).
Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
Before this fix, a too early `return` statement terminated the
`updateLdapUsers()` function, whenever one not already existing user was
created. Therefore, in each LDAP sync a maximum of one new user could be
created (i.e., it took x LDAP sync cycles until x new LDAP users are
registered in wg-portal). Depending on the LDAP `sync_interval` this can
take a long time and produces unecessary long waiting times until users
are available in wg-portal.
Removing the early return statement, and move the remainder of the
function into an `else` statement, so that all new users can be
added in a single LDAP sync.
Also adding a debug statement to better trace the behavior.
Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com>
Public REST API implementation to handle peers, interfaces and users. It also includes some simple provisioning endpoints.
The Swagger API documentation is available under /api/v1/doc.html
* Added TLS support for web
- Added optional configurations `cert_file` and `key_file` to run web server with https
Signed-off-by: Dmytro Bondar <git@bonddim.com>
* Helm chart update
- Refactored Ingress to use one host only (`config.web.external_url` is required)
- Added Certificate resource template (secret is mounted to container into `/app/certs/`)
- Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP)
- Added helm-docs target to makefile
- Changed pod labels to use selectorLabels
- Removed default probes (app runs without healthy web)
- Removed sections from README
Signed-off-by: Dmytro Bondar <git@bonddim.com>
* Fix chart workflow path filter
* Fix chart lint issue
* Skip clean-up tested chart
* Try k3d cluster
---------
Signed-off-by: Dmytro Bondar <git@bonddim.com>
* fix: autosave wireguard conf files
- Fix subscription to Interface and Peer updates topics
- Remove admin permissions validation
- Update file on peer deletion
- Change save condition to configured storage path only, as initialized interface is not nil
* Added comment to peer config for prometheus exporter
