projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
85904d0c3659187e19d82cd736123d9b71fcb681
edgeguard-native/management-ui/src/i18n/locales/en/common.json
Debian 85904d0c36 feat: WireGuard (server + client + peers + QR) + shared UI components 
WireGuard
---------
* Migration 0013: wireguard_interfaces (server|client mode, key envelope-
  encrypted) + wireguard_peers (per-server roster). Drop old empty
  0005-Schema (Option-A peer_type, kein Iface-FK), neuer Aufbau mit
  zwei Tabellen + FK.
* internal/services/secrets: Box mit AES-256-GCM, Master-Key in
  /var/lib/edgeguard/.master_key (lazy-create, 0600). Sealed/Open
  für PrivateKey + PSK.
* internal/services/wireguard: KeyGen (Curve25519 mit clamping),
  PublicFromPrivate (für Import), InterfacesRepo, PeersRepo, Importer
  (parst /etc/wireguard/*.conf, server vs. client heuristisch nach
  ListenPort + Peer-Anzahl).
* internal/wireguard: Renderer schreibt /etc/edgeguard/wireguard/<iface>.conf
  (0600), restartet wg-quick@<iface> via sudo (sudoers im postinst
  erweitert). Idempotent — re-render nur wenn content geändert.
* internal/handlers/wireguard.go: REST CRUD für interfaces+peers,
  /generate-keypair, /peers/:id/config (text/plain wg-quick conf),
  /peers/:id/qr (PNG via go-qrcode). Auto-reload nach Mutation.
* edgeguard-ctl wg-import [--path /etc/wireguard]: liest existierende
  conf-Files in die DB. Idempotent (überspringt vorhandene Iface-Namen).

Shared UI components (proxy-lb-waf design pattern)
--------------------------------------------------
* PageHeader: icon + title + subtitle + extras row, einheitlich oben
  auf jeder Page.
* ActionButtons: Edit + Delete combo mit Popconfirm + Tooltip.
* StatusDot: AntD Badge pattern statt "Yes/No" — schneller scanbar
  in dichten Tabellen.
* DataTable: pageSizeOptions [20,50,100,200] + extraActions-Alias +
  optional renderMobileCard für Card-Liste auf < md Breakpoint.
* enterprise.css: .page-header* + .datatable-toolbar Klassen.

Frontend WireGuard
------------------
* /vpn/wireguard mit zwei Tabs (Server / Client) im neuen Pattern.
* Server-Tab: Modal mit Generate-Keypair-Toggle, Peer-Roster im
  Drawer per Server. Pro Peer: QR-Code-Modal + .conf-Download.
* Client-Tab: Upstream-Card im Modal, full-tunnel-Default
  (0.0.0.0/0,::/0), Keepalive 25.
* i18n DE/EN für wg.* Block + common.* Erweiterung.

Misc
----
* Sidebar: WireGuard unter Security-Sektion.
* Nav-i18n: "Firewall (v2)" → "Firewall".
* Version 1.0.8 → 1.0.11.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 20:51:25 +02:00

370 lines
15 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
{
"app": {
"title": "EdgeGuard",
"subtitle": "Native reverse-proxy / VPN / firewall"
},
"nav": {
"dashboard": "Dashboard",
"domains": "Domains",
"backends": "Backends",
"routing": "Routing",
"networks": "Network interfaces",
"ipAddresses": "IP addresses",
"ssl": "SSL certificates",
"vpn": "VPN",
"wireguard": "WireGuard",
"firewall": "Firewall",
"cluster": "Cluster",
"settings": "Settings",
"section": {
"overview": "Overview",
"routing": "Routing",
"network": "Network",
"security": "Security",
"system": "System"
}
},
"fw": {
"title": "Firewall",
"intro": "Fortigate-style: rules built from zones × address objects/groups × services/service groups × action. NAT is separate. Top-down, first-match.",
"tabs": {
"rules": "Rules",
"nat": "NAT",
"zones": "Zones",
"addrObj": "Address objects",
"addrGrp": "Address groups",
"services": "Services",
"svcGrp": "Service groups"
},
"zone": {
"name": "Name",
"description": "Description",
"builtin": "built-in",
"builtinHint": "Built-in zones cannot be deleted — the renderer and anti-lockout rules depend on them.",
"builtinNameLocked": "Name is built-in — cannot be changed because existing rules and interfaces reference it.",
"namePattern": "Lowercase letters, digits, _ and -; must start with a letter, up to 32 chars.",
"add": "Add zone",
"edit": "Edit zone",
"deleteConfirm": "Really delete zone {{name}}?"
},
"ao": {
"name": "Name", "kind": "Kind", "value": "Value", "description": "Description",
"add": "Add address object", "edit": "Edit address object",
"deleteConfirm": "Really delete address object {{name}}?"
},
"ag": {
"name": "Name", "members": "Members", "description": "Description",
"add": "Add address group", "edit": "Edit address group",
"selectMembers": "Select address objects",
"deleteConfirm": "Really delete address group {{name}}?"
},
"svc": {
"name": "Name", "proto": "Protocol", "ports": "Ports",
"portStart": "Port (start)", "portEnd": "Port (end)",
"description": "Description", "builtinHint": "Built-in — not editable",
"add": "Add service", "edit": "Edit service",
"deleteConfirm": "Really delete service {{name}}?"
},
"sg": {
"name": "Name", "members": "Members", "description": "Description",
"add": "Add service group", "edit": "Edit service group",
"selectMembers": "Select services",
"deleteConfirm": "Really delete service group {{name}}?"
},
"rule": {
"name": "Name", "priority": "Priority", "enabled": "Enabled", "log": "Log",
"action": "Action", "src": "Source", "dst": "Destination", "service": "Service",
"srcZone": "Source zone", "dstZone": "Dest. zone",
"srcKind": "Source kind", "dstKind": "Dest. kind",
"object": "Address object", "group": "Address group",
"serviceKind": "Service kind", "serviceGroup": "Service group",
"comment": "Comment",
"add": "Add rule", "edit": "Edit rule",
"deleteConfirm": "Really delete this rule?"
},
"nat": {
"name": "Name", "priority": "Priority", "kind": "Kind", "enabled": "Enabled",
"match": "Match", "target": "Target",
"inZone": "Ingress zone", "outZone": "Egress zone", "proto": "Protocol",
"matchSrcCidr": "Source CIDR (match)", "matchDstCidr": "Dest. CIDR (match)",
"matchDstCidrHint": "empty = any dest IP (e.g. box's public IP)",
"dportStart": "Port (start)", "dportEnd": "Port (end)",
"targetAddr": "Target address", "targetPortStart": "Target port (start)", "targetPortEnd": "Target port (end)",
"comment": "Comment",
"add": "Add NAT rule", "edit": "Edit NAT rule",
"deleteConfirm": "Really delete this NAT rule?"
},
"sys": {
"title": "System rules (always active)",
"chain": "Chain", "match": "Match", "action": "Action", "note": "Note",
"policy": "Default policy",
"policyValue": "Input DROP — everything must be explicitly allowed.",
"order": "Evaluation",
"orderValue": "System rules first, then operator rules top-down (priority asc, first-match).",
"lockout": "Anti-lockout",
"lockoutValue": "SSH (22) and the management UI (443) are always reachable — even the operator can't accidentally lock themselves out."
}
},
"networks": {
"title": "Network interfaces",
"intro": "Manage WAN, LAN, VLAN and bond interfaces. Read-only kernel discovery above; declared configuration below — runtime apply via systemd-networkd lands in a later release.",
"systemDiscovered": "System interfaces (read-only)",
"addInterface": "Add interface",
"editInterface": "Edit interface",
"name": "Name",
"type": "Type",
"parent": "Parent interface",
"selectParent": "Select parent",
"vlan": "VLAN",
"vlanId": "VLAN ID",
"composition": "Composition",
"members": "Member interfaces",
"selectMembers": "Select physical interfaces",
"membersRequired": "At least one member interface is required",
"membersHintBridge": "A bridge joins multiple physical ports at L2 — typically two ports for a software switch.",
"membersHintBond": "A bond aggregates multiple physical ports into one logical link (LACP / active-backup).",
"role": "Zone",
"roleHint": "Zones are managed in Firewall → Zones. Custom zones (e.g. iot, guest) can be added there.",
"mtu": "MTU",
"active": "Active",
"description": "Description",
"actions": "Actions",
"deleteConfirm": "Really delete interface {{name}}?"
},
"ips": {
"title": "IP addresses",
"intro": "Addresses the kernel currently has (read-only above) plus addresses EdgeGuard additionally manages — including VIPs that follow the active cluster node on failover.",
"systemDiscovered": "Kernel addresses (read-only)",
"managedTitle": "Managed addresses",
"family": "Family",
"addAddress": "Add address",
"editAddress": "Edit address",
"interface": "Interface",
"selectInterface": "Select interface",
"address": "Address",
"prefix": "Prefix",
"vip": "VIP",
"vipFlag": "Mark as VIP",
"vipPriority": "VIP priority (cluster failover)",
"active": "Active",
"description": "Description",
"actions": "Actions",
"deleteConfirm": "Really delete address {{addr}}?"
},
"auth": {
"loginTitle": "Sign in",
"email": "Email",
"password": "Password",
"login": "Sign in",
"logout": "Sign out",
"loginFailed": "Sign-in failed",
"loggedInAs": "Signed in as"
},
"setup": {
"title": "First-time setup",
"intro": "Create the admin account, declare the public FQDN, and — optionally — paste a license key. Without one, a 30-day trial starts.",
"adminEmail": "Admin email",
"adminPassword": "Admin password",
"passwordRule": "At least 12 characters.",
"fqdn": "Public FQDN",
"acmeEmail": "ACME / Let's Encrypt email",
"licenseKey": "License key (optional)",
"submit": "Finish setup",
"successTitle": "Setup complete",
"successHint": "Redirecting you to sign-in."
},
"dashboard": {
"title": "Dashboard",
"welcomeHint": "Overview of all running EdgeGuard components."
},
"domains": {
"title": "Domains",
"addDomain": "Add domain",
"editDomain": "Edit domain",
"name": "Name",
"active": "Active",
"primaryBackend": "Primary backend",
"primaryBackendHint": "Catch-all backend for requests with no matching routing rule. Optional — leave empty if all traffic is routed via routing rules.",
"selectBackend": "Select backend",
"noBackend": "no backend",
"httpToHttps": "HTTP→HTTPS",
"hsts": "HSTS",
"notes": "Notes",
"actions": "Actions",
"edit": "Edit",
"delete": "Delete",
"deleteConfirm": "Really delete domain {{name}}?"
},
"backends": {
"title": "Backends",
"addBackend": "Add backend",
"editBackend": "Edit backend",
"name": "Name",
"scheme": "Scheme",
"address": "Address",
"port": "Port",
"target": "Target",
"healthCheck": "Health check path",
"active": "Active",
"usedBy": "Used by",
"noDomain": "no domain",
"attachedDomains": "Domains",
"attachedDomainsHint": "Domains that use this backend as their primary. Selecting domains here reconfigures them directly — same source of truth as the Domain modal's backend picker.",
"selectDomains": "Select domains",
"actions": "Actions",
"deleteConfirm": "Really delete backend {{name}}?"
},
"routing": {
"title": "Routing rules",
"addRule": "Add rule",
"editRule": "Edit rule",
"domain": "Domain",
"pathPrefix": "Path prefix",
"backend": "Backend",
"priority": "Priority",
"active": "Active",
"actions": "Actions",
"selectDomain": "Select domain",
"selectBackend": "Select backend",
"deleteConfirm": "Really delete this routing rule?"
},
"cluster": {
"title": "Cluster",
"intro": "{{count}} node(s) registered. Multi-node cluster (KeyDB Active-Active + PG streaming replication) coming in a later release.",
"id": "Node ID",
"fqdn": "FQDN",
"role": "Role",
"joinedAt": "Joined",
"self": "this node"
},
"ssl": {
"title": "SSL certificates",
"intro": "Manage TLS certs — let EdgeGuard issue them via Let's Encrypt or upload your own PEM. HAProxy reloads automatically after each change.",
"tabLE": "Let's Encrypt",
"tabUpload": "Custom certificate",
"leIntro": "Pick a domain, click Issue — EdgeGuard solves HTTP-01 over the ACME webroot, writes the PEM into /etc/edgeguard/tls/, and reloads HAProxy.",
"uploadIntro": "Upload your own certificate. Format: PEM-encoded. Cert + optional chain + private key. EdgeGuard validates cert/key match before writing.",
"uploadHint": "Tip: for Let's Encrypt renewals don't upload here — use the LE tab.",
"domain": "Domain",
"selectDomain": "Select domain",
"issuer": "Issuer",
"status": "Status",
"expiresIn": "Expires in",
"expiredAgo": "expired {{days}} days ago",
"actions": "Actions",
"issueButton": "Issue certificate",
"uploadButton": "Upload",
"issueSuccess": "Certificate issued + installed.",
"uploadSuccess": "Certificate uploaded + installed.",
"deleteConfirm": "Delete certificate for {{domain}}? HAProxy falls back to the default cert for this domain.",
"installedTitle": "Installed certificates",
"certPem": "Certificate (PEM)",
"chainPem": "Chain (PEM, optional)",
"keyPem": "Private key (PEM)"
},
"settings": {
"title": "Settings",
"intro": "System information and setup status. Editable values come in a later release.",
"systemInfo": "System",
"version": "Version",
"status": "Status",
"setupInfo": "Setup",
"adminEmail": "Admin email",
"fqdn": "FQDN",
"setupCompleted": "Setup completed"
},
"update": {
"available": "Update available: {{pkg}} {{installed}} → {{available}}",
"applyNow": "Apply now",
"applying": "Update in progress …",
"started": "Update has started — the server will restart shortly."
},
"wg": {
"title": "WireGuard",
"intro": "WireGuard VPN tunnels. Server mode = we listen for peers; client mode = we dial out to a fixed upstream. Private keys are encrypted at rest.",
"tabs": { "servers": "Server tunnels", "clients": "Client tunnels" },
"serverIntro": "Server tunnels host a peer roster — typically employee devices or branch sites. Each peer can be downloaded as a wg-quick.conf or scanned as a QR code.",
"clientIntro": "Client tunnels connect EdgeGuard to a remote WireGuard server (e.g. HQ datacenter). Allowed IPs control which traffic is routed through the tunnel.",
"iface": {
"name": "Name",
"namePattern": "wg followed by lowercase letters/digits/-, max 15 chars",
"nameExtra": "Suggested: wg0, wg1, wg-hq …",
"address": "Address (CIDR)",
"addressExtra": "Box's tunnel IP, e.g. 10.99.0.1/24 for a /24 pool",
"listenPort": "Listen port",
"publicKey": "Public key",
"privateKey": "Private key (paste)",
"privateKeyExtra": "Fill in only if not auto-generating — base64 32 bytes. Stored encrypted.",
"peerEndpoint": "Peer endpoint",
"peerPublicKey": "Peer public key",
"peerPSK": "Pre-shared key (PSK)",
"peerPSKExtra": "Optional extra layer",
"allowedIPs": "Allowed IPs",
"allowedIPsExtra": "What gets routed through the tunnel. Default = full tunnel.",
"keepalive": "Persistent keepalive (sec)",
"mtu": "MTU",
"zone": "Firewall zone",
"description": "Description",
"addServer": "Add server tunnel",
"editServer": "Edit server tunnel",
"addClient": "Add client tunnel",
"editClient": "Edit client tunnel",
"upstream": "Upstream peer",
"deleteConfirm": "Really delete tunnel {{name}}? wg-quick will be stopped.",
"keys": "Keys",
"generateExtra": "If on: server generates a fresh Curve25519 keypair on save.",
"generateOn": "Server-generated",
"generateOff": "Manual paste",
"editKeyWarning": "Warning: new keys invalidate all existing peer configs. Only change if intentional."
},
"peers": {
"button": "Peers",
"drawerTitle": "Peer roster"
},
"peer": {
"name": "Name",
"publicKey": "Public key",
"publicKeyExtra": "Generated by the peer device; only paste here if the peer already has a keypair.",
"allowedIPs": "Allowed IPs",
"allowedIPsExtra": "Which tunnel IPs this peer is allowed to use. Typically /32 = one IP.",
"keepalive": "Keepalive (sec)",
"keepaliveExtra": "0 = off. Recommended 25 behind NAT.",
"lastHandshake": "Last handshake",
"never": "never",
"description": "Description",
"add": "Add peer",
"edit": "Edit peer",
"deleteConfirm": "Really remove peer {{name}}?",
"keys": "Keys",
"generateExtra": "If on: server generates a keypair for this peer and can hand out the config / QR. If off: paste the peer's public key only — no config download.",
"pskExtra": "If on: server generates a 32-byte PSK for this peer.",
"pskOn": "Generate PSK",
"pskOff": "no PSK",
"downloadConf": "Download wg-quick.conf",
"qrTitle": "WireGuard QR",
"qrHint": "Scan with the WireGuard app (iOS/Android): \"Add tunnel\" → \"Scan QR code\". Replace the Endpoint placeholder in the downloaded conf before use."
}
},
"common": {
"yes": "Yes",
"no": "No",
"save": "Save",
"cancel": "Cancel",
"loading": "Loading …",
"error": "Error",
"edit": "Edit",
"delete": "Delete",
"deleteConfirm": "Really delete?",
"search": "Search …",
"totalRows": "{{count}} rows",
"active": "Active",
"inactive": "Inactive",
"noData": "No data",
"actions": "Actions",
"add": "Add",
"download": "Download",
"copy": "Copy",
"copied": "Copied"
}
}
Reference in New Issue View Git Blame Copy Permalink