Deployed acddd731 to development with MkDocs 1.6.1 and mike 2.1.3

development/ref/acls/index.html

@@ -142,12 +142,12 @@
 </span><span id=__span-5-3><a id=__codelineno-5-3 name=__codelineno-5-3 href=#__codelineno-5-3></a><span class=w>  </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:tagged&quot;</span><span class=p>],</span>
 </span><span id=__span-5-4><a id=__codelineno-5-4 name=__codelineno-5-4 href=#__codelineno-5-4></a><span class=w>  </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;tag:monitoring:9090&quot;</span><span class=p>]</span>
 </span><span id=__span-5-5><a id=__codelineno-5-5 name=__codelineno-5-5 href=#__codelineno-5-5></a><span class=p>}</span>
-</span></code></pre></div> <h3 id=autogroupself><code>autogroup:self</code><a class=headerlink href=#autogroupself title="Permanent link">&para;</a></h3> <div class="admonition warning"> <p class=admonition-title>The current implementation of <code>autogroup:self</code> is inefficient</p> </div> <p>Includes devices where the same user is authenticated on both the source and destination. Does not include tagged devices. Can only be used in ACL destinations.</p> <p><div class="language-json highlight"><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a><span class=p>{</span>
+</span></code></pre></div> <h3 id=autogroupself><code>autogroup:self</code><a class=headerlink href=#autogroupself title="Permanent link">&para;</a></h3> <div class="admonition warning"> <p class=admonition-title>The current implementation of <code>autogroup:self</code> is inefficient</p> </div> <p>Includes devices where the same user is authenticated on both the source and destination. Does not include tagged devices. Can only be used in ACL destinations.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-6-1><a id=__codelineno-6-1 name=__codelineno-6-1 href=#__codelineno-6-1></a><span class=p>{</span>
 </span><span id=__span-6-2><a id=__codelineno-6-2 name=__codelineno-6-2 href=#__codelineno-6-2></a><span class=w>  </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span>
 </span><span id=__span-6-3><a id=__codelineno-6-3 name=__codelineno-6-3 href=#__codelineno-6-3></a><span class=w>  </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:member&quot;</span><span class=p>],</span>
 </span><span id=__span-6-4><a id=__codelineno-6-4 name=__codelineno-6-4 href=#__codelineno-6-4></a><span class=w>  </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:self:*&quot;</span><span class=p>]</span>
 </span><span id=__span-6-5><a id=__codelineno-6-5 name=__codelineno-6-5 href=#__codelineno-6-5></a><span class=p>}</span>
-</span></code></pre></div> <em>Using <code>autogroup:self</code> may cause performance degradation on the Headscale coordinator server in large deployments, as filter rules must be compiled per-node rather than globally and the current implementation is not very efficient.</em></p> <p>If you experience performance issues, consider using more specific ACL rules or limiting the use of <code>autogroup:self</code>. <div class="language-json highlight"><pre><span></span><code><span id=__span-7-1><a id=__codelineno-7-1 name=__codelineno-7-1 href=#__codelineno-7-1></a><span class=p>{</span>
+</span></code></pre></div> <p><em>Using <code>autogroup:self</code> may cause performance degradation on the Headscale coordinator server in large deployments, as filter rules must be compiled per-node rather than globally and the current implementation is not very efficient.</em></p> <p>If you experience performance issues, consider using more specific ACL rules or limiting the use of <code>autogroup:self</code>.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-7-1><a id=__codelineno-7-1 name=__codelineno-7-1 href=#__codelineno-7-1></a><span class=p>{</span>
 </span><span id=__span-7-2><a id=__codelineno-7-2 name=__codelineno-7-2 href=#__codelineno-7-2></a><span class=w>  </span><span class=c1>// The following rules allow internal users to communicate with their</span>
 </span><span id=__span-7-3><a id=__codelineno-7-3 name=__codelineno-7-3 href=#__codelineno-7-3></a><span class=w>  </span><span class=c1>// own nodes in case autogroup:self is causing performance issues.</span>
 </span><span id=__span-7-4><a id=__codelineno-7-4 name=__codelineno-7-4 href=#__codelineno-7-4></a><span class=w>  </span><span class=p>{</span><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;boss@&quot;</span><span class=p>],</span><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;boss@:*&quot;</span><span class=p>]</span><span class=w> </span><span class=p>},</span>
@@ -156,7 +156,7 @@
 </span><span id=__span-7-7><a id=__codelineno-7-7 name=__codelineno-7-7 href=#__codelineno-7-7></a><span class=w>  </span><span class=p>{</span><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;admin1@&quot;</span><span class=p>],</span><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;admin1@:*&quot;</span><span class=p>]</span><span class=w> </span><span class=p>},</span>
 </span><span id=__span-7-8><a id=__codelineno-7-8 name=__codelineno-7-8 href=#__codelineno-7-8></a><span class=w>  </span><span class=p>{</span><span class=w> </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span><span class=w> </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;intern1@&quot;</span><span class=p>],</span><span class=w> </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;intern1@:*&quot;</span><span class=p>]</span><span class=w> </span><span class=p>}</span>
 </span><span id=__span-7-9><a id=__codelineno-7-9 name=__codelineno-7-9 href=#__codelineno-7-9></a><span class=p>}</span>
-</span></code></pre></div></p> <h3 id=autogroupnonroot><code>autogroup:nonroot</code><a class=headerlink href=#autogroupnonroot title="Permanent link">&para;</a></h3> <p>Used in Tailscale SSH rules to allow access to any user except root. Can only be used in the <code>users</code> field of SSH rules.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a><span class=p>{</span>
+</span></code></pre></div> <h3 id=autogroupnonroot><code>autogroup:nonroot</code><a class=headerlink href=#autogroupnonroot title="Permanent link">&para;</a></h3> <p>Used in Tailscale SSH rules to allow access to any user except root. Can only be used in the <code>users</code> field of SSH rules.</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a><span class=p>{</span>
 </span><span id=__span-8-2><a id=__codelineno-8-2 name=__codelineno-8-2 href=#__codelineno-8-2></a><span class=w>  </span><span class=nt>&quot;action&quot;</span><span class=p>:</span><span class=w> </span><span class=s2>&quot;accept&quot;</span><span class=p>,</span>
 </span><span id=__span-8-3><a id=__codelineno-8-3 name=__codelineno-8-3 href=#__codelineno-8-3></a><span class=w>  </span><span class=nt>&quot;src&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:member&quot;</span><span class=p>],</span>
 </span><span id=__span-8-4><a id=__codelineno-8-4 name=__codelineno-8-4 href=#__codelineno-8-4></a><span class=w>  </span><span class=nt>&quot;dst&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span><span class=s2>&quot;autogroup:self&quot;</span><span class=p>],</span>

development/ref/oidc/index.html

@@ -43,8 +43,8 @@
 </span><span id=__span-7-3><a id=__codelineno-7-3 name=__codelineno-7-3 href=#__codelineno-7-3></a><span class=w>  </span><span class=nt>client_id</span><span class=p>:</span><span class=w> </span><span class=s>&quot;headscale&quot;</span>
 </span><span id=__span-7-4><a id=__codelineno-7-4 name=__codelineno-7-4 href=#__codelineno-7-4></a><span class=w>  </span><span class=nt>client_secret</span><span class=p>:</span><span class=w> </span><span class=s>&quot;generated-secret&quot;</span>
 </span><span id=__span-7-5><a id=__codelineno-7-5 name=__codelineno-7-5 href=#__codelineno-7-5></a><span class=hll><span class=w>  </span><span class=nt>use_expiry_from_token</span><span class=p>:</span><span class=w> </span><span class="l l-Scalar l-Scalar-Plain">true</span>
-</span></span></code></pre></div> </div> </div> </div> <div class="admonition tip"> <p class=admonition-title>Expire a node and force re-authentication</p> <p>A node can be expired immediately via: <div class="language-console highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a><span class=go>headscale node expire -i &lt;NODE_ID&gt;</span>
-</span></code></pre></div></p> </div> <h3 id=reference-a-user-in-the-policy>Reference a user in the policy<a class=headerlink href=#reference-a-user-in-the-policy title="Permanent link">&para;</a></h3> <p>You may refer to users in the Headscale policy via:</p> <ul> <li>Email address</li> <li>Username</li> <li>Provider identifier (this value is currently only available from the <a href=../api/ >API</a>, database or directly from your identity provider)</li> </ul> <div class="admonition note"> <p class=admonition-title>A user identifier in the policy must contain a single <code>@</code></p> <p>The Headscale policy requires a single <code>@</code> to reference a user. If the username or provider identifier doesn't already contain a single <code>@</code>, it needs to be appended at the end. For example: the username <code>ssmith</code> has to be written as <code>ssmith@</code> to be correctly identified as user within the policy.</p> </div> <div class="admonition warning"> <p class=admonition-title>Email address or username might be updated by users</p> <p>Many identity providers allow users to update their own profile. Depending on the identity provider and its configuration, the values for username or email address might change over time. This might have unexpected consequences for Headscale where a policy might no longer work or a user might obtain more access by hijacking an existing username or email address.</p> </div> <div class="admonition tip"> <p class=admonition-title>Howto use the provider identifier in the policy</p> <p>The provider identifier uniquely identifies an OIDC user and a well-behaving identity provider guarantees that this value never changes for a particular user. It is usually an opaque and long string and its value is currently only available from the <a href=../api/ >API</a>, database or directly from your identity provider).</p> <p>Use the <a href=../api/ >API</a> with the <code>/api/v1/user</code> endpoint to fetch the provider identifier (<code>providerId</code>). The value (be sure to append an <code>@</code> in case the provider identifier doesn't already contain an <code>@</code> somewhere) can be used directly to reference a user in the policy. To improve readability of the policy, one may use the <code>groups</code> section as an alias:</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-9-1><a id=__codelineno-9-1 name=__codelineno-9-1 href=#__codelineno-9-1></a><span class=p>{</span>
+</span></span></code></pre></div> </div> </div> </div> <div class="admonition tip"> <p class=admonition-title>Expire a node and force re-authentication</p> <p>A node can be expired immediately via:</p> <div class="language-console highlight"><pre><span></span><code><span id=__span-8-1><a id=__codelineno-8-1 name=__codelineno-8-1 href=#__codelineno-8-1></a><span class=go>headscale node expire -i &lt;NODE_ID&gt;</span>
+</span></code></pre></div> </div> <h3 id=reference-a-user-in-the-policy>Reference a user in the policy<a class=headerlink href=#reference-a-user-in-the-policy title="Permanent link">&para;</a></h3> <p>You may refer to users in the Headscale policy via:</p> <ul> <li>Email address</li> <li>Username</li> <li>Provider identifier (this value is currently only available from the <a href=../api/ >API</a>, database or directly from your identity provider)</li> </ul> <div class="admonition note"> <p class=admonition-title>A user identifier in the policy must contain a single <code>@</code></p> <p>The Headscale policy requires a single <code>@</code> to reference a user. If the username or provider identifier doesn't already contain a single <code>@</code>, it needs to be appended at the end. For example: the username <code>ssmith</code> has to be written as <code>ssmith@</code> to be correctly identified as user within the policy.</p> </div> <div class="admonition warning"> <p class=admonition-title>Email address or username might be updated by users</p> <p>Many identity providers allow users to update their own profile. Depending on the identity provider and its configuration, the values for username or email address might change over time. This might have unexpected consequences for Headscale where a policy might no longer work or a user might obtain more access by hijacking an existing username or email address.</p> </div> <div class="admonition tip"> <p class=admonition-title>Howto use the provider identifier in the policy</p> <p>The provider identifier uniquely identifies an OIDC user and a well-behaving identity provider guarantees that this value never changes for a particular user. It is usually an opaque and long string and its value is currently only available from the <a href=../api/ >API</a>, database or directly from your identity provider).</p> <p>Use the <a href=../api/ >API</a> with the <code>/api/v1/user</code> endpoint to fetch the provider identifier (<code>providerId</code>). The value (be sure to append an <code>@</code> in case the provider identifier doesn't already contain an <code>@</code> somewhere) can be used directly to reference a user in the policy. To improve readability of the policy, one may use the <code>groups</code> section as an alias:</p> <div class="language-json highlight"><pre><span></span><code><span id=__span-9-1><a id=__codelineno-9-1 name=__codelineno-9-1 href=#__codelineno-9-1></a><span class=p>{</span>
 </span><span id=__span-9-2><a id=__codelineno-9-2 name=__codelineno-9-2 href=#__codelineno-9-2></a><span class=w>  </span><span class=nt>&quot;groups&quot;</span><span class=p>:</span><span class=w> </span><span class=p>{</span>
 </span><span id=__span-9-3><a id=__codelineno-9-3 name=__codelineno-9-3 href=#__codelineno-9-3></a><span class=w>    </span><span class=nt>&quot;group:alice&quot;</span><span class=p>:</span><span class=w> </span><span class=p>[</span>
 </span><span id=__span-9-4><a id=__codelineno-9-4 name=__codelineno-9-4 href=#__codelineno-9-4></a><span class=w>      </span><span class=s2>&quot;https://soo.example.com/oauth2/openid/59ac9125-c31b-46c5-814e-06242908cf57@&quot;</span>

development/sitemap.xml

@@ -2,130 +2,130 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
     <url>
          <loc>https://juanfont.github.io/headscale/development/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/about/clients/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/about/contributing/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/about/faq/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/about/features/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/about/help/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/about/releases/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/about/sponsor/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/acls/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/api/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/configuration/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/debug/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/derp/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/dns/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/oidc/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/registration/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/routes/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/tags/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/tls/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/integration/reverse-proxy/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/integration/tools/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/ref/integration/web-ui/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/setup/requirements/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/setup/upgrade/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/setup/install/community/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/setup/install/container/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/setup/install/official/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/setup/install/source/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/usage/getting-started/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/usage/connect/android/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/usage/connect/apple/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
     <url>
          <loc>https://juanfont.github.io/headscale/development/usage/connect/windows/</loc>
-         <lastmod>2026-02-27</lastmod>
+         <lastmod>2026-03-01</lastmod>
     </url>
 </urlset>