Client CLI quickstart

nanami is a Go CLI for managed-client bootstrap without full desktop apps.

Current MVP scope:

login with control-plane credentials,
create or refresh a managed node config,
write deterministic local WireGuard config,
optional wg-quick apply/down on Linux/macOS,
status from server-side connection truth.

Prerequisites

Linux or macOS
wg-quick from wireguard-tools

Install examples:

bash

# macOS
brew install wireguard-tools

# Ubuntu/Debian
sudo apt-get install wireguard-tools

Commands

bash

nanami version
nanami login --api-url http://localhost:8080 --email [email protected] --password '...'
nanami up --node-name my-laptop --network dev --print-config
nanami up --apply
nanami status --node-id <node-id>
nanami down --node-id <node-id> --interface nanami0
nanami logout

Local state path:

~/.nanami/config.json (mode 0600)
managed config path: ~/.nanami/wireguard/nanami0.conf (mode 0600)

API Mapping

| CLI command | API endpoint(s) | | --- | --- | | nanami login | POST /api/v1/auth/login | | nanami up | POST /api/v1/client/devices, POST /api/v1/client/devices/:id/config, POST /api/v1/client/devices/:id/heartbeat | | nanami status | GET /api/v1/nodes/:id | | nanami down | no API call (local wg-quick down) | | nanami logout | no API call (local credential cleanup) |

Notes

Canonical login route is POST /api/v1/auth/login.
Canonical managed-client enrollment route is POST /api/v1/client/devices.
If wg-quick is missing, nanami up --apply prints exact install hint and leaves config on disk.
Private keys are generated and stored locally by CLI; only public key may be rotated via API.
Gateway endpoint contract follows GATEWAY_DOMAIN strategy: template mode (gateway-daemon-{id}-...) or legacy mode (gw-<shortId>.<GATEWAY_DOMAIN>).
Generated configs include DNS = OVERLAY_DNS_IP.

Edit this page