Go to file

nessi 8f73dd3321 refactor: move Claims type from auth to new identity package

Extract Claims struct from auth/types.go into dedicated identity package for better separation of concerns. Update all imports and usages across auth service, token handling, and request context utilities.

2026-03-15 16:39:02 +01:00

admin-web

chore: initial project scaffold with admin web, backend, desktop client, and deployment setup

2026-03-15 16:32:34 +01:00

backend

refactor: move Claims type from auth to new identity package

2026-03-15 16:39:02 +01:00

deploy

chore: initial project scaffold with admin web, backend, desktop client, and deployment setup

2026-03-15 16:32:34 +01:00

desktop-client

chore: initial project scaffold with admin web, backend, desktop client, and deployment setup

2026-03-15 16:32:34 +01:00

docs

chore: initial project scaffold with admin web, backend, desktop client, and deployment setup

2026-03-15 16:32:34 +01:00

.gitignore

chore: initial project scaffold with admin web, backend, desktop client, and deployment setup

2026-03-15 16:32:34 +01:00

README.md

chore: initial project scaffold with admin web, backend, desktop client, and deployment setup

2026-03-15 16:32:34 +01:00

README.md

NexaVPN

NexaVPN is a production-oriented, self-hosted WireGuard control plane for remote access. It combines:

A Go backend and PostgreSQL control plane
A React admin console
A Tauri desktop client for Windows and macOS
WireGuard gateway and firewall policy enforcement
Docker Compose deployment assets

Monorepo Layout

docs/ architecture, schema, API, and deployment design
backend/ Go API, migrations, seeds, and domain services
admin-web/ React + Vite admin UI
desktop-client/ Tauri desktop client
deploy/ Docker Compose, reverse proxy, and gateway assets

Phase Status

This repository contains the initial production-minded MVP scaffold:

Phase 1: architecture, schema, API, enrollment, provisioning, gateway design
Phase 2: backend scaffold, migrations, auth, CRUD, audit, profile generation
Phase 3: admin UI scaffold and core pages
Phase 4: desktop client scaffold, enrollment flow, profile provisioning abstraction
Phase 5: deployment assets, bootstrap scripts, and hardening notes

Quick Start

Copy deploy/.env.example to deploy/.env.
Review docs/architecture.md and docs/deployment.md.
Start the stack with Docker Compose from deploy/.
Open http://localhost.
On the admin login screen, choose the bootstrap flow if this is a fresh install.
Create the initial admin, then sign in.

Important MVP Notes

WireGuard remains the tunnel transport. NexaVPN is the control plane around it.
Client private keys are generated on-device and are not stored server-side.
Gateway-side enforcement uses nftables generated from issued policy state.
The Tauri client is structured around embedded tunnel management. Native system WireGuard import can be added as an optional integration later.
The current desktop client now performs real backend login and enrollment calls, but secure OS key storage and native tunnel activation are still the next hardening step.

Local Test Flow

cd deploy
cp .env.example .env
docker compose up --build

Then:

Visit http://localhost
Bootstrap the first admin account
Create a user or use the desktop client against http://localhost
Sign in from the NexaVPN desktop app with that user

Languages

Go 39.7%

TypeScript 25.5%

Rust 19.7%

CSS 7.6%

Shell 4.3%

Other 3.2%