wg-portal/config.yml.sample

# More information about the configuration can be found in the documentation: https://wgportal.org/master/documentation/overview/

advanced:
  log_level: trace

core:
  admin_user: test@test.de
  admin_password: secret
  create_default_peer: true
  create_default_peer_on_creation: false

web:
  external_url: http://localhost:8888
  request_logging: true

auth:
  ldap:
    - id: ldap1
      provider_name: company ldap
      display_name: Login with</br>LDAP
      url: ldap://ldap.yourcompany.local:389
      bind_user: ldap_wireguard@yourcompany.local
      bind_pass: super_Secret_PASSWORD
      base_dn: DC=YOURCOMPANY,DC=LOCAL
      login_filter: (&(objectClass=organizationalPerson)(mail={{login_identifier}})(!userAccountControl:1.2.840.113556.1.4.803:=2))
      admin_group: CN=WireGuardAdmins,OU=it,DC=YOURCOMPANY,DC=LOCAL
      sync_interval: 0  # sync disabled
      sync_filter: (&(objectClass=organizationalPerson)(!userAccountControl:1.2.840.113556.1.4.803:=2)(mail=*))
      registration_enabled: true
  oidc:
    - id: oidc1
      provider_name: google
      display_name: Login with</br>Google
      base_url: https://accounts.google.com
      client_id: the-client-id-1234.apps.googleusercontent.com
      client_secret: A_CLIENT_SECRET
      extra_scopes:
        - https://www.googleapis.com/auth/userinfo.email
        - https://www.googleapis.com/auth/userinfo.profile
      registration_enabled: true
    - id: oidc2
      provider_name: google2
      display_name: Login with</br>Google2
      base_url: https://accounts.google.com
      client_id: another-client-id-1234.apps.googleusercontent.com
      client_secret: A_CLIENT_SECRET
      extra_scopes:
        - https://www.googleapis.com/auth/userinfo.email
        - https://www.googleapis.com/auth/userinfo.profile
      registration_enabled: true
  oauth:
    - id: google_plain_oauth
      provider_name: google3
      display_name: Login with</br>Google3
      client_id: another-client-id-1234.apps.googleusercontent.com
      client_secret: A_CLIENT_SECRET
      auth_url: https://accounts.google.com/o/oauth2/v2/auth
      token_url: https://oauth2.googleapis.com/token
      user_info_url: https://openidconnect.googleapis.com/v1/userinfo
      scopes:
        - openid
        - email
        - profile
      field_map:
        email: email
        firstname: name
        user_identifier: sub
        is_admin: this-attribute-must-be-true
      registration_enabled: true
    - id: google_plain_oauth_with_groups
      provider_name: google4
      display_name: Login with</br>Google4
      client_id: another-client-id-1234.apps.googleusercontent.com
      client_secret: A_CLIENT_SECRET
      auth_url: https://accounts.google.com/o/oauth2/v2/auth
      token_url: https://oauth2.googleapis.com/token
      user_info_url: https://openidconnect.googleapis.com/v1/userinfo
      scopes:
        - openid
        - email
        - profile
        - i-want-some-groups
      field_map:
        email: email
        firstname: name
        user_identifier: sub
        user_groups: groups
      admin_mapping:
        admin_value_regex: ^true$
        admin_group_regex: ^admin-group-name$
      registration_enabled: true
      log_user_info: true