fix: client config uses DB settings instead of only env vars

build_client_config was reading defaults (allowed IPs, DNS, endpoint, MTU, keepalive) from env vars only, ignoring the values set in the admin Settings page. Now reads from the Configuration DB table first, falling back to env vars when no DB config exists.
2026-03-31 00:17:29 -05:00 · 2026-03-31 00:17:29 -05:00 · 9aa58fbf22
commit 9aa58fbf22
parent d3705d224b
3 changed files with 42 additions and 9 deletions
--- a/wiregui/pages/admin/devices.py
+++ b/wiregui/pages/admin/devices.py
@ -127,7 +127,11 @@ async def admin_devices_page():

            # Build config and show dialog immediately — don't wait for WG/firewall
            server_pubkey = await get_server_public_key()
-            config_text = build_client_config(device, private_key, server_pubkey)
+            async with async_session() as session:
+                from sqlmodel import select as sel
+                from wiregui.models.configuration import Configuration
+                db_config = (await session.execute(sel(Configuration).limit(1))).scalar_one_or_none()
+            config_text = build_client_config(device, private_key, server_pubkey, db_config)

            create_dialog.close()
            _reset_create_form()
--- a/wiregui/pages/devices.py
+++ b/wiregui/pages/devices.py
@ -112,7 +112,11 @@ async def devices_page():

            # Build config and show dialog immediately — don't wait for WG/firewall
            server_pubkey = await get_server_public_key()
-            config_text = build_client_config(device, private_key, server_pubkey)
+            async with async_session() as session:
+                from sqlmodel import select as sel
+                from wiregui.models.configuration import Configuration
+                db_config = (await session.execute(sel(Configuration).limit(1))).scalar_one_or_none()
+            config_text = build_client_config(device, private_key, server_pubkey, db_config)

            create_dialog.close()
            _reset_create_form()
--- a/wiregui/utils/wg_conf.py
+++ b/wiregui/utils/wg_conf.py
@ -1,6 +1,7 @@
 """Build WireGuard client configuration files."""

 from wiregui.config import get_settings
+from wiregui.models.configuration import Configuration
 from wiregui.models.device import Device


@ -8,16 +9,40 @@ def build_client_config(
    device: Device,
    private_key: str,
    server_public_key: str,
+    db_config: Configuration | None = None,
 ) -> str:
-    """Build a WireGuard [Interface]+[Peer] config string for a device."""
+    """Build a WireGuard [Interface]+[Peer] config string for a device.
+
+    Uses DB Configuration for client defaults when available,
+    falls back to env-based Settings.
+    """
    settings = get_settings()

-    # Resolve per-device or default values
-    dns = device.dns if not device.use_default_dns else settings.wg_dns
-    endpoint_host = device.endpoint if not device.use_default_endpoint else settings.wg_endpoint_host
-    mtu = device.mtu if not device.use_default_mtu else settings.wg_mtu
-    keepalive = device.persistent_keepalive if not device.use_default_persistent_keepalive else settings.wg_persistent_keepalive
-    allowed_ips = device.allowed_ips if not device.use_default_allowed_ips else settings.wg_allowed_ips
+    # Resolve per-device overrides → DB config defaults → env var defaults
+    if device.use_default_dns:
+        dns = db_config.default_client_dns if db_config and db_config.default_client_dns else settings.wg_dns
+    else:
+        dns = device.dns
+
+    if device.use_default_endpoint:
+        endpoint_host = db_config.default_client_endpoint if db_config and db_config.default_client_endpoint else settings.wg_endpoint_host
+    else:
+        endpoint_host = device.endpoint
+
+    if device.use_default_mtu:
+        mtu = db_config.default_client_mtu if db_config else settings.wg_mtu
+    else:
+        mtu = device.mtu
+
+    if device.use_default_persistent_keepalive:
+        keepalive = db_config.default_client_persistent_keepalive if db_config else settings.wg_persistent_keepalive
+    else:
+        keepalive = device.persistent_keepalive
+
+    if device.use_default_allowed_ips:
+        allowed_ips = db_config.default_client_allowed_ips if db_config and db_config.default_client_allowed_ips else settings.wg_allowed_ips
+    else:
+        allowed_ips = device.allowed_ips

    # Build address list
    addresses = []