{"id":44406198,"url":"https://github.com/psimsa/wg-manage","last_synced_at":"2026-02-12T06:41:27.017Z","repository":{"id":39794759,"uuid":"348658451","full_name":"psimsa/wg-manage","owner":"psimsa","description":"An awesome command-line tool to manage Wireguard configurations.","archived":false,"fork":false,"pushed_at":"2026-02-11T10:31:53.000Z","size":162,"stargazers_count":39,"open_issues_count":8,"forks_count":2,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-11T18:31:03.145Z","etag":null,"topics":["golang","wireguard","yaml"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/psimsa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-03-17T09:55:09.000Z","updated_at":"2026-02-11T06:14:12.000Z","dependencies_parsed_at":"2026-02-11T13:12:48.012Z","dependency_job_id":null,"html_url":"https://github.com/psimsa/wg-manage","commit_stats":null,"previous_names":["ofcoursedude/wg-manage"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/psimsa/wg-manage","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psimsa%2Fwg-manage","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psimsa%2Fwg-manage/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psimsa%2Fwg-manage/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psimsa%2Fwg-manage/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/psimsa","download_url":"https://codeload.github.com/psimsa/wg-manage/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psimsa%2Fwg-manage/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29360644,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-12T01:03:07.613Z","status":"online","status_checked_at":"2026-02-12T02:00:06.911Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","wireguard","yaml"],"created_at":"2026-02-12T06:41:26.504Z","updated_at":"2026-02-12T06:41:27.006Z","avatar_url":"https://github.com/psimsa.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Go](https://github.com/ofcoursedude/wg-manage/actions/workflows/go.yml/badge.svg)](https://github.com/ofcoursedude/wg-manage/actions/workflows/go.yml)\n[![wg-manage on snapcraft](https://snapcraft.io/wg-manage/badge.svg)](https://snapcraft.io/wg-manage)\n\n# wg-manage\n\nA command line tool to centrally manage [Wireguard](https://www.wireguard.com/) configuration files - all config options are stored in one YAML file that is then used to generate the config files for each device. It supports all options found in wg config files including wg-quick extensions (e.g. Address, Post/Pre-Up/Down etc.). It also has a quickstart option that bootstraps configs for ready to run network (one server, two clients).\n\n# Motivation\n\nWireguard is great, but managing it can be pain in the butt. I created this tool to keep in sync two servers (endpoints) and roughly 10 clients across my home, google cloud, azure and my vacation home, ranging from Raspberry Pi Zero to my development laptop.\n\n# Installation\n\nThere are a few options to install:\n\n- Download a pre-built binary from the Releases page,\n- All commits to `main` are built with Github Actions and artifacts are published, so you can grab an executable for any build you see in the history, or\n- Simply git-clone the repo and build from source ([golang](https://golang.org) required)\n\nand, newly\n\n[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/wg-manage)\n\n\u003e Note: Though there are darwin binaries available, they are simply auto-built but untested. On Mac, you might be better off building your own.\n\n# Prerequisites\n\nThe only real prerequisite is to have a public IP address for your server with an open port. Wireguard official documentation often uses 51820, but you can pick whatevs, of course.\n\nAlso, Wireguard or OS-specific topics are not in scope of this guide.\n\n# Quickstart\n\nThe easiest way is to run the following two commands:\n\n```\nwg-manage bootstrap -endpoint \"\u003cpublic IP or fqdn\u003e:\u003cport\u003e\"\nwg-manage generate\n```\n\nThe first command creates a new YAML file with basic configuration (one server and two clients) and the second turns it into distinct config files that can be used with Wireguard's `wg-quick` command.\n\nOnce you're done, you can distribute the config files to the devices and fire up your wireguard network.\n\n\u003e **Please note:** The bootstrapped configuration includes PostUp and PostDown command sets for the server configuration, and so will probably fail, or misbehave, on systems without `sysctl` and `iptables` (haven't tried). Client configurations should work on any device (tried Linux and iOS)\n\n---\n\n# Adding and removing configurations\n\nAside from the `bootstrap` and `generate` commands, there are 3 more commands currently available:\n\n### `add`\n\nUsed to add a new computer (either client or server) to the configuration.\n\n### `remove`\n\nUsed to remove an existing computer from the configuration by either name or public key.\n\n\u003e **Note:** Once you remove the computer, its public and private keys will be lost and so reversing this operation is equal to adding a new computer.\n\nAfter adding or removing a computer, it is necessary to run the `generate` command again and re-distribute new config files.\n\n### `init`\n\nRunning this command will create a config file with all available options populated with dummy data. It can be helpful if you want to explore what options you have available.\n\n### `format`\n\nReformats the input config yaml file and outputs to stdout.\n\n### `recreate`\n\nThis command recreates all keys (private and public) in the yaml file. For safety reasons outputs to stdout.\n\n---\n\n# Other information\n\n## config files\n\nThe available options correspond to options available in config files for the [wg](https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8) and [wg-quick](https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8) tools as of 19-Mar-2021. Options specific for the wg-quick tool are in separate property, so you know what to remove from the yaml file if you want to use only the wg command.\n\n## overrides\n\nInformation generated for the `[peer]` section of each configuration is primarily controlled by that peer's record in the yaml config file. There is however an ability to add extra lines to a `[peer]` section not defined by that given peer. It is a list of strings specified by peer's public key. It might be helpful for example if you want to have extra addresses or routing rules.\nFor example:\n\n```yaml\n- name: My Phone\n  peerOverrides:\n    im/jE5i7pvvODrlGbRaZT35C+NnrRfeFYR4IwAqNUkk=:\n      - AllowedIPs=192.168.0.0/24\n```\n\nwill result in an extra line for peer with public key `im/jE5i7pvvODrlGbRaZT35C+NnrRfeFYR4IwAqNUkk=` (assuming that's your Server) in configuration file for `My Phone` which won't appear in other configuration files for this peer. So for `My Phone` the peer section will be:\n\n```\n[Peer]\n# Server\nPublicKey=im/jE5i7pvvODrlGbRaZT35C+NnrRfeFYR4IwAqNUkk=\nAllowedIPs=10.0.2.3/32\nEndpoint=\u003cendpoint info\u003e\nAllowedIPs=192.168.0.0/24\n```\n\nwhile for `My Laptop` it will be:\n\n```\n[Peer]\n# Server\nPublicKey=im/jE5i7pvvODrlGbRaZT35C+NnrRfeFYR4IwAqNUkk=\nAllowedIPs=10.0.2.2/32\nEndpoint=\u003cendpoint info\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsimsa%2Fwg-manage","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsimsa%2Fwg-manage","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsimsa%2Fwg-manage/lists"}