wiregui

provvedo/wiregui

Fork 0

Commit graph

Author	SHA1	Message	Date
Stefano Bertelli	0edfc75821	feat: replace custom versioning with python-semantic-release Some checks failed Dev / test (push) Failing after 1m19s Details Dev / release (push) Has been skipped Details Dev / docker (push) Has been skipped Details Configure python-semantic-release for automated changelog and versioning: rc releases on dev branch, stable releases on main. Remove the custom bash version-bump and changelog scripts from both CI pipelines.	2026-03-31 23:36:42 -05:00
Stefano Bertelli	3bf6fabcff	feat: IdP provisioning from YAML file + Playwright e2e tests Some checks failed CI / test (push) Failing after 1m52s Details CI / release (push) Has been skipped Details CI / docker (push) Has been skipped Details Add WG_IDP_CONFIG_FILE env var to seed OIDC/SAML identity providers from a YAML file at startup, enabling GitOps and IaC workflows. Providers are upserted by id (merge strategy preserves manual additions). Convert all e2e tests from NiceGUI User fixture to Playwright async API with --headed and --slowmo flags for visual debugging. Add full OIDC login flow test against the mock-oidc service.	2026-03-31 14:23:31 -05:00
Stefano Bertelli	0546b44507	feat: initial WireGUI implementation — full VPN management platform Some checks failed CI / test (push) Failing after 26s Details CI / release (push) Has been skipped Details CI / docker (push) Has been skipped Details Complete Python/NiceGUI rewrite of the Wirezone (Elixir/Phoenix) VPN management platform. All 10 implementation phases delivered. Core stack: - NiceGUI reactive UI with SQLModel ORM on PostgreSQL (asyncpg) - Alembic migrations, Valkey/Redis cache, pydantic-settings config - WireGuard management via subprocess (wg/ip/nft CLIs) - 164 tests passing, 35% code coverage Features: - User/device/rule CRUD with admin and unprivileged roles - Full device config form with per-device WG overrides - WireGuard client config generation with QR codes - REST API (v0) with Bearer token auth for all resources - TOTP MFA with QR registration and challenge flow - OIDC SSO with authlib (provider registry, auto-create users) - Magic link passwordless sign-in via email - SAML SP-initiated SSO with IdP metadata parsing - WebAuthn/FIDO2 security key registration - nftables firewall with per-user chains and masquerade - Background tasks: WG stats polling, VPN session expiry, OIDC token refresh, WAN connectivity checks - Startup reconciliation (DB ↔ WireGuard state sync) - In-memory notification system with header badge - Admin UI: users, devices, rules, settings (3 tabs), diagnostics - Loguru logging with optional timestamped file output Deployment: - Multi-stage Dockerfile (python:3.13-slim) - Docker Compose prod stack (bridge networking, NET_ADMIN, nftables) - Forgejo CI: tests → semantic versioning → Docker registry push - Health endpoint at /api/health	2026-03-30 16:53:46 -05:00

Author

SHA1

Message

Date

Stefano Bertelli

0edfc75821

feat: replace custom versioning with python-semantic-release

Dev / test (push) Failing after 1m19s

Details

Dev / release (push) Has been skipped

Details

Dev / docker (push) Has been skipped

Details

Configure python-semantic-release for automated changelog and
versioning: rc releases on dev branch, stable releases on main.
Remove the custom bash version-bump and changelog scripts from
both CI pipelines.

2026-03-31 23:36:42 -05:00

Stefano Bertelli

3bf6fabcff

feat: IdP provisioning from YAML file + Playwright e2e tests

CI / test (push) Failing after 1m52s

Details

CI / release (push) Has been skipped

Details

CI / docker (push) Has been skipped

Details

Add WG_IDP_CONFIG_FILE env var to seed OIDC/SAML identity providers
from a YAML file at startup, enabling GitOps and IaC workflows.
Providers are upserted by id (merge strategy preserves manual additions).

Convert all e2e tests from NiceGUI User fixture to Playwright async API
with --headed and --slowmo flags for visual debugging. Add full OIDC
login flow test against the mock-oidc service.

2026-03-31 14:23:31 -05:00

Stefano Bertelli

0546b44507

feat: initial WireGUI implementation — full VPN management platform

CI / test (push) Failing after 26s

Details

CI / release (push) Has been skipped

Details

CI / docker (push) Has been skipped

Details

Complete Python/NiceGUI rewrite of the Wirezone (Elixir/Phoenix) VPN
management platform. All 10 implementation phases delivered.

Core stack:
- NiceGUI reactive UI with SQLModel ORM on PostgreSQL (asyncpg)
- Alembic migrations, Valkey/Redis cache, pydantic-settings config
- WireGuard management via subprocess (wg/ip/nft CLIs)
- 164 tests passing, 35% code coverage

Features:
- User/device/rule CRUD with admin and unprivileged roles
- Full device config form with per-device WG overrides
- WireGuard client config generation with QR codes
- REST API (v0) with Bearer token auth for all resources
- TOTP MFA with QR registration and challenge flow
- OIDC SSO with authlib (provider registry, auto-create users)
- Magic link passwordless sign-in via email
- SAML SP-initiated SSO with IdP metadata parsing
- WebAuthn/FIDO2 security key registration
- nftables firewall with per-user chains and masquerade
- Background tasks: WG stats polling, VPN session expiry,
  OIDC token refresh, WAN connectivity checks
- Startup reconciliation (DB ↔ WireGuard state sync)
- In-memory notification system with header badge
- Admin UI: users, devices, rules, settings (3 tabs), diagnostics
- Loguru logging with optional timestamped file output

Deployment:
- Multi-stage Dockerfile (python:3.13-slim)
- Docker Compose prod stack (bridge networking, NET_ADMIN, nftables)
- Forgejo CI: tests → semantic versioning → Docker registry push
- Health endpoint at /api/health

2026-03-30 16:53:46 -05:00

3 commits