config, types: move randomize_client_port from server config to policy file

Tailscale models the randomize-client-port toggle as a top-level field on the ACL policy. Headscale now matches that shape: the server-config randomize_client_port key is removed, the toggle lives in the policy file as randomizeClientPort, and per-node opt-in via nodeAttrs is also supported. Operators upgrading from a config-set randomize_client_port hit depr.fatalWithHint at startup, which prints the deprecation message and points at the new policy field rather than silently dropping the toggle. The default carries over (false) so operators who never set it are unaffected. config-example.yaml ships a REMOVED stanza showing the migration. types/node.go drops the cfg.RandomizeClientPort read from TailNode -- the cap is now policy-driven through compileNodeAttrs and the tail_test.go expectations follow.
2026-05-23 10:42:30 +09:00 · 2026-05-11 14:49:36 +00:00
parent 6fcff9e352
commit 3f73ed5404
5 changed files with 57 additions and 35 deletions
--- a/cmd/headscale/headscale_test.go
+++ b/cmd/headscale/headscale_test.go
@@ -73,5 +73,4 @@ func TestConfigLoading(t *testing.T) {
 	assert.Equal(t, "HTTP-01", viper.GetString("tls_letsencrypt_challenge_type"))
 	assert.Equal(t, fs.FileMode(0o770), util.GetFileMode("unix_socket_permission"))
 	assert.False(t, viper.GetBool("logtail.enabled"))
-	assert.False(t, viper.GetBool("randomize_client_port"))
 }