- scripts page: new card with Linux/macOS and Windows route commands
per peer that has advertised_routes, with OS tab switcher and copy buttons
- Made by Galyaviev moved from sidebar to bottom-center page footer on all pages
- page-footer style: Dancing Script 20px, clickable mailto:ruslan@ipcom.su
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Increase signature font: sidebar 18px, login 20px
- Wrap in <a href="mailto:ruslan@ipcom.su"> on all pages
- Remove wg.4mont.ru footer and divider from login page
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- peer_enable: make PSK optional, only pass --client-preshared-key if non-empty
- peer_enable: strip /32 suffix from client_address before passing to wg-peerctl
- All pages: add "Made by Galyaviev" in Dancing Script handwritten font
- login.html: styled login page with signature below card
- base.html: signature in sidebar footer
- style.css: .made-by Dancing Script style
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Click on peer name in the table to edit it inline.
Enter to save, Escape to cancel, blur also saves.
Saved via POST /peers/<id>/rename without page reload.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Resolve hostname via PTR record on peer endpoint IP.
Results cached in memory for 5 minutes to avoid latency.
Hostname shown below endpoint in the peers table.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Fix off-by-one bug in wg_dump(): handshake was read from parts[5] (rx_bytes),
now correctly reads from parts[4]; rx/tx shifted accordingly
- Run wg show via sudo to work under unprivileged wgadmin user
- Remove NoNewPrivileges from systemd service (needed for sudo)
- Merge Handshake column into Status badge (shows "online · 2м назад")
- Add humanize_ago() for human-readable handshake time
- Add next_free_ip() to suggest next available IP in new peer form
- Add device type quick-select buttons (Phone/Laptop/PC/Router/Server/Tablet)
- Placeholder in AllowedIPs now shows the real next free IP
- Traffic column shows ↓ rx / ↑ tx separately
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- CSRF protection on all POST forms (session token)
- ensure_schema() moved to module-level, removed from before_request
- gunicorn now binds to 127.0.0.1 only, runs as unprivileged user wgadmin
- nginx reverse proxy with HTTPS (Let's Encrypt, wg.4mont.ru)
- HTTP → HTTPS redirect before Basic Auth prompt
- Auth moved to nginx level (auth_basic), wg-peerctl called via sudo
- ufw firewall: only 22/80/443/51820 open
- fail2ban: SSH + nginx (5 attempts → 1h ban)
- Add Enable/Disable toggle buttons in peer table
- Add .conf file download route
- Light theme: white background, blue accent, subtle shadows
- Modern sidebar layout, styled badges, responsive forms
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ruslan
Ruslan