Compare commits

...

2294 Commits

Author SHA1 Message Date
Kristoffer Dalby b12ef62486 remove old release flow
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2023-04-28 10:08:45 +00:00
Kristoffer Dalby df8a85f65a setup ko image builder for goreleaser
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 11:59:19 +02:00
Kristoffer Dalby 848a9c27ae make dockerfiles testing only note
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-28 11:32:28 +02:00
Kristoffer Dalby 56dd734300 Add go profiling flag, and enable on integration tests (#1382) 2023-04-27 16:57:11 +02:00
Philipp Krivanec d0113732fe optimize generateACLPeerCacheMap (#1377) 2023-04-26 06:02:54 +02:00
Kristoffer Dalby 6215eb6471 update flake hash (#1376) 2023-04-24 15:52:15 +02:00
Juan Font 1d2b4bca8a Remove legacy DERP tests 2023-04-24 12:35:29 +02:00
Juan Font 96f9680afd Reuse Ping function for DERP ping 2023-04-24 12:17:24 +02:00
Juan Font b465592c07 Do not use host networking in embedded DERP tests
fixed linting
2023-04-24 12:17:24 +02:00
Juan Font 991ff25362 Added workflow for embedded derp 2023-04-24 12:17:24 +02:00
Juan Font eacd687dbf Added DERP integration tests
Linting fixes

Set listen addr to :8443
2023-04-24 12:17:24 +02:00
Juan Font 549f5a164d Expand surface of hsic for better TLS support 2023-04-24 12:17:24 +02:00
Juan Font bb07aec82c Expand tsic to offer PingViaDerp 2023-04-24 12:17:24 +02:00
Kristoffer Dalby a5afe4bd06 Add more capabilities for systemd
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-20 15:53:19 +02:00
Kristoffer Dalby a71cc81fe7 fix
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-20 12:05:57 +02:00
Kristoffer Dalby 679305c3e4 Add version to binary release
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-20 12:05:57 +02:00
Kristoffer Dalby c0680f34f1 fix issue where binaries are not released
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-20 11:10:27 +02:00
Kristoffer Dalby 64ebe6b0c8 change date in changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-20 08:13:38 +02:00
Kristoffer Dalby e6b26499f7 release source code with vendored dependencies
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-20 08:13:38 +02:00
Kristoffer Dalby 977eb1dee3 Update flakes, add some quality of life improvements (#1346) 2023-04-20 07:56:53 +02:00
Kristoffer Dalby b2e2b02210 set release date
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:47:31 +02:00
Kristoffer Dalby 2abff4bb08 update changelog for #1339
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:45:27 +02:00
Kristoffer Dalby 54c00645d1 update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:04:58 +02:00
Kristoffer Dalby cad5ce0ebd lint fix
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:04:58 +02:00
Kristoffer Dalby b12a167fa2 remove rpm, might add back later
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:04:58 +02:00
Kristoffer Dalby 667295e15e add new documentation on how to install on debian/ubuntu
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:04:58 +02:00
Kristoffer Dalby bea52678e3 move current linux documentation into "manual"
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:04:58 +02:00
Kristoffer Dalby 307cfc3304 add systemd enable to postinstall script
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-19 20:04:58 +02:00
Kristoffer Dalby 5e74ca9414 Fix IPv6 in ACLs (#1339) 2023-04-16 12:26:35 +02:00
Juan Font 9836b097a4 Make sure all clients of a user are ready (#1335) 2023-04-12 09:25:51 +02:00
Juan Font d0b3b1bfc4 Fix binary releases 2023-04-08 09:21:27 +02:00
Juan Font 6eea96eabc Added 1.38.4 in the new tests 2023-04-07 19:45:46 +02:00
github-actions[bot] d08fee78c3 docs(README): update contributors (#1325) 2023-04-07 17:31:29 +02:00
Andriy Kushnir (Orhideous) bb5f0d456c Change primary color for light mode to white 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) c186c49e25 Removed custom accents, going with defaults 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) 4ec6894773 Build with strict mode 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) dd9b4b1cb7 Move examples out of docs/ directory 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) a43bb9c958 Replace placeholder link with actual one 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) ba905ff6fc Add GHA CI to build and deploy docs 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) 99bd09f688 Add new index page 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) a6bc792a61 Move admonitions to relevant sections 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) 6381d3660a Add admonitions marking community-provided docs 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) 66c5f74d78 Add admonitions marking community-provided docs 2023-04-07 15:24:13 +02:00
Andriy Kushnir (Orhideous) 1723a6bf40 Configure MkDocs Material scaffold 2023-04-07 15:24:13 +02:00
Juan Font 353f191e4f Update changelog 2023-04-07 13:25:34 +02:00
Juan Font 8d865bb61b Target Go 1.20 in flake.nix 2023-04-07 13:25:34 +02:00
Juan Font c6815c5334 Target Go 1.20 and Tailscale 1.38 2023-04-07 13:25:34 +02:00
Kristoffer Dalby b684ac0668 Simplify goreleaser, package deb and rpm
This commit simplifies the goreleaser configuration and then adds nfpm
support which allows us to build .deb and .rpm for each of the ARCH we
support.

The deb and rpm packages adds systemd services and users, creates
directories etc and should in general give the user a working
environment. We should be able to remove a lot of the complicated,
PEBCAK inducing documentation after this.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-07 11:06:42 +02:00
Juan Font dfc5d861c7 Fix CIDR calculation in expandACLPeerAddr 2023-04-05 09:44:46 +02:00
Juan Font 50b706eeed Remove deprecated linters + one casuing issues with imports 2023-04-04 22:37:27 +02:00
Sean Reifschneider 036ff1cbb9 Adding Powershell commands to Windows instructions (#1299)
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2023-04-04 08:58:32 +02:00
Kristoffer Dalby ceeef40cdf Add tests to verify "Hosts" aliases in ACL (#1304) 2023-04-03 10:08:48 +02:00
Julien Zweverink 681c86cc95 ACL Doc's (#1288) 2023-03-28 18:41:23 +02:00
Kristoffer Dalby c7b459b615 Fix issue where ACL * would filter out returning connections (#1279) 2023-03-27 19:19:32 +02:00
Gabe Cook 56a7b1e349 Add SVG logos (#1286) 2023-03-27 15:33:25 +02:00
Antonio Fernandez f1eee841cb updated to ACL doc (#1278) 2023-03-27 11:25:55 +02:00
Stefan Majer 45fbd34480 Do not use yaml.v2 and yaml.v3 as direct dependency (#1281) 2023-03-27 10:48:39 +02:00
Juan Font 248abcf353 Add missing entry to changelog and prepare for 0.22
Add missing entry to changelog
2023-03-20 13:48:56 +01:00
Kurnia D Win 2560c32378 adding some sleep on re-registration after machine expired (#1256) 2023-03-20 11:14:34 +01:00
Kristoffer Dalby e38efd3cfa Add ACL test for limiting a single port. (#1258) 2023-03-20 08:52:52 +01:00
Moritz Poldrack d12f247490 document running exit nodes
Currently the only kind-of documentation is #210 which is outdated. To remedy
this, add a document describing the process.
2023-03-19 11:02:01 +01:00
nicholas-yap 003036a779 Update iOS compatibility and added iOS docs (#1264) 2023-03-17 15:56:15 +01:00
github-actions[bot] ed79f977a7 docs(README): update contributors (#1262) 2023-03-17 10:07:39 +01:00
Kristoffer Dalby 8012e1cbd2 Add instructions on how to login to iOS (#1261) 2023-03-15 11:31:38 +00:00
Kristoffer Dalby a5562850a7 MapResponse optimalisations, peer list integration tests (#1254)
Co-authored-by: Allen <979347228@qq.com>
2023-03-06 17:50:26 +01:00
Stefan Majer bb786ac8e4 github.com/gofrs/uuid/v5 is now go modules compatible, use it (#1224) 2023-03-06 09:54:24 +01:00
Juan Font ea82035222 Allow to delete routes (#1244) 2023-03-06 09:05:40 +01:00
Albert Copeland c9ecdd6ef1 Add Graphical Control Panels section to README (#1226) 2023-03-03 19:05:12 +01:00
Juan Font 54f5c249f1 Fix various linting issues + golang-lint upgrade (#1245) 2023-03-03 18:22:47 +01:00
dnaq a82a603db6 Return 404 on unmatched routes (#1201) 2023-03-03 17:14:30 +01:00
Sean Reifschneider f49930c514 Add "configtest" CLI command. (#1230)
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
Fixes https://github.com/juanfont/headscale/issues/1229
2023-03-03 14:55:29 +01:00
Kristoffer Dalby 2baeb79aa0 changelog: prep for 0.21 (#1246) 2023-03-03 13:42:45 +01:00
Kristoffer Dalby b3f78a209a Post PR comment when nix vendor sum breaks
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-03-02 18:17:59 +01:00
Josh Taylor 5e6868a858 Run prettier 2023-02-27 10:28:49 +01:00
Josh Taylor 5caf848f94 Add steps for Google OAuth for OIDC 2023-02-27 10:28:49 +01:00
Juan Font 3e097123bf Target ts 1.36 in integration tests 2023-02-26 15:35:27 +01:00
Juan Font 74447b02e8 Target Tailscale 1.36 when building 2023-02-26 15:35:27 +01:00
Juan Font 20e96de963 Update dependencies 20230226 2023-02-26 14:39:37 +01:00
Juan Font 7c765fb3dc Update prettier action
Update prettier action
2023-02-26 13:54:30 +01:00
Michael Savage dcc246c869 Fix OpenBSD build docs
- OpenBSD 7.2 installs go 1.19 by default
- Doubt you can run nix so skip the makefile/nix build and just go build directly
2023-02-26 12:54:47 +01:00
Àlex Torregrosa cf7767d8f9 Add css to the /windows and /apple templates (#1211)
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2023-02-09 08:49:05 -05:00
Maxim Gajdaj 61c578f82b Update running-headscale-linux.md
Option WorkingDirectory for headscale.service added
2023-02-09 08:17:28 -05:00
Kristoffer Dalby 6950ff7841 Add list of talks to the readme
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-07 17:04:14 +01:00
Kristoffer Dalby e65ce17f7b Add documentation to integration test framework
so tsic, hsic and scenario

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 16:25:58 +01:00
Kristoffer Dalby b190ec8edc Add section about running locally
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 16:25:58 +01:00
Kristoffer Dalby c39085911f Add node expiry test
This commits adds a test to verify that nodes get updated if a node in
their network expires.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 3c20d2a178 Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 9187e4287c Remove unused components from old integration tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 2b7bcb77a5 Stop using deprecated string function
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 97a909866d Use pingAll helper for all integration pinging
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby feeb5d334b Populate the tags field on node
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby a840a2e6ee Sort tailcfg.Node creation as upstream
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 4183345020 Do not collect services, we dont support it
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 50fb7ad6ce Add TODOs for only sending patch updates
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 88a9f4b44c Send control time in map response
This gives all the nodes the same constant time to work from

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby 00fbd8dd93 Remove all tests before generating new ones
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-02 17:55:19 +01:00
Kristoffer Dalby ce587d2421 Update test workflows
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-01 10:58:37 +01:00
Kristoffer Dalby e1eb30084d Remove new line at start of test template
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-01 10:58:37 +01:00
Kristoffer Dalby 673638afe7 Use ripgrep to find list of tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-01 10:58:37 +01:00
Kristoffer Dalby da48cf64b3 Set OpenID Connect Expiry
This commit adds a default OpenID Connect expiry to 180d to align with
Tailscale SaaS (previously infinite or based on token expiry).

In addition, it adds an option use the expiry time from the Token sent
by the OpenID provider. This will typically cause really short expiry
and you should only turn on this option if you know what you are
desiring.

This fixes #1176.

Co-authored-by: Even Holthe <even.holthe@bekk.no>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-31 18:55:16 +01:00
Dominic Bevacqua 385fd93e73 Update changelog 2023-01-31 00:15:48 +01:00
Dominic Bevacqua 26edf24477 Allow split DNS configuration without requiring global nameservers
Align behaviour of dns_config.restricted_nameservers to tailscale.

Tailscale allows split DNS configuration without requiring global nameservers.

In addition, as per [the docs](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console):

> These nameservers also configure search domains for your devices

This commit aligns headscale to tailscale by:

 * honouring dns_config.restricted_nameservers regardless of whether any global resolvers are configured
 * adding a search domain for each restricted_nameserver
2023-01-31 00:15:48 +01:00
Kristoffer Dalby 83a538cc95 Rename IP specific function, add missing test case
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 15:56:38 +01:00
Kristoffer Dalby cffa040474 Cancel old builds if new commits appear
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 14:57:10 +01:00
Kristoffer Dalby 727d95b477 Improve generated integration tests
- Save logs from control(headscale) on every run to tmp
- Upgrade nix-actions
- Cancel builds if new commit is pushed
- Fix a sorting bug in user command test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-30 14:43:03 +01:00
Juan Font 640bb94119 Do not show IsPrimary field as false in exit nodes 2023-01-29 14:54:09 +01:00
Juan Font 0f65918a25 Update tests
Fixed linting
2023-01-29 12:25:37 +01:00
Juan Font 3ac2e0b253 Enable both exit node routes (IPv4 and IPv6) at the same time.
As indicated by bradfitz in https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002,
both routes for the exit node must be enabled at the same time. If a user tries to enable one of the exit node routes,
the other gets activated too.

This commit also reduces the API surface, making private a method that didnt need to be exposed.
2023-01-29 12:25:37 +01:00
Juan Font b322cdf251 Updated changelog for v0.20.0 2023-01-29 11:46:37 +01:00
Johan Siebens e128796b59 use smallzstd and sync pool 2023-01-27 12:03:24 +01:00
Kristoffer Dalby 6d669c6b9c Migrate namespace_id to user_id column in machine and pak
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-26 11:07:26 +01:00
Kristoffer Dalby 8dadb045cf Mark -n and --namespace as deprecated
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-26 10:22:38 +01:00
Christian Heusel 9f6e546522 modify the test to reflect the changes on the webinterface
related to 2d44a1c99c17

Signed-off-by: Christian Heusel <christian@heusel.eu>
2023-01-26 08:33:44 +01:00
Juan Font 9714900db9 Target Tailscale 1.36.0 2023-01-26 07:50:03 +01:00
Jan Hartkopf cb25f0d650 Add hint for reverse proxying with Apache 2023-01-23 15:51:20 +01:00
caelansar 9c2e580ab5 put Where before Find 2023-01-20 10:50:29 +01:00
Christian Heusel 0ffff2c994 Update the node join instruction to reference "username"
related to https://github.com/juanfont/headscale/pull/1144

Signed-off-by: Christian Heusel <christian@heusel.eu>
2023-01-20 09:50:49 +01:00
Christian Heusel c720af66d6 permalink in the limitations section to tailscale
The relative link was broken after one commit to the file

Signed-off-by: Christian Heusel <christian@heusel.eu>
2023-01-20 09:19:26 +01:00
Kristoffer Dalby 86a7129027 Update changelog, more explicit backup note
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-19 12:54:34 +01:00
Kristoffer Dalby 9eaa8dd049 Migrate DB: rename table is plural, order matters
The calls to AutoMigrate to other classes that refer to users will
create the table and it will break, it needs to be done before
everything else.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-19 12:54:34 +01:00
Kristoffer Dalby 81441afe70 update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby f19e8aa7f0 Fix failing tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby 90287a6735 gofumpt
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby fb3e2dcf10 Rename namespace to user in docs
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby bf0b85f382 Rename acl test file
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby 5da0963aac Migrate DB: rename namespace, automigrate user
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby da5c051d73 Lint fix
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby b98bf199dd Regenerate go from proto
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby 428d7c86ce Rename namespace in protobuf files
While this truly breaks the point of the backwards compatible stuff with
protobuf, it does not seem worth it to attempt to glue together a
compatible API.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby af1ec5a593 Rename .go namespace files
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Kristoffer Dalby e3a2593344 Rename [Nn]amespace -> [Uu]ser in go code
Use gopls, ag and perl to rename all occurances of Namespace

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Motiejus Jakštys bafb6791d3 oidc: allow reading the client secret from a file
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.

[1]: https://systemd.io/CREDENTIALS/
2023-01-14 17:03:57 +01:00
Motiejus Jakštys 6edac4863a Makefile: remove a missing target
test_integration_oidc was removed in 0525bea593
2023-01-14 13:42:48 +01:00
Even Holthe e27e01c09f nodes list: expose expiration time 2023-01-12 13:43:21 +01:00
Even Holthe dd173ecc1f Refresh machines with correct new expiry 2023-01-12 13:43:21 +01:00
Kristoffer Dalby 8ca0fb7ed0 update ip_prefixes docs
we cant actually have arbitrary ip ranges, add a note about that.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-12 11:39:39 +01:00
Juan Font 6c714e88ee Added entry for performance improvements in ACLs 2023-01-11 08:58:03 +01:00
Allen a6c8718a97 ToStringSlice will lead to high CPU usage, early conversion can reduce cpu usage 2023-01-11 08:45:54 +01:00
Even Holthe 26282b7a54 Fix SIGSEGV crash related to map of state changes
See https://github.com/juanfont/headscale/issues/1114#issuecomment-1373698441
2023-01-10 22:26:21 +01:00
Kristoffer Dalby 93aca81c1c Read integration test config from Env
This commit sets the Headscale config from env instead of file for
integration tests, the main point is to make sure that when we add per
test config, it properly replaces the config key and not append it or
something similar.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 23:06:43 +01:00
Kristoffer Dalby 81254cdf7a Limit run regex for generated workflows
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 18:36:31 +01:00
Kristoffer Dalby b3a0c4a63b Add integration readme
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 12:32:24 +01:00
Kristoffer Dalby 376235c9de make prettier ignore generated test flows
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 12:32:24 +01:00
Kristoffer Dalby 7274fdacc6 Generate github action jobs for integration tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 12:32:24 +01:00
Kristoffer Dalby 91c1f54b49 Remove "run all v2 job"
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 12:32:24 +01:00
Kristoffer Dalby efd0f79fbc Add script to generate integration test gitjobs
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-06 12:32:24 +01:00
Juan Font 2084464225 Update CHANGELOG.md
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2023-01-05 14:59:02 +01:00
Juan Font 66ebbf3ecb Preload AuthKey in machine getters 2023-01-05 14:59:02 +01:00
Juan Font 55a3885614 Added integration tests for ephemeral nodes
Fetch the machines from headscale
2023-01-05 14:59:02 +01:00
Juan Font afae1ff7b6 Delete ephemeral machines on logout
Update changelog

Use dedicated method to delete
2023-01-05 14:59:02 +01:00
Juan Font 4de49f5f49 Add isEphemeral() method to Machine 2023-01-05 14:59:02 +01:00
Even Holthe 6db9656008 oidc: update changelog 2023-01-04 09:23:52 +01:00
Even Holthe fecb13b24b oidc: add basic docs 2023-01-04 09:23:52 +01:00
Even Holthe 23a595c26f oidc: add test for expiring nodes after token expiration 2023-01-04 09:23:52 +01:00
Even Holthe 085912cfb4 expire machines after db expiry 2023-01-04 09:23:52 +01:00
Even Holthe 7157e14aff add expiration from OIDC token to machine 2023-01-04 09:23:52 +01:00
Allen 4e2c4f92d3 reflect.DeepEqual is a value copy that causes golang to continuously allocate memory 2023-01-03 18:09:18 +01:00
Juan Font 893b0de8fa Added tests on allowedip field for routing 2023-01-03 13:34:55 +01:00
Juan Font 9b98c3b79f Send in AllowedIPs both primary routes AND enabled exit routes 2023-01-03 13:34:55 +01:00
Even Holthe 6de26b1d7c Remove Tailscale v1.18.2 from test matrix 2023-01-02 16:06:12 +01:00
Christian Heusel 1f1931fb00 fix spelling mistakes 2023-01-01 22:45:16 +01:00
Christian Heusel 1f4efbcd3b add changelog entry 2023-01-01 22:45:16 +01:00
Christian Heusel 711fe1d806 enumerate the config 2023-01-01 22:45:16 +01:00
Christian Heusel e2c62a7b0c document how to add new DNS records via extra_records 2023-01-01 22:45:16 +01:00
Christian Heusel ab6565723e add the possibility for custom DNS records
related to https://github.com/juanfont/headscale/issues/762

Co-Authored-By: Jamie Greeff <jamie@greeff.me>
Signed-off-by: Christian Heusel <christian@heusel.eu>
2023-01-01 22:45:16 +01:00
John Axel Eriksson 7bb6f1a7eb domains/restricted_nameservers: check dnsConfig.Resolvers instead of dnsConfig.Nameservers 2022-12-31 19:06:32 +01:00
Avirut Mehta 549b82df11 Add Caddy instructions to reverse_proxy.md 2022-12-27 23:08:34 +01:00
Marc 036cdf922f templates: fix typo "custm" -> "custom" 2022-12-27 12:02:33 +01:00
jimyag b4ff22935c update macos check 2022-12-25 15:45:45 +01:00
ma6174 5feadbf3fc fix goroutine leak 2022-12-25 14:11:16 +01:00
Juan Font 3e9ee816f9 Add integration tests for logout with authkey 2022-12-22 20:02:18 +01:00
Juan Font 2494e27a73 Make WaitForTailscaleLogout a Scenario method 2022-12-22 20:02:18 +01:00
Juan Font 8e8b65bb84 Add ko-fi sponsor button 2022-12-22 17:25:49 +01:00
Juan Font b7d7fc57c4 Add logout method to tsic 2022-12-22 00:09:21 +01:00
Juan Font b54c0e3d22 Add integration tests that check logout and relogin 2022-12-21 20:52:08 +01:00
Juan Font 593040b73d Run the Noise handlers under a new struct so we can access the noiseConn from the handlers
In TS2021 the MachineKey can be obtained from noiseConn.Peer() - contrary to what I thought before,
where I assumed MachineKey was dropped in TS2021.

By having a ts2021App and hanging from there the TS2021 handlers, we can fetch again the MachineKey.
2022-12-21 20:52:08 +01:00
Juan Font 6e890afc5f Minor linting fixes 2022-12-21 08:28:53 +01:00
Fatih Acar 2afba0233b fix(routes): ensure routes are correctly propagated
When using Tailscale v1.34.1, enabling or disabling a route does not
effectively add or remove the route from the node's routing table.
We must restart tailscale on the node to have a netmap update.

Fix this by refreshing last state change so that a netmap diff is sent.

Also do not include secondary routes in allowedIPs, otherwise secondary
routes might be used by nodes instead of the primary route.

Signed-off-by: Fatih Acar <facar@scaleway.com>
2022-12-20 15:39:59 +01:00
Anoop Sundaresh 91900b7310 Update remote-cli.md
Fixing the local binary path
2022-12-19 19:16:48 +01:00
Juan Font 55b198a16a Clients are offline when expired 2022-12-19 15:56:12 +01:00
Juan Font ca37dc6268 Update changelog 2022-12-15 00:13:53 -08:00
Juan Font 000c02dad9 Show online in CLI & API when isOnline() reports so 2022-12-15 00:13:53 -08:00
Juan Font 4532915be1 Refresh autogenerated grpc stuff 2022-12-15 00:13:53 -08:00
Juan Font 4b8d6e7c64 Include online field in proto for machine 2022-12-15 00:13:53 -08:00
Kristoffer Dalby 579c5827b3 regenerate proto with new plugin
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-14 00:05:29 -08:00
Kristoffer Dalby 01628f76ff upgrade grpc-gateway plugin
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-14 00:05:29 -08:00
Kristoffer Dalby 53858a32f1 dont fail docker if nothing to delete
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-13 23:13:23 -08:00
Juan Font Alonso 2bf576ea8a Disable Tailscale 1.16 in integration tests 2022-12-09 19:11:24 +01:00
github-actions[bot] 1faac0b3d7 docs(README): update contributors 2022-12-07 15:18:37 +01:00
Kristoffer Dalby 134c72f4fb Set db_ssl to false by default, fixes #1043
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-07 14:58:47 +01:00
Zachary Newell 70f2f5d750 Added an OIDC AllowGroups option for authorization. 2022-12-07 08:53:16 +01:00
Kristoffer Dalby 4453728614 Murder docker container and network before run
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-06 08:52:21 +01:00
Juan Font 34107f9a0f Updated changelog 2022-12-06 08:17:14 +01:00
Juan Font 52862b8a22 Port integration tests routes CLI to v2
Fix options signature
2022-12-06 08:17:14 +01:00
Juan Font 946d38e5d7 Minor linting fixes
Remove magic number (base10...)
2022-12-06 08:17:14 +01:00
Juan Font 78819be03c Use the new routes API from the CLI 2022-12-06 08:17:14 +01:00
Juan Font 34631dfcf5 Refactored route grpc glue code 2022-12-06 08:17:14 +01:00
Juan Font 8fa9755b55 Updated generated pb code
Update swagger
2022-12-06 08:17:14 +01:00
Juan Font 1b557ac1ea Update protobuf definitions + support methods for the API
Add more logging

Updated protos with new routes API
2022-12-06 08:17:14 +01:00
Juan Font 8170f5e693 Removed unused code and linting fixes
Another bunch of gosec/golint related fixes

Remove method no longer used
2022-12-06 08:17:14 +01:00
Juan Font a506d0fcc8 Run handlePrimarySubnetFailover() with a ticker when Serve 2022-12-06 08:17:14 +01:00
Juan Font 6718ff71d3 Added helper methods for subnet failover + unit tests
Added method to perform subnet failover

Added tests for subnet failover
2022-12-06 08:17:14 +01:00
Juan Font b62acff2e3 Refactor machine.go, and move functionality to routes.go + unit tests
Port routes tests to new model

Mark as primary the first instance of subnet + tests

In preparation for subnet failover, mark the initial occurrence of a subnet as the primary one.
2022-12-06 08:17:14 +01:00
Juan Font ac8bff716d Call processMachineRoutes when a new Map is received 2022-12-06 08:17:14 +01:00
Juan Font fba77de4eb Add Route DB model and migration from existing field
Add migration from Machine.EnabledRoutes to the new Route table

Cleanup route.go and add helper methods to process HostInfo
2022-12-06 08:17:14 +01:00
github-actions[bot] d1bca105ef docs(README): update contributors 2022-12-05 22:05:25 +01:00
Juan Font 6c2d6fa302 Do not explicitly set the protocols when ommited in ACL 2022-12-05 21:45:18 +01:00
Kristoffer Dalby 1015bc3e02 Upgrade to Tailscale 1.34.0
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby 68c72d03b5 Prep changelog for new release
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby bd4b2da06e Add changelog entry to correct version
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby 7b8cf5ef1a Add 1.34.0 to integration tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby 638a3d48ec fix nix run
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby 4de676c64e Add instructions for macOS GUI
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby a58a552f0e Update macos/windows doc
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby 0db16c7bbe Update nix deps, get go 1.19.3 in
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 10:40:17 +01:00
Kristoffer Dalby 06f7e7cfd8 Tag dockerfiles to minor version so we dont have to care about patch
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 10:40:17 +01:00
Kristoffer Dalby 19f12f94c0 Make goreleaser use Nix
Eliminate one more place to make sure we use the same go version

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 10:40:17 +01:00
Kristoffer Dalby 95d3062c21 Add github action updater
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 10:40:17 +01:00
Kristoffer Dalby 86fa136a63 Upgrade go dependencies
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 10:40:17 +01:00
Juan Font 89c12072ba added changelog for 0.17.1 2022-12-03 16:34:23 +01:00
Juan Font 54f701ff92 generateACLPolicy() no longer a Headscale method 2022-12-03 15:43:40 +01:00
Juan Font 5a70ea7326 Correct typo on standalone (fixes #1021) 2022-12-01 17:01:20 +01:00
Kristoffer Dalby 63cd3122e6 Add breaking change about noise private path
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-01 14:47:19 +01:00
Kristoffer Dalby 6f4c6c1876 Ignore tparallel where it doesnt make sense
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-01 14:45:11 +01:00
Kristoffer Dalby eb072a1a74 mark some changes as more important
Signed-off-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-11-26 12:01:12 +01:00
Kristoffer Dalby 36b8862e7c Add notes about current ssh status
Signed-off-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-11-26 11:53:31 +01:00
Even Holthe d4e3bf184b Add experimental flag to unit test 2022-11-26 11:53:31 +01:00
Even Holthe c28ca27133 Add SSH ACL to changelog 2022-11-26 11:53:31 +01:00
Kristoffer Dalby c02e105065 Mark the flag properly experimental
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby 22da5bfc1d Enable SSH for tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby c6d31747f7 Add feature flag for SSH, and warning
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby 91ed6e2197 Allow WithEnv to be passed multiple times
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby d71aef3b98 Mark all tests with Parallel
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby 8a79c2e7ed Do not retry on permission denied in ssh
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby f34e7c341b Strip newline from hostname
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby e28d308796 Add negative tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Even Holthe f610be632e SSH: add test between namespaces 2022-11-26 11:53:31 +01:00
Even Holthe fd6d25b5c1 SSH: Lint and typos 2022-11-26 11:53:31 +01:00
Kristoffer Dalby 3695284286 Make simple initial test case
This commit makes the initial SSH test a bit simpler:

- Use the same pattern/functions for all clients as other tests
- Only test within _one_ namespace/user to confirm the base case
- Use retry function, same as taildrop, there is some funky going on
  there...

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby cfaa36e51a Add method to expose container id
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Kristoffer Dalby d207c30949 Ensure we have ssh in container
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-26 11:53:31 +01:00
Even Holthe 519f22f9bf SSH integration test setup 2022-11-26 11:53:31 +01:00
Even Holthe 52a323b90d Add SSH capability advertisement
Advertises the SSH capability, and parses the SSH ACLs to pass to the
tailscale client. Doesn’t support ‘autogroup’ ACL functionality.

Co-authored-by: Daniel Brooks <db48x@headline.com>
2022-11-26 11:53:31 +01:00
github-actions[bot] 91559d0558 docs(README): update contributors 2022-11-25 08:58:13 +01:00
Orville Q. Song 25195b8d73 Update CHANGELOG.md 2022-11-24 16:13:47 +01:00
Orville Q. Song e69176e200 Tweak 2022-11-24 16:13:47 +01:00
Orville Q. Song d29d0222af Add a note about the db_ssl field in the example config file 2022-11-24 16:13:47 +01:00
Orville Q. Song 72b9803a08 Change DBssl to string 2022-11-24 16:13:47 +01:00
Kristoffer Dalby 99e33181b2 Make displayName include basedomain if set
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-22 19:16:58 +01:00
Kristoffer Dalby e7f322b9b6 Mark all tests to run in parallel
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-22 13:18:58 +01:00
Juan Font 1d36e1775f Remove OIDC action 2022-11-21 22:07:27 +01:00
Juan Font 0525bea593 Remove legacy OIDC tests 2022-11-21 22:07:27 +01:00
Juan Font 2770c7cc07 Initial proposal for better routing 2022-11-21 21:58:22 +01:00
Juan Font 1b0e80bb10 Add OIDC integration tests
* Port OIDC integration tests to v2

* Move Tailscale old versions to TS2019 list

* Remove Alpine Linux container

* Updated changelog

* Releases: use flavor to set the tag suffix

* Added more debug messages in OIDC registration

* Added more logging

* Do not strip nodekey prefix on handle expired

* Updated changelog

* Add WithHostnameAsServerURL option func

* Reduce the number of namespaces and use hsic.WithHostnameAsServerURL

* Linting fix

* Fix linting issues

* Wait for ready outside the up goroutine

* Minor change in log message

* Add prefix to env var

* Remove unused env var

Co-authored-by: Juan Font <juan.font@esa.int>
Co-authored-by: Steven Honson <steven@honson.id.au>
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-11-21 21:51:54 +01:00
Kristoffer Dalby 4ccc528d96 Remove some very verbose error outputs
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-21 14:37:50 +01:00
Juan Font 6a311f4ab6 Remove broken renovatebot 2022-11-20 17:19:50 +01:00
manju-rn a49a405413 Correction in the sample config file
Added the db_type in the sample config.yaml  Without this entry, the container throws Unsupported DB error
`db_type: sqlite3`
2022-11-20 17:12:13 +01:00
Juan Font 24f946e2e9 Fix completion issues (fixes #839) 2022-11-20 13:57:38 +01:00
Juan Font c3cdb340de Increase integration tests timeout to 120m 2022-11-20 12:56:07 +01:00
Juan Font 935319a218 Remove mTLS from doc and config example 2022-11-19 19:50:34 +01:00
Juan Font 4c7e15a7ce Remove mTLS config from integration config 2022-11-19 19:50:34 +01:00
Juan Font d461097247 Remove mTLS stuff from code 2022-11-19 19:50:34 +01:00
Juan Font f90a3c196c Move TS WaitForReady outside up goroutine 2022-11-19 17:16:08 +01:00
Juan Font Alonso 751cc173d4 Fix issue when CLI is configured in config file 2022-11-18 19:19:56 +01:00
Juan Font Alonso ff134f2b8e Fix remote CLI when there is no config file present 2022-11-18 19:19:56 +01:00
Arnar Gauti Ingason 6d3ede1367 Add support for NextDNS resolver 2022-11-18 09:38:46 +01:00
Steven Honson c0884f94b8 Release: tag every release with develop 2022-11-17 16:52:12 +01:00
Kristoffer Dalby 3d8dd68b14 default to localhost, not listen on all
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-16 17:37:35 +01:00
Kristoffer Dalby b02e88364e Fix test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-16 17:37:35 +01:00
Kristoffer Dalby 9790831afb Make config example "local dev first"
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-16 17:37:35 +01:00
Juan Font Alonso 2d79179141 Updated changelog 2022-11-15 21:28:26 +01:00
Juan Font Alonso 275cc28193 Do not strip nodekey prefix on handle expired 2022-11-15 21:28:26 +01:00
Juan Font c5ba7552c5 Added more logging 2022-11-15 21:28:26 +01:00
Juan Font 8909f801bb Added more debug messages in OIDC registration 2022-11-15 21:28:26 +01:00
Steven Honson 3d4af52b3a Releases: use flavor to set the tag suffix 2022-11-15 11:36:38 +01:00
Juan Font 6391555dab Updated changelog 2022-11-15 08:42:29 +01:00
Juan Font 8cc5b2174b Remove Alpine Linux container 2022-11-15 08:42:29 +01:00
Juan Font 9269dd01f5 Move Tailscale old versions to TS2019 list 2022-11-14 23:06:30 +01:00
Juan Font ef68f17a96 Return the correct error on cache miss 2022-11-14 18:34:27 +01:00
Juan Font f74266f8f8 OIDC code cleanup and harmonize with regular web auth 2022-11-14 18:34:27 +01:00
Kristoffer Dalby 46df219ed3 Add testname identifier to hs container
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 835288d864 Remove unused variable
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 93d56362af Lock and unify headscale start/get method
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 4799859be0 Fix renamed method
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 8e44596171 less verbose command output
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby d479234058 Split ts versions into 2019/2021 for dedicated tests later
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 3fc5866de0 Remove duplicate function
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby f3c40086ac Make TLS setup work automatically
This commit injects the per-test-generated tls certs into the tailscale
container and makes sure all can ping all. It does not test any of the
DERP isolation yet.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 09ed21edd8 Remove duplicate function
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 456479eaa1 Rename and move wait for headscale
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby cb87852825 Add nolint to gosec stuff that doesnt matter because test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 69440058bb Clean up cert function
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Kristoffer Dalby 9bc6ac0f35 Make TLS setup work automatically
This commit injects the per-test-generated tls certs into the tailscale
container and makes sure all can ping all. It does not test any of the
DERP isolation yet.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-14 16:50:28 +01:00
Juan Font Alonso 89ff5c83d2 Add web flow auth integration tests 2022-11-14 08:47:02 +01:00
Juan Font Alonso 0a47d694be Return the real port of the container 2022-11-14 08:47:02 +01:00
Juan Font Alonso 73c84d4f6a Print hostname of the machine registered 2022-11-14 08:47:02 +01:00
Juan Font Alonso a9251d6652 Fixed linter issues 2022-11-13 22:33:41 +01:00
Juan Font Alonso f9c44f11d6 Added method to run tailscale up without authkey 2022-11-13 22:33:41 +01:00
Juan Font Alonso 1f8bd24a0d Return stderr in tsic.Execute 2022-11-13 22:33:41 +01:00
Juan Font Alonso 7bf2eb3d71 Update Tailscale interface with new Execute signature 2022-11-13 22:33:41 +01:00
Juan Font Alonso f5a5437917 disable interfacebloat linter 2022-11-13 18:30:00 +01:00
Juan Font Alonso 9989657c0f Wait for tailscale client to be ready after tailscale up 2022-11-13 18:30:00 +01:00
Juan Font Alonso cb2790984f Added WaitForReady() to Tailscale interface
When using running `tailscale up` in the AuthKey flow process, the tailscale client immediately enters PollMap after registration - avoiding a race condition.

When using the web auth (up -> go to the Control website -> CLI `register`) the client is polling checking if it has been authorized. If we immediately ask for the client IP, as done in CreateHeadscaleEnv() we might have the client in NotReady status.

This method provides a way to wait for the client to be ready.

Signed-off-by: Juan Font Alonso <juanfontalonso@gmail.com>
2022-11-13 18:30:00 +01:00
Juan Font Alonso 18c0009a51 Fix oidc.go linting issues
Signed-off-by: Juan Font Alonso <juanfontalonso@gmail.com>
2022-11-13 15:42:54 +01:00
Juan Font Alonso d038df2a88 Added ts2019 buildtag to CI config
Otherwise we are getting utils.go:119:6: `decode` is unused (deadcode)

Signed-off-by: Juan Font Alonso <juanfontalonso@gmail.com>
2022-11-13 15:42:54 +01:00
Mesar Hameed d8e9d95a3b config-example.yaml: fix typos and improve english. 2022-11-10 15:52:57 +00:00
Grigoriy Mikhalkin 0e405c7ce0 remove private key constant errors from NewHeadscale 2022-11-10 15:35:22 +00:00
Anton Schubert 21f0e089b6 fix noise mapResponse updates, fixes #838 2022-11-10 14:44:44 +00:00
kyra cfda804726 Provide LoginName when registering with pre-auth key 2022-11-06 19:09:52 +01:00
github-actions[bot] d6b383dd2f docs(README): update contributors 2022-11-05 16:03:17 +01:00
LiuHanCheng 07f92e647c fix bug in #912 (#914) 2022-11-05 09:07:22 +01:00
LiuHanCheng bf87b33292 feat: add information to the /apple page for the macOS standalone client user (#915)
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-11-04 12:27:23 +01:00
Kristoffer Dalby 527b580f5e Add build flag to enable TS2019 (#928) 2022-11-04 11:26:33 +01:00
Kristoffer Dalby c31328a54a Fix bitrotted versions in gh ci
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-04 10:46:23 +01:00
Kristoffer Dalby b2c0e37122 Run on correct change
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-04 10:35:19 +01:00
Kristoffer Dalby 889223e35f Add experimental kradalby gh runner
Remove old v2 runner in favour of self-hosted

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-04 10:35:19 +01:00
Kristoffer Dalby 6e83b7f06b Give workflows better names
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 14:59:15 +01:00
Kristoffer Dalby 31d427b655 Run more tests in parallel
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 13:31:51 +01:00
Kristoffer Dalby d8c856e602 Add basic accept all acl to all test as example
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby aad4c90fe6 Add options to hsic, ACL and env overrides
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby 4f9fe93146 golangci-lint --fix
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby 96fe6aa3a1 Remove unused func, comment out configobject way
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby 947e961a3a Write headcsale config file from code, not depend on directory
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby 43731cad2e Add helper function to add files to hs container
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby ac15b21720 Remove tab from YAML
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Kristoffer Dalby dfc03a6124 Ditch stupid distroless image for debug/test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-03 12:53:00 +01:00
Benjamin Roberts 8a07381e3a Fix prefix length comparison bug in AutoApprovers route evaluation (#862) 2022-11-01 12:00:40 +01:00
Kristoffer Dalby 0cf9c4ce8e Add nolint since go os has weird casing
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-31 17:58:03 +01:00
Kristoffer Dalby e8b3de494e Fix lint
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-31 17:58:03 +01:00
Kristoffer Dalby 21ec543d37 Give user better feedback if headscale socket is unwritable
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-31 17:58:03 +01:00
Kristoffer Dalby ca8bca98ed Add support for "override local DNS" (#905)
* Add support for "override local DNS"

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update cli dump test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-31 16:26:18 +01:00
Jiang Zhu 4e8b95e6cd Fix issue 660 (#874)
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2022-10-31 15:59:50 +01:00
Kristoffer Dalby ad31378d92 Update vendor sha in nix
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-30 23:16:07 +01:00
Kristoffer Dalby 3a6257b193 Update everything else
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-30 23:16:07 +01:00
Kristoffer Dalby fafa3f8211 Upgrade tailscale
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-30 23:16:07 +01:00
Kristoffer Dalby 62e3fa0011 Update nix
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-30 23:16:07 +01:00
Kristoffer Dalby 94ad0a1555 Remove ip_prefix, its been deprecated for a long time (#899)
* Remove ip_prefix, its been deprecated for a long time

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2022-10-30 22:31:18 +01:00
Juan Font c1c22a4b51 Merge pull request #897 from kradalby/integration-remove-v1-genera
Remove v1 general integration tests
2022-10-30 21:49:49 +01:00
Juan Font 611f7c374c Merge branch 'main' into integration-remove-v1-genera 2022-10-30 21:46:33 +01:00
Kristoffer Dalby 91c0a153b0 Merge pull request #890 from kradalby/integration-v2-cli 2022-10-28 18:46:04 +02:00
Kristoffer Dalby 73eae8e2cf Merge branch 'main' into integration-v2-cli 2022-10-28 16:13:21 +02:00
Kristoffer Dalby 341db0c5c9 Merge pull request #895 from puzpuzpuz/update-xsync-version 2022-10-28 16:12:38 +02:00
Kristoffer Dalby 2ca286ee8c Merge branch 'main' into integration-v2-cli 2022-10-28 15:29:43 +02:00
Kristoffer Dalby dde39aa24c Remove general v1 makefile entry
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-28 15:21:11 +02:00
Kristoffer Dalby bcdd34b01e Remove v1 general integration tests code
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-28 15:10:45 +02:00
Kristoffer Dalby e45ba37ec5 Remove v1 general integration tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-28 15:10:30 +02:00
Kristoffer Dalby d69a5f621e Merge branch 'main' into update-xsync-version 2022-10-28 10:21:08 +02:00
Kristoffer Dalby 7f69b08bc8 Merge pull request #896 from kradalby/update-golines 2022-10-28 10:20:20 +02:00
Kristoffer Dalby 5d3c02702b Update golines
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-28 09:30:56 +02:00
Kristoffer Dalby 1469425484 update flake vendor hash
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-28 09:28:20 +02:00
Andrey Pechkurov 0e12b66706 Simplify code around latest state change map updates 2022-10-27 23:22:33 +03:00
Kristoffer Dalby 7e6ab19270 Port preauthkey subcommand tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby 5013187aaf Add some sort stability
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby 239ef16ad1 Add preauthkey command test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby cb61a490e0 Add namespace command test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby 2c0488da0b Add Execute helper for controlserver
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-26 10:23:44 +02:00
Kristoffer Dalby a647e6af24 Merge pull request #889 from kradalby/integration-v2-resolve-magicdns 2022-10-25 17:56:06 +02:00
Kristoffer Dalby fe4e05b0bc only print stdout on err
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-25 09:24:05 +02:00
Kristoffer Dalby 54e3a0d372 Test with a longer timeout
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-25 08:44:25 +02:00
Juan Font e7e2c7804b Merge branch 'main' into integration-v2-resolve-magicdns 2022-10-25 00:10:28 +02:00
Juan Font 5c9c4f27fe Merge pull request #892 from kradalby/integration-v2-no-verbose
Remove verbose flag for v2 tests, increase timeout
2022-10-25 00:10:07 +02:00
Juan Font 21b06f603a Merge branch 'main' into integration-v2-no-verbose 2022-10-25 00:08:50 +02:00
Juan Font a14f482ef7 Merge pull request #891 from kradalby/integration-ditch-retry
Integration, remove retry
2022-10-25 00:08:38 +02:00
Kristoffer Dalby 86c132c8b2 Remove verbose flag for v2 tests, increase timeout
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-24 17:14:55 +02:00
Kristoffer Dalby 2b10226618 Remove extra line
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-24 16:48:25 +02:00
Kristoffer Dalby 23a0946e76 Integration, remove retry
The retry has no real function as it will just fail on
"container exists" on the old tests and the new test will
just try forever before it eventually fails.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-24 16:46:21 +02:00
Kristoffer Dalby 7015d72911 port resolve magicdns test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-24 14:59:14 +02:00
Kristoffer Dalby 76689c221d remove fixed todo
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-24 14:58:02 +02:00
Kristoffer Dalby 8d46986a87 Merge pull request #888 from juanfont/update-contributors 2022-10-23 17:47:09 +02:00
github-actions[bot] b22e628b49 docs(README): update contributors 2022-10-23 14:33:02 +00:00
Kristoffer Dalby 9c30939e3f Merge pull request #887 from kradalby/integration-v2-taildrop 2022-10-23 16:32:11 +02:00
Kristoffer Dalby 018b1d68f2 Migrate taildrop test to v2
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 14:13:22 +02:00
Kristoffer Dalby ae189c03ac Merge pull request #884 from kradalby/integration-v2-ping-by-hostname 2022-10-23 14:12:06 +02:00
Kristoffer Dalby 7155b22043 Factor out some commonly used patterns
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 12:41:35 +02:00
Kristoffer Dalby 40c048fb45 Fix lint
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 12:01:03 +02:00
Kristoffer Dalby 53b4bb220d Fixup after ts interface
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 11:55:37 +02:00
Kristoffer Dalby d706c3516d Remove 1.16 from FQDN, bump 1.32.1
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 11:50:19 +02:00
Kristoffer Dalby cbbf9fbdef Use FQDN from tailscale client
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 11:50:19 +02:00
Kristoffer Dalby d8144ee2ed Add initial pingallbyhostname
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 11:50:16 +02:00
Kristoffer Dalby fa3d21cbc0 Rename pingall test to signal ip
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 11:50:03 +02:00
Kristoffer Dalby d242ceac46 Make hostname dns safe, allow string in ping command
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-23 11:50:01 +02:00
Juan Font ecce82d44a Merge pull request #875 from thetillhoff/main
Unify code snippet comment location
2022-10-22 18:10:22 +02:00
Juan Font 463180cc2e Merge branch 'main' into main 2022-10-22 16:22:51 +02:00
Juan Font 129afdb157 Merge pull request #871 from kradalby/integration-ts-interface
Integration: make TailscaleClient interface
2022-10-22 16:22:40 +02:00
Till Hoffmann 701f990a23 Unify code snippet comment location 2022-10-22 00:12:24 +02:00
Kristoffer Dalby e112514a3b Merge branch 'main' into integration-ts-interface 2022-10-21 15:37:21 +02:00
Kristoffer Dalby babd303667 Merge pull request #771 from shanna/feature-random-suffix-on-collision 2022-10-21 15:14:28 +02:00
Kristoffer Dalby 2d170fe339 update tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-21 14:54:57 +02:00
Kristoffer Dalby bc1c1f5ce8 Fix most nil pointers, actually make it check for unique across headscale
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-21 14:42:37 +02:00
Kristoffer Dalby 830d59fe8c Merge branch 'main' into feature-random-suffix-on-collision 2022-10-21 13:34:15 +02:00
Kristoffer Dalby c9823ce347 Use TailscaleClient interface instead of tsic
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-21 13:17:54 +02:00
Kristoffer Dalby 8c4744acd9 make TailscaleClient interface
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-21 13:17:38 +02:00
Juan Font 9c16d5e511 Merge pull request #843 from phpmalik/patch-1
Fix spelling error
2022-10-21 06:23:59 +02:00
Juan Font 40b3de9894 Merge branch 'main' into feature-random-suffix-on-collision 2022-10-21 05:19:53 +02:00
Juan Font 1eea9c943c Merge branch 'main' into patch-1 2022-10-21 05:19:23 +02:00
Juan Font 399c3255ab Merge pull request #852 from kevin1sMe/main
Update document about reverse-proxy
2022-10-21 05:19:08 +02:00
Juan Font 852cb90fcc Merge branch 'main' into main 2022-10-21 05:13:37 +02:00
Juan Font 587a016b46 Merge pull request #856 from kradalby/integration-v2
Integration tests v2
2022-10-21 05:12:17 +02:00
Kristoffer Dalby b2bca2ac81 Only run integration tests from dir in new tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 16:00:24 +02:00
Kristoffer Dalby 6d8c18d4de Fix golangcilint
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 12ee9bc02d Fix golangcilint
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 8502a0acda dont request tty
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 36ad0003a9 golangci-lint --fix
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 4cb7d63e8b Set better names for different integration tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 2bf50bc205 Add new integration tests to ci
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 39bc6f7e01 Port PingAll test to new test suite
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 0db608a7b7 Add tailscale versions, waiters and helpers for scenario
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 3951f39868 Add wait for peers and status to tsic
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby c90d0dd843 remove the need to bind host port
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 84f9f604b0 go mod tidy
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby aef77a113c use variable for namespace
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 13aa845c69 Add comment about scenario test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby b0a4ee4dfe test login with one node
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 25e39d9ff9 Add get ips command to scenario
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby f109b54e79 Join test suite container to network, allowing seperate networks
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby eda4321486 Skip integration tests on short or lack of docker
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby a9c3b14f79 Define a "scenario", which is a controlserver with nodes
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby f68ba7504f Move some helper functions into dockertestutil package
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby b331e3f736 hsic: ControlServer implementation of headscale in docker
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby 308b9e78a1 Defince control server interface
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Kristoffer Dalby fa8b02a83f tsic: Tailscale in Container abstraction
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:37:11 +02:00
Juan Font a39504510a Merge pull request #865 from kradalby/integration-no-build-tags
Do not use build tags for running integration tests
2022-10-18 15:36:09 +02:00
Kristoffer Dalby 2f36a11a8e use short flag for nix build test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 15:08:48 +02:00
Kristoffer Dalby 4df47de3f2 add nolint to integrationtests, they are going away ™️
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 14:57:22 +02:00
Kristoffer Dalby dfadb965b7 Use short test to signal that we dont run integration
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 14:45:18 +02:00
Kristoffer Dalby c6f82c3646 Switch from hacking buildtags to selecting tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 14:41:48 +02:00
Kristoffer Dalby 32c21a05f8 cache go mod in docker, speed up local
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-18 14:41:20 +02:00
kevinlin 79864e0165 Fmt md with prettier 2022-10-15 00:11:57 +08:00
kevinlin 06e12f7020 Update: tips about warnning log 2022-10-15 00:11:05 +08:00
kevinlin 3659461666 Update reverse-proxy document for istio/envoy 2022-10-15 00:11:05 +08:00
Juan Font e96bceed4c Merge pull request #859 from kradalby/new-integration-versions
Add back head and unstable, ts 1.32.0
2022-10-14 10:44:25 +02:00
Kristoffer Dalby ff217ccce8 Add back head and unstable, ts 1.32.0
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-14 09:12:13 +02:00
Juan Font 4dd2eef5d1 Merge pull request #855 from Donran/main
Fix no arguments panic
2022-10-13 22:50:49 +02:00
Juan Font 907aa07e51 Merge branch 'main' into main 2022-10-13 22:30:45 +02:00
Juan Font 0048ed07a2 Merge pull request #853 from zhzy0077/patch-1
Fix the proposed noise private_key_path
2022-10-13 22:30:02 +02:00
Juan Font 88d12873c5 Merge branch 'main' into patch-1 2022-10-13 22:28:24 +02:00
Pontus N 9f58eebfe1 Fix zero arguments error 2022-10-13 15:17:18 +02:00
Kristoffer Dalby cf40d2a892 Merge pull request #854 from kradalby/integration-split 2022-10-13 10:15:13 +02:00
Kristoffer Dalby 21dd212349 Split integration tests into seperate jobs
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-13 05:50:41 +02:00
Zhiyuan Zheng 073308f1a3 Fix the proposed noise private_key_path
As indicated by the comment, the default /var/lib/headscale path is not writable in the container. However the sample setting is not following that like `private_key_path`
2022-10-11 22:55:54 +08:00
Kristoffer Dalby 03194e2d66 Merge branch 'main' into feature-random-suffix-on-collision 2022-10-11 08:24:21 +02:00
Kristoffer Dalby f18e22224c Merge pull request #844 from kradalby/container-exist-fix
Run integration tests inside docker, dont depend on local platform
2022-10-08 12:25:59 +02:00
Kristoffer Dalby 8ee35c9c22 Stuff
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby d900f48d38 expose right porsts
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby a846e13c78 Expose and use ports consistently
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby ed2236aa24 Add buildtags to pls
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby a94ed0586e Run all integration tests fully in docker
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 22cabc16d7 No interactive tty
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 88931001fd Fail correctly if container exist
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby f3dbfc9045 Style change
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 85df2c80a8 Run oidc tests fully in docker
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby aca3a667c4 Fix declaration of pointer
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby a0ec3690b6 Fix error declaration
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 37a4d41d0e Make addr configurable
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 382a37f1e1 Test against last patch version
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 201f81ce00 Make sure mockoidc is up, has unique name and removed if exist
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 4904ccc3c3 Make sure mock container is removed before started
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:27 +02:00
Kristoffer Dalby 6b67584d47 Fix DERP name in integration tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-07 23:56:26 +02:00
Juan Font d575dac73a Merge pull request #823 from kradalby/sanitise-machine-key-url
Protect against user injection for registration CLI page
2022-10-04 16:01:19 +02:00
Juan Font 5333df283a Merge branch 'main' into sanitise-machine-key-url 2022-10-04 14:31:28 +02:00
Kristoffer Dalby d56ad2917d Fix nolint comment
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-03 12:29:13 +02:00
Kristoffer Dalby df36bcfd39 Fix machine test from marger
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-03 12:29:13 +02:00
github-actions[bot] a3d3ad2208 docs(README): update contributors 2022-10-03 12:29:13 +02:00
phpmalik 0b0fb0af22 Minor change
Spelling mistake
listning -> listening
2022-10-03 12:59:39 +05:30
= 2aebd2927d Random suffix only on collision.
0.16.0 introduced random suffixes to all machine given names
(DNS hostnames) regardless of collisions within a namespace.
This commit brings Headscale more inline with Tailscale by only
adding a suffix if the hostname will collide within the namespace.

The suffix generation differs from Tailscale.
See https://tailscale.com/kb/1098/machine-names/
2022-10-03 09:13:56 +02:00
Kristoffer Dalby c00e5599b0 Merge pull request #840 from juanfont/update-contributors 2022-10-03 09:08:13 +02:00
github-actions[bot] 72e2fa46c7 docs(README): update contributors 2022-09-30 08:23:20 +00:00
Kristoffer Dalby 98f5b7f638 Merge pull request #837 from ShadowJonathan/patch-1 2022-09-30 10:22:38 +02:00
Jonathan de Jong 70ecda6fd1 Fix warning on success 2022-09-27 11:51:00 +02:00
Kristoffer Dalby 5fe6538c02 Merge pull request #831 from kradalby/fix-https-listen 2022-09-26 14:02:56 +02:00
Kristoffer Dalby 84c4b0336f Merge branch 'main' into fix-https-listen 2022-09-26 12:13:16 +02:00
Kristoffer Dalby 8fbba1ac94 Merge pull request #830 from kradalby/nix-overlay 2022-09-26 12:13:05 +02:00
Kristoffer Dalby 1a30bcba91 Merge branch 'main' into nix-overlay 2022-09-26 11:50:25 +02:00
Kristoffer Dalby ed58b2e4e2 Merge branch 'main' into fix-https-listen 2022-09-26 11:50:20 +02:00
Kristoffer Dalby 5f975cbb50 Merge pull request #829 from kradalby/oidc-dependency 2022-09-26 11:49:53 +02:00
Kristoffer Dalby 81dd9b2386 format
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 11:34:04 +02:00
Kristoffer Dalby 9088521252 Move lets enc listener into go routine
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 11:33:48 +02:00
Kristoffer Dalby fc6a1e15fc Revert overlay overlapping
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 11:13:42 +02:00
Kristoffer Dalby 94be5ca295 Nix update
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:50:41 +02:00
Kristoffer Dalby 804d9d8196 Format nix with alejandra
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:48:59 +02:00
Kristoffer Dalby d0e945fdd7 _ unused variable
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:48:37 +02:00
Kristoffer Dalby 98e7842c26 Add nix overlay to flake
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:47:49 +02:00
Kristoffer Dalby 24629895c7 Add new config option to cli integration tests
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:14:46 +02:00
Kristoffer Dalby 256b6cb54d Add new option to config-example
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:01:15 +02:00
Kristoffer Dalby 6b4d53315b Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:01:01 +02:00
Kristoffer Dalby fb25a06a66 Preserve current behaviour with a config flag
Add a configuration flag (default true to preserve current behaviour) to
allow headscale to start without OIDC being able to initialise.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 09:57:28 +02:00
Kristoffer Dalby dbe58e53e4 Allow headscale to start if oidc setup fails.
This commit makes headscale fall back to CLI authentication if oidc
fails to initialised and posts a warning to users.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 09:52:32 +02:00
Kristoffer Dalby 8dcc82ceb3 Use oidc if it initialised, not if it is configured
OIDC might be configured, but unable to be initialised, this only runs
the oidc cycle if it is actually successfully set up/initialised.

Prep for next commit

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 09:51:23 +02:00
Kristoffer Dalby 8be14ef6fe gofumpt
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-23 11:53:42 +02:00
Kristoffer Dalby 2bb34751d1 Validate the incoming nodekey with regex before attempting to parse
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-23 11:53:42 +02:00
Kristoffer Dalby d06ba7b522 Merge branch 'main' into sanitise-machine-key-url 2022-09-23 11:09:23 +02:00
Kristoffer Dalby a507a04650 Merge pull request #763 from tsujamin/autoapprovers 2022-09-23 11:07:53 +02:00
Benjamin George Roberts 7761a7b23e fix autoapprover test following tagged authkey change 2022-09-23 18:46:35 +10:00
Benjamin George Roberts 6d2cfd52c5 Merge branch 'main' into autoapprovers 2022-09-23 18:44:36 +10:00
Kristoffer Dalby 75a8fc8b3e Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-23 10:44:29 +02:00
Kristoffer Dalby 8fa05c1e72 Merge pull request #767 from tsujamin/preauthkey-tags 2022-09-23 10:42:42 +02:00
Kristoffer Dalby 93082b8092 Protect against user injection for registration CLI page
This commit addresses a potential issue where we allowed unsanitised
content to be passed through a go template without validation.

We now try to unmarshall the incoming node key and fails to render the
template if it is not a valid node key.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-23 10:39:42 +02:00
Benjamin George Roberts d764f52f24 Update changelog 2022-09-23 18:16:16 +10:00
Benjamin George Roberts e5decbd0fa Update changelog 2022-09-23 18:13:48 +10:00
Kristoffer Dalby 8a1c0e0e9b Merge branch 'main' into preauthkey-tags 2022-09-23 18:11:27 +10:00
Benjamin Roberts 5b12ab9894 Merge branch 'main' into autoapprovers 2022-09-23 18:06:31 +10:00
Benjamin George Roberts c52e3aafe6 remove unnecessary checks on slices 2022-09-23 18:04:30 +10:00
Juan Font a46170e2a1 Merge pull request #793 from juanfont/remove-sponsorship
Remove sponsor buttons
2022-09-21 19:50:11 +02:00
Juan Font aca1c1b156 Merge branch 'main' into remove-sponsorship 2022-09-21 18:13:00 +02:00
Juan Font 09863b540d Merge branch 'main' into preauthkey-tags 2022-09-21 18:03:35 +02:00
Juan Font adb352e663 Merge branch 'main' into autoapprovers 2022-09-21 17:53:17 +02:00
Juan Font c9b39da6b9 Merge pull request #790 from mike-lloyd03/reverse-proxy
Add reverse proxy documentation
2022-09-21 17:52:59 +02:00
Juan Font 6fe86dff00 Merge branch 'main' into remove-sponsorship 2022-09-21 17:47:43 +02:00
Juan Font 9b1dcb2f0c Merge branch 'main' into reverse-proxy 2022-09-21 17:47:13 +02:00
Juan Font 22c68fff13 Merge pull request #815 from juanfont/remove-gin-references
Removed gin from go.sum (Github security notice)
2022-09-21 17:45:12 +02:00
Juan Font ddd92822b0 Merge branch 'main' into remove-gin-references 2022-09-21 17:26:23 +02:00
Juan Font bd6282d1e3 Merge pull request #801 from juanfont/oidc-integration-testing
Add integration tests for OIDC authentication
2022-09-21 17:26:04 +02:00
Juan Font 7092a3ea47 Merge branch 'oidc-integration-testing' of https://github.com/juanfont/headscale into oidc-integration-testing 2022-09-21 15:02:13 +00:00
Juan Font 695359862e Return stderr too in ExecuteCommand 2022-09-21 15:01:26 +00:00
Juan Font 95948e03c9 Added indication of workaround for #814 2022-09-21 14:47:48 +00:00
Mike Lloyd e286ba817b Format reverse-proxy.md 2022-09-20 20:12:45 -07:00
Juan Font 8aa0eefedd Merge branch 'main' into oidc-integration-testing 2022-09-20 23:43:45 +02:00
Juan Font e6e5872b4b Merge branch 'main' into reverse-proxy 2022-09-20 23:34:44 +02:00
Juan Font 2c73f8ee62 Merge branch 'main' into remove-gin-references 2022-09-20 23:32:42 +02:00
Juan Font cdc8bab7d9 Merge pull request #768 from kazauwa/feature/json-logs
toggle json logging via config
2022-09-20 23:32:10 +02:00
Juan Font f2928d7dcb Removed gin from go.sum (Github security notice) 2022-09-20 21:26:11 +00:00
Juan Font 44be239723 Merge branch 'main' into reverse-proxy 2022-09-20 23:16:21 +02:00
Juan Font 397754753f Merge branch 'main' into feature/json-logs 2022-09-20 23:11:29 +02:00
Juan Font e87b470996 Removed fmt.Println for linting 2022-09-20 21:06:43 +00:00
Juan Font 083d2a871c Linting fixes 2022-09-20 21:02:44 +00:00
Juan Font 7a171cf5ea Added sleep to workaround #814 2022-09-20 20:54:58 +00:00
Juan Font 1563d7555f Use Headscale container to run mockoidc 2022-09-20 20:42:50 +00:00
Juan Font 2e97119db8 Added derp config to OIDC etc 2022-09-20 20:42:12 +00:00
Juan Font b3a53bf642 Do not load the config for CLI mockoidc (and version) 2022-09-20 19:59:22 +00:00
Juan Font a3f18f248c Add internal mockoidc command 2022-09-20 19:58:36 +00:00
Juan Font 1c267f72e0 Capture listen error on mockoidc 2022-09-19 23:07:47 +00:00
Juan Font becf918b78 Merge branch 'main' into remove-sponsorship 2022-09-18 23:58:42 +02:00
Juan Font 9c58395bb3 Removed unused param after routes fix 2022-09-18 21:40:52 +00:00
Juan Font b117ca7720 Added missing TLS key for testing 2022-09-18 21:26:47 +00:00
Juan Font d83a28bd1b Merge branch 'main' into oidc-integration-testing 2022-09-18 23:25:01 +02:00
Juan Font 42ef71bff9 Merge pull request #811 from kradalby/primary-routes
Fix subnet routers
2022-09-18 21:59:25 +02:00
Kristoffer Dalby f2da1a1665 Add comment and update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 12:14:49 +02:00
Kristoffer Dalby 356b76fc56 Format
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 11:37:38 +02:00
Kristoffer Dalby 33ae56acfa Add primary routes to node
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 11:36:35 +02:00
Juan Font 9923adcb8b Merge branch 'main' into feature/json-logs 2022-09-15 00:22:18 +02:00
Juan Font Alonso c21479cb9c Print docker network config 2022-09-15 00:06:17 +02:00
Juan Font Alonso 3abca99b0c Add logs for issues in Actions 2022-09-14 23:32:19 +02:00
Igor Perepilitsyn 874d6aaf6b Make styling fixes 2022-09-11 21:44:28 +02:00
Igor Perepilitsyn ae4f2cc4b5 Update changelog 2022-09-11 21:37:38 +02:00
Igor Perepilitsyn dd155dca97 Create a distinct log section in config 2022-09-11 21:37:23 +02:00
Juan Font Alonso 99307d1576 Update nix sum 2022-09-08 20:36:44 +02:00
Juan Font Alonso b2f3ffbc5a Run integration tests in Actions 2022-09-08 19:49:37 +02:00
Juan Font Alonso 5774b32e55 Include OIDC in the full execution 2022-09-08 19:48:51 +02:00
Juan Font Alonso 41353a57c8 Added integration tests for OIDC on Makefile 2022-09-08 19:48:27 +02:00
Juan Font Alonso 9c0cf4595a OIDC integration tests working 2022-09-08 19:47:47 +02:00
Juan Font Alonso 71b712356f Minor change on the base config for OIDC 2022-09-08 19:47:29 +02:00
Juan Font Alonso f33e3e3b81 Parse the OIDC login URL 2022-09-08 19:32:11 +02:00
Juan Font Alonso 5f384c6323 Removed old code and minor changes 2022-09-08 18:11:41 +02:00
Benjamin Roberts e056b86c37 Merge branch 'main' into preauthkey-tags 2022-09-08 09:04:12 +10:00
Jamie Greeff 91e30397bd Remove --rm flag from Docker example
It appears to be causing confusion for users on Discord when copying/pasting from the example here, if Headscale crashes on launch then the container will be removed and logs can't be viewed with `docker logs`.
2022-09-08 09:03:42 +10:00
Benjamin George Roberts 8a8ec7476d fix linting issues in preauthkey tags 2022-09-08 09:03:38 +10:00
Juan Font Alonso fca380587a Initial work on OIDC tests 2022-09-07 23:53:46 +02:00
Juan Font Alonso cb70d7c705 Return the results on error 2022-09-07 23:53:31 +02:00
Juan Font Alonso b27b789e28 Added base config file template 2022-09-07 18:40:02 +02:00
Juan Font a9da953b55 Merge branch 'main' into autoapprovers 2022-09-07 18:21:21 +02:00
Juan Font 12d5b6a2d2 Merge branch 'main' into remove-sponsorship 2022-09-07 17:14:11 +02:00
Juan Font a0a463494b Merge pull request #797 from madjam002/patch-1
Remove --rm flag from Docker example
2022-09-07 17:13:14 +02:00
Jamie Greeff 07dca79b20 Remove --rm flag from Docker example
It appears to be causing confusion for users on Discord when copying/pasting from the example here, if Headscale crashes on launch then the container will be removed and logs can't be viewed with `docker logs`.
2022-09-07 14:16:04 +01:00
Benjamin George Roberts 688cba7292 fix linting mistakes 2022-09-07 21:39:56 +10:00
Mike Lloyd 0fe3c21223 Move map block out of server block 2022-09-06 16:12:20 -07:00
Mike Lloyd 45df6e77ff Apply suggestions from code review
Thanks for the pointers!

Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2022-09-06 15:37:39 -07:00
Juan Font 548551c6ae Merge branch 'main' into autoapprovers 2022-09-07 00:31:48 +02:00
Juan Font e3f1fd1ffc Merge branch 'main' into remove-sponsorship 2022-09-07 00:31:13 +02:00
Juan Font 470c49394c Merge branch 'main' into preauthkey-tags 2022-09-07 00:22:36 +02:00
Juan Font 31662bcd28 Merge branch 'main' into reverse-proxy 2022-09-07 00:19:57 +02:00
Juan Font 7247302f45 Merge branch 'main' into feature/json-logs 2022-09-07 00:05:38 +02:00
Juan Font 1a5a5b12b7 Merge pull request #795 from stefanvanburen/svanburen/buf-mod-update
Run `buf mod update` in protos/
2022-09-06 23:49:32 +02:00
Stefan VanBuren 0099dd1724 Run buf mod update 2022-09-06 14:52:09 -04:00
Juan Font 1f131c6729 Merge branch 'main' into feature/json-logs 2022-09-06 20:18:35 +02:00
Juan Font fc4361b225 Delete FUNDING.yml 2022-09-06 20:09:01 +02:00
Juan Font ce25a1e64e Remove sponsor buttons 2022-09-06 20:07:16 +02:00
Juan Font 449a135b94 Merge pull request #791 from kradalby/add-logo
Add logo files and add to readme
2022-09-05 15:34:00 +02:00
Kristoffer Dalby 002d484abe use logo in readme correcly 2022-09-05 15:31:03 +02:00
Kristoffer Dalby 9823ef2af5 use logo in readme 2022-09-05 15:30:19 +02:00
Kristoffer Dalby 641c6fd439 Add logo files 2022-09-05 15:29:30 +02:00
Mike Lloyd 3a042471b7 Add web sockets section 2022-09-04 17:39:51 -07:00
Mike Lloyd dc18d64286 Add websockets config 2022-09-04 17:26:33 -07:00
Benjamin George Roberts 72a43007d8 fix broken preauth-key tag test 2022-09-05 09:44:55 +10:00
Benjamin George Roberts 842c28adff replace netaddr usage with netip 2022-09-05 09:33:53 +10:00
Juan Font 9810d84e2d Merge branch 'main' into autoapprovers 2022-09-04 22:40:08 +02:00
Juan Font f6153a9b5d Merge branch 'main' into preauthkey-tags 2022-09-04 22:35:51 +02:00
Juan Font 302a88bfdb Merge branch 'main' into feature/json-logs 2022-09-04 22:32:58 +02:00
Mike Lloyd f6e83413e5 Add PR link to changelog 2022-09-04 09:49:34 -07:00
Mike Lloyd 02ab3a2cb6 Update changelog 2022-09-04 09:46:11 -07:00
Mike Lloyd 90e840c3c9 Add reverse proxy documentation 2022-09-04 09:42:23 -07:00
Juan Font af60ffb7fa Merge pull request #788 from juanfont/warn-websockets-requirement
Warn when Headscale is running behind an improperly configured proxy
2022-09-04 16:44:54 +02:00
Juan Font Alonso c28e559da4 Updated changelog 2022-09-04 16:23:46 +02:00
Juan Font Alonso 5c59255b41 Also warn in DERP server if Websockets are not properly working 2022-09-04 16:13:48 +02:00
Juan Font Alonso a377ee14b4 Minor message change 2022-09-04 16:13:30 +02:00
Juan Font Alonso 2262188d8a Warn when Headscale is running behind a wrongly configured proxy 2022-09-04 16:05:21 +02:00
Juan Font 7c49c752a9 Merge pull request #786 from juanfont/update-deps-20220904
Update dependencies 20220904
2022-09-04 16:01:52 +02:00
Juan Font Alonso e29726cc50 Updated nix sum 2022-09-04 15:45:35 +02:00
Juan Font Alonso 3c73cbe92b Merge branch 'main' into update-deps-20220904 2022-09-04 15:37:25 +02:00
Juan Font Alonso cc357062be Missing go.sum 2022-09-04 15:36:59 +02:00
Juan Font Alonso 17c06f7167 Upgrade direct dependencies 2022-09-04 15:36:00 +02:00
Juan Font d12e0156c3 Merge pull request #784 from juanfont/fix-go-1.19-lint
Fix linting broken after Go 1.19
2022-09-04 15:31:41 +02:00
Juan Font Alonso 204dedaa49 Only pass the context in pollmap, no req needed 2022-09-04 15:14:12 +02:00
Juan Font Alonso 52073ce7c9 Pass context in OIDC helpers 2022-09-04 15:02:18 +02:00
Juan Font Alonso 434747e007 Use timeout in lets encrypt http server 2022-09-04 11:47:05 +02:00
Juan Font Alonso 7a78314d9d Remove nolint directives 2022-09-04 11:44:24 +02:00
Juan Font Alonso f23e9dc235 Pass the req context when pinging the DB 2022-09-04 11:43:09 +02:00
Juan Font Alonso 4527801d48 More unused parameters removed in protocol functions 2022-09-04 11:41:31 +02:00
Juan Font Alonso e0857f0226 Removed unused parameters in protocol functions 2022-09-04 11:40:14 +02:00
Juan Font Alonso 0d074b1da6 setLastStateChangeToNow was always receiving nil 2022-09-04 11:37:49 +02:00
Juan Font Alonso f2fda4f906 Return error on marshaling issues 2022-09-04 11:36:03 +02:00
Juan Font Alonso c1c36036ae Add timeouts for the Noise server 2022-09-04 11:35:39 +02:00
Juan Font Alonso 9a1438d2e3 Use inherited context 2022-09-04 11:35:13 +02:00
Juan Font Alonso 582122851d Go do not like underscores in packages 2022-09-04 11:34:23 +02:00
Juan Font Alonso f4d197485c Use library const for HTTP verbs 2022-09-04 11:33:00 +02:00
Juan Font Alonso 68305df9b2 Applied gofumpt 2022-09-04 11:32:29 +02:00
Juan Font Alonso ca0be81833 Target the latest version for golint 2022-09-04 11:31:06 +02:00
Juan Font 380fbfe438 Merge pull request #780 from juanfont/bump-ts1.30
Target Tailscale version to v1.30.0 (and replace inet.af/netaddr with net/netip)
2022-09-04 09:24:42 +02:00
Juan Font Alonso 32d68a40d5 Update flake sha 2022-09-04 00:00:23 +02:00
Juan Font Alonso 198e92c08f Remove dependency on netaddr 2022-09-03 23:46:14 +02:00
Juan Font Alonso 38b26f5285 Merge branch 'main' into bump-ts1.30 2022-09-03 23:33:09 +02:00
Juan Font 096a009685 Merge pull request #781 from juanfont/switch-to-nix-unstable
Switch to Nix unstable for Go 1.19
2022-09-03 23:32:51 +02:00
Juan Font Alonso 30c0fdb38d Update changelog 2022-09-03 23:19:07 +02:00
Juan Font Alonso 663dbf7395 Use go 1.19 in Nix 2022-09-03 23:06:21 +02:00
Juan Font Alonso 373db0dc5e Switch to nix unstable 2022-09-03 23:05:34 +02:00
Juan Font Alonso 2733fb30cc Minor change in go.mod 2022-09-03 16:23:36 +02:00
Juan Font Alonso d29411408b Merge branch 'main' into bump-tailscale-v1.30 2022-09-03 16:20:25 +02:00
Juan Font 24bafdf2bb Merge pull request #778 from juanfont/bump-go-1.19
Target Go 1.19 for Headscale
2022-09-03 13:16:48 +02:00
Juan Font a9ede6a2bc Merge branch 'main' into feature/json-logs 2022-09-03 12:39:04 +02:00
Juan Font Alonso 2c5bf6982c Updated changelog 2022-09-03 12:24:22 +02:00
Juan Font Alonso dd3ec84000 Minor doc change 2022-09-03 12:22:03 +02:00
Juan Font Alonso 84044e236d Release using go 1.19 2022-09-03 12:21:54 +02:00
Juan Font Alonso 2ddf7ab515 Use Go 1.19 in Dockerfiles 2022-09-03 12:21:35 +02:00
Juan Font Alonso f519c513c2 Target go 1.19 in go.mod 2022-09-03 12:21:04 +02:00
Juan Font Alonso d5cc5b2bc8 Move integration tests to net/netip 2022-09-02 09:22:34 +02:00
Juan Font Alonso 51abf90db6 Use net/netip in derp server 2022-09-02 09:16:19 +02:00
Juan Font Alonso 71410cb6da Port dns to net/netip 2022-09-02 09:15:05 +02:00
Juan Font Alonso efb12f208c Move db to net/netip 2022-09-02 09:13:50 +02:00
Juan Font Alonso 64ede5dbef Move namespaces unit tests to net/netip 2022-09-02 09:13:07 +02:00
Juan Font Alonso 7af78152a4 Migrate routes to net/netip 2022-09-02 00:06:19 +02:00
Juan Font Alonso 290ec8bb19 Migrate ACLs to net/netip 2022-09-02 00:05:43 +02:00
Juan Font Alonso cdf48b1216 Migrate utils to net/netip 2022-09-02 00:05:18 +02:00
Juan Font Alonso a24710a961 Migrate machine to net/netip 2022-09-02 00:04:31 +02:00
Juan Font Alonso 197da8afcb Migrate config.go to net/netip 2022-09-02 00:04:04 +02:00
Juan Font Alonso 12385d4357 Target Tailscale v1.30.0 2022-09-01 20:50:56 +02:00
Juan Font e7f8bb866f Merge pull request #772 from juanfont/enable-1.30-in-tests
Add Tailscale v1.30.0 to the integration test roaster
2022-09-01 00:03:21 +02:00
Juan Font Alonso 1ad19a3bd8 Add 1.30.0 to the version roaster 2022-08-31 22:17:13 +02:00
Igor Perepilitsyn bb6b07dedc FIXES #768 add new config entry to the old itegration tests 2022-08-26 13:43:25 +02:00
Igor Perepilitsyn 2403c0e198 toggle json logging via config 2022-08-26 13:10:51 +02:00
Benjamin George Roberts ac18723dd4 Set tags as part of handleAuthKeyCommon 2022-08-25 22:26:04 +10:00
Benjamin George Roberts 6faa1d2e4a Fix tests broken by preauthkey tags 2022-08-25 22:23:52 +10:00
Benjamin George Roberts 791272e408 Adds grpc/cli support for preauthkey tags 2022-08-25 22:23:46 +10:00
Benjamin George Roberts e27a4db281 add acl_tags to PreAuthKey proto 2022-08-25 22:15:43 +10:00
Benjamin George Roberts 60cc9ddb3b Add test for autoApprovers feature 2022-08-25 22:15:19 +10:00
Benjamin George Roberts 7653ad40d6 Split GetRouteApprovers from EnableAutoApprovedRoutes 2022-08-25 22:12:30 +10:00
Benjamin George Roberts 004ebcaba1 initial implementation of autoApprovers support 2022-08-25 22:00:04 +10:00
Kristoffer Dalby cc0bec15ef Merge pull request #760 from juanfont/update-contributors 2022-08-23 21:21:50 +02:00
github-actions[bot] 20970b580a docs(README): update contributors 2022-08-22 12:47:42 +00:00
Juan Font 53857d418a Merge pull request #756 from huskyii/env_config
Env config
2022-08-22 14:47:01 +02:00
Jiang Zhu a81a4d274f Update CHANGELOG.md 2022-08-22 20:20:20 +08:00
Jiang Zhu ce4a1cf447 1. add noise key to config file
2. lower node check interval
2022-08-22 00:35:08 +08:00
Jiang Zhu 35dd9209b9 update CHANGELOG.md 2022-08-21 23:51:04 +08:00
Jiang Zhu 81f91f03b4 add env var to specify config location 2022-08-21 23:51:04 +08:00
Juan Font 84a5edf345 Merge pull request #738 from juanfont/hs2021-v2
Implement TS2021 protocol in headscale
2022-08-21 16:02:28 +02:00
Juan Font Alonso 4aafe6c9d1 Added line in CHANGELOG 2022-08-21 12:32:01 +02:00
Juan Font 3ab1487641 Merge branch 'main' into hs2021-v2 2022-08-21 11:57:33 +02:00
Kristoffer Dalby 0c7f1eac82 Merge pull request #757 from juanfont/changelog-0.16.4 2022-08-21 11:15:30 +02:00
Juan Font Alonso 6fe895fd22 Updated changelog for 0.16.4 2022-08-21 10:51:58 +02:00
Juan Font Alonso 71d22dc994 Added missing files 2022-08-21 10:47:45 +02:00
Juan Font Alonso 4424a9abc0 Noise private key now a nested field in config 2022-08-21 10:42:23 +02:00
Juan Font Alonso e20e818a42 Integrate expiration fixes (#754) in TS2021 branch 2022-08-20 11:46:44 +02:00
Juan Font 061e2fe4b4 Merge pull request #754 from Aluxima/expired-machine-registration
Fix cli registration of expired machines
2022-08-20 11:41:15 +02:00
Juan Font Alonso f0a8a2857b Clarified why we have a different key 2022-08-20 00:23:33 +02:00
Juan Font Alonso 175dfa1ede Update flake.nix sum 2022-08-20 00:15:46 +02:00
Juan Font Alonso 04e4fa785b Updated dependencies 2022-08-20 00:11:07 +02:00
Juan Font Alonso 6aec520889 Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale into hs2021-v2 2022-08-20 00:06:58 +02:00
Juan Font Alonso e9906b522f Use upstream AcceptHTTP for the Noise upgrade 2022-08-20 00:06:26 +02:00
Juan Font 2f554133c5 Move comment up
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-08-19 23:49:06 +02:00
Juan Font Alonso 922b8b5365 Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale into hs2021-v2 2022-08-19 16:32:18 +02:00
Juan Font Alonso c894db3dd4 Use common core for noise registration 2022-08-19 16:29:04 +02:00
Laurent Marchaud e85562268d Switch to using nodeKey instead of machineKey for expired machines registration
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 15:48:35 +02:00
Laurent Marchaud fca33aacbe Fix rebased errors scope in machine.go
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 15:07:01 +02:00
Juan Font e43713a866 Merge branch 'main' into hs2021-v2 2022-08-19 15:02:01 +02:00
Juan Font Alonso b6e3cd81c6 Fixed minor linting things 2022-08-19 14:27:40 +02:00
Juan Font Alonso 43ad0d4416 Removed unused method 2022-08-19 14:24:43 +02:00
Juan Font Alonso a33b5a5c00 Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale into hs2021-v2 2022-08-19 14:20:55 +02:00
Juan Font Alonso e2bffd4f5a Make legacy protocol use common methods for client registration 2022-08-19 14:20:24 +02:00
Juan Font Alonso a87a9636e3 Expanded response marshal methods to support legacy and Noise 2022-08-19 14:19:29 +02:00
Laurent Marchaud a31432ee7b Fix changelog
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 14:14:30 +02:00
Laurent Marchaud 0c66590108 Update changelog
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 14:11:19 +02:00
Laurent Marchaud c6ea9b4b80 Fix cli registration of expired machines
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 14:11:13 +02:00
Juan Font 19455399f4 Merge pull request #752 from juanfont/add-code-of-conduct
Create CODE_OF_CONDUCT.md
2022-08-19 00:38:01 +02:00
Juan Font 43ba1fb176 Prettier 2022-08-18 22:32:53 +00:00
Juan Font a6f56b4285 Create CODE_OF_CONDUCT.md 2022-08-18 22:08:33 +02:00
Juan Font 9d430d3c72 Update noise.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-08-18 21:33:56 +02:00
Juan Font Alonso f9a2a2b57a Add docker DNS IP to the remaining files 2022-08-18 18:07:15 +02:00
Juan Font Alonso e4d961cfad Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale into hs2021-v2 2022-08-18 17:57:06 +02:00
Juan Font 67ffebc30a Merge branch 'main' into hs2021-v2 2022-08-18 17:56:56 +02:00
Juan Font Alonso cf731fafab Catch retry error in taildrop send 2022-08-18 17:56:01 +02:00
Juan Font Alonso f43a83aad7 Find out IPv4 for taildrop 2022-08-18 17:53:36 +02:00
Juan Font Alonso 7185f8dfea Only use released versions in public integration tests 2022-08-18 17:53:25 +02:00
Juan Font Alonso 8a707de5f1 Add local Docker DNS server (makes resolving http://headscale more reliable) 2022-08-18 17:53:04 +02:00
Juan Font 61bb6292b7 Merge pull request #746 from gozssky/patch-1
Fix charset typo in swagger.go
2022-08-18 12:23:45 +02:00
Juan Font 40e0ae99da Merge branch 'main' into patch-1 2022-08-18 11:49:15 +02:00
Juan Font 2dd615a4ef Merge pull request #745 from 617a7a/main
feat: add support for TLS with Postgres
2022-08-18 11:48:33 +02:00
Azz 7e06abdca2 chore: azz forgot how to write code 2022-08-17 20:12:45 +01:00
Azz c316f53e23 fix: ci happy now? 2022-08-17 19:32:20 +01:00
Azz b6d324be69 Merge branch 'main' of https://github.com/juanfont/headscale
# Conflicts:
#	CHANGELOG.md
2022-08-17 19:31:26 +01:00
Juan Font f7380312d3 Merge pull request #747 from juanfont/fix-oidc
Fix error decoding OIDC claims (#744)
2022-08-17 18:30:50 +02:00
Juan Font 287309b65c Update changelog 2022-08-17 15:08:29 +00:00
Juan Font cc3de7e723 Fix error decoding claims (#744) 2022-08-17 15:03:10 +00:00
Yujie Xia e03b3029e3 Fix charset typo in swagger.go 2022-08-17 12:27:58 +08:00
Juan Font Alonso ba07bac46a Use IPv4 in the tests 2022-08-16 18:42:22 +02:00
Juan Font Alonso b71a881d0e Retry magicdns tests 2022-08-16 18:19:04 +02:00
Juan Font Alonso ce53bb0eee Minor changes to HEAD Dockerfile 2022-08-16 17:52:59 +02:00
Juan Font Alonso c0fe1abf4d Use node_key to find peers 2022-08-16 17:51:43 +02:00
Juan Font Alonso 0db7fc5ab7 Mark all namespaces to lastChange now 2022-08-16 13:39:15 +02:00
azz 701ad3e017 chore: update CHANGELOG.md 2022-08-16 09:09:28 +01:00
azz 0cc14d0aca feat: added db_ssl to config-example.yaml 2022-08-16 09:02:51 +01:00
Azz 3f5ea7998f Merge branch 'main' into main 2022-08-16 08:56:36 +01:00
azz 4c7f54020b feat: add support for TLS with Postgres 2022-08-16 08:50:30 +01:00
Juan Font Alonso eb461d0713 Enable HEAD and unstable in integration tests 2022-08-16 00:18:02 +02:00
Juan Font Alonso 128ec6717c Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale into hs2021-v2 2022-08-15 23:35:24 +02:00
Juan Font Alonso b3cf5289f8 Use CapVer to offer Noise only to supported clients 2022-08-15 23:35:06 +02:00
Juan Font c701f9e817 Merge branch 'main' into hs2021-v2 2022-08-15 22:56:39 +02:00
Juan Font e1a95e2057 Merge pull request #734 from vtrf/postgres-connection-string
Add ability to connect to PostgreSQL via unix socket
2022-08-15 19:20:01 +02:00
Victor Freire 0a5db52855 Add ability to connect to PostgreSQL via unix socket 2022-08-15 11:55:38 -03:00
Juan Font 7197ade4b4 Merge branch 'main' into postgres-connection-string 2022-08-15 13:37:09 +02:00
Juan Font Alonso 865f1ffb3c Fix issues with DERP integration tests due to tailscale/tailscale#4323 2022-08-15 11:25:47 +02:00
Juan Font Alonso 8db7629edf Fix config file in integration tests for Noise 2022-08-15 10:53:06 +02:00
Juan Font Alonso b8980b9ed3 More minor logging stuff 2022-08-15 10:44:22 +02:00
Juan Font Alonso 5cf9eedf42 Minor logging corrections 2022-08-15 10:43:39 +02:00
Juan Font 193b4213b3 Merge pull request #739 from juanfont/updated-changelog-0.16.2
Added changelog entries for 0.16.x
2022-08-14 23:27:27 +02:00
Juan Font Alonso 8557bcedae Added changelog entries for 0.16.x 2022-08-14 23:22:41 +02:00
Juan Font Alonso f599bea216 Fixed issue when not using compression 2022-08-14 23:15:41 +02:00
Juan Font Alonso 704a19b0a5 Removed legacy method to generate MapResponse 2022-08-14 23:13:07 +02:00
Juan Font Alonso e29b344e0f Move Noise poll to new file, and use common poll 2022-08-14 23:12:18 +02:00
Juan Font Alonso 7cc227d01e Added Noise field to logging 2022-08-14 23:11:33 +02:00
Juan Font Alonso df8ecdb603 Working on common codebase for poll, starting with legacy 2022-08-14 22:57:03 +02:00
Juan Font Alonso f4bab6b290 Created common methods for keep and map poll responses 2022-08-14 22:50:39 +02:00
Juan Font Alonso 35f3dee1d0 Move Noise API to new file 2022-08-14 21:19:52 +02:00
Juan Font Alonso db89fdea23 Added file for legacy protocol 2022-08-14 21:16:29 +02:00
Juan Font Alonso d0898ecabc Move common parts of the protocol to dedicated file 2022-08-14 21:15:58 +02:00
Juan Font Alonso e640c6df05 Fixes in Noise poll (clients should work now) 2022-08-14 21:10:08 +02:00
Juan Font Alonso ab18c721bb Support for Noise machines in getPeers 2022-08-14 21:07:29 +02:00
Juan Font Alonso aaa33cf093 Minor change in router 2022-08-14 21:07:05 +02:00
Juan Font Alonso 0f09e19e38 Updated go.mod checksum 2022-08-14 17:09:14 +02:00
Juan Font Alonso b301405f24 Merge branch 'hs2021-v2' of https://github.com/juanfont/headscale into hs2021-v2 2022-08-14 17:06:03 +02:00
Juan Font Alonso 1f3032ad21 Merge branch 'main' into hs2021-v2 2022-08-14 17:05:51 +02:00
Juan Font Alonso c10142f767 Added noise poll handler 2022-08-14 17:05:04 +02:00
Juan Font Alonso 0d0042b7e6 Added zstd constant for linting 2022-08-14 17:04:07 +02:00
Juan Font Alonso 78a179c971 Minor update in docs 2022-08-14 16:53:54 +02:00
Juan Font Alonso cab828c9d4 Fixed unit tests to load config 2022-08-14 16:52:57 +02:00
Juan Font Alonso ff46f3ff49 Move reusable method to common api file 2022-08-14 16:13:17 +02:00
Juan Font b67cff50f5 Merge branch 'main' into hs2021-v2 2022-08-14 13:44:12 +02:00
Juan Font e29ac8a4ab Merge pull request #737 from juanfont/fix-machinekey-oidc
Fixed another recurrence of MachineKey
2022-08-14 13:44:01 +02:00
Juan Font Alonso 20d2615081 Check json encoder errors 2022-08-14 12:47:04 +02:00
Juan Font 7fb2f83540 Merge branch 'main' into fix-machinekey-oidc 2022-08-14 12:44:30 +02:00
Juan Font Alonso eb8d8f142c And more linting stuff 2022-08-14 12:44:07 +02:00
Juan Font Alonso 3bea20850a Some linting fixes 2022-08-14 12:40:22 +02:00
Juan Font Alonso ade1b73779 Output an error when a user runs headscale without noise_private_key_path defined 2022-08-14 12:35:14 +02:00
Juan Font Alonso 281ae59b5a Update integration tests to work with Noise protocol 2022-08-14 12:18:33 +02:00
Juan Font Alonso 90bb6ea907 Minor formatting changes 2022-08-14 12:10:20 +02:00
Juan Font Alonso 5b14cafddd Fixed another recurrence of MachineKey 2022-08-14 12:04:31 +02:00
Juan Font Alonso 9994fce9d5 Fixed some linting errors 2022-08-14 12:00:43 +02:00
Kristoffer Dalby c19e1a481e Merge pull request #736 from juanfont/update-contributors 2022-08-14 08:16:58 +02:00
Juan Font Alonso 39b85b02bb Move getMapResponse into reusable function by TS2019 and TS2021 2022-08-14 03:20:53 +02:00
Juan Font Alonso 7a91c82cda Merge branch 'main' into hs2021-v2 2022-08-14 03:07:43 +02:00
Juan Font Alonso c7cea9ef16 updated paths 2022-08-14 03:07:28 +02:00
github-actions[bot] d56b409cb9 docs(README): update contributors 2022-08-13 20:44:38 +00:00
Juan Font ee8f38111e Merge pull request #735 from juanfont/fix-expired-url
Fix expired node registration URL
2022-08-13 22:44:04 +02:00
Juan Font Alonso 8c13f64d3c Changed missing path 2022-08-13 21:55:44 +02:00
Juan Font Alonso a7efc22045 Fix expired node registration URL 2022-08-13 21:17:05 +02:00
Juan Font Alonso 1880035f6f Add registration handler over Noise protocol 2022-08-13 21:12:19 +02:00
Juan Font Alonso fdd0c50402 Added helper method to fetch machines by any nodekey + tests 2022-08-13 21:03:02 +02:00
Juan Font Alonso be24bacb79 Add noise mux and Noise path to base router 2022-08-13 20:55:37 +02:00
Juan Font Alonso b261d19cfe Added Noise upgrade handler and Noise mux 2022-08-13 20:52:11 +02:00
Victor Freire ec5acf7be2 Add ability to connect to PostgreSQL via unix socket 2022-08-13 11:34:12 -03:00
Juan Font Alonso 014e7abc68 Make private key errors constants 2022-08-13 14:46:23 +02:00
Juan Font Alonso 3e8f0e9984 Added support for Noise clients in /key handler 2022-08-13 11:24:05 +02:00
Juan Font Alonso 6e8e2bf508 Generate and read the Noise private key 2022-08-13 11:14:38 +02:00
Juan Font 09cd7ba304 Merge pull request #725 from juanfont/switch-to-db-d
Improve registration protocol implementation and switch to NodeKey as main identifier
2022-08-12 09:56:17 +02:00
Juan Font Alonso 77bf1e81ec Added missing dot in comment 2022-08-12 09:36:17 +02:00
Juan Font Alonso a9b9a2942d Update changelog 2022-08-12 09:31:11 +02:00
Juan Font a261e27113 Update api.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-08-12 09:03:32 +02:00
Juan Font f01a33491b Update api.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-08-12 09:03:11 +02:00
Juan Font 739e11e1ee Update api.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-08-12 09:02:58 +02:00
Juan Font 393aae01df Merge branch 'main' into switch-to-db-d 2022-08-11 15:02:08 +02:00
Juan Font 73cd428ed2 Merge pull request #729 from juanfont/fix-reuse-of-ns
Minor fix to linting issue introduced when fixing excludeCorrectlyTaggedNodes (#707)
2022-08-11 15:01:53 +02:00
Juan Font Alonso 1e7b57e513 Minor fix to linting issue introduced in #707 2022-08-11 14:12:45 +02:00
Juan Font Alonso e1e3feb6a8 Add a sleep to reduce the impact of #727 2022-08-11 13:37:25 +02:00
Juan Font 8e56d8b425 Merge branch 'main' into switch-to-db-d 2022-08-11 13:11:38 +02:00
Juan Font 6c8445988c Merge pull request #707 from restanrm/fix-bug-in-excludecorrectlytaggednodes
Fix bug in excludeCorrectlyTaggedNodes
2022-08-11 13:08:43 +02:00
Adrien Raffin-Caboisse 110b01befa Merge remote-tracking branch 'origin/main' into fix-bug-in-excludecorrectlytaggednodes 2022-08-11 12:49:26 +02:00
Juan Font Alonso d586b9d285 Added comment clarifying registration API 2022-08-11 12:16:50 +02:00
Juan Font Alonso 804d70386d Switch to nodekey in urls 2022-08-11 12:15:16 +02:00
Juan Font Alonso fb3b2e6bc8 Improve protocol implementation for client registration (fixes #706) 2022-08-11 12:11:02 +02:00
Juan Font Alonso 030d7264e6 Fixed comment for linting 2022-08-10 16:03:33 +02:00
Juan Font Alonso e91c378bd4 Replace machine key with node key in preparation for Noise in auth related stuff 2022-08-10 15:35:26 +02:00
Juan Font Alonso e950b3be29 Add method to fetch by nodekey 2022-08-10 13:15:31 +02:00
Juan Font dbf0e206b8 Merge pull request #722 from juanfont/bump-versions-20220810
Update dependencies versions
2022-08-10 11:25:03 +02:00
Juan Font Alonso 84f66090fd Updated CHangelog and flake 2022-08-10 11:04:42 +02:00
Juan Font Alonso f8958d4e22 Update xsync library (helps in #704) 2022-08-10 10:55:45 +02:00
Juan Font Alonso 70807e40f6 Updated base dependencies 2022-08-10 10:54:23 +02:00
Juan Font Alonso 9a01e3d192 Bump tailscale to 1.28.0 2022-08-10 10:47:49 +02:00
Juan Font a03a99569d Merge pull request #720 from juanfont/replace-ioutil
Replaced legacy ioutil usage
2022-08-10 07:41:50 +02:00
Juan Font Alonso 2d887046de Replaced legacy ioutil usage 2022-08-09 23:21:19 +02:00
Juan Font 3a091896fb Merge pull request #685 from GrigoriyMikhalkin/oidc-refactoring
Decompose OIDCCallback method
2022-08-09 20:52:32 +02:00
Juan Font 8a9fe1da4b Merge branch 'main' into oidc-refactoring 2022-08-09 20:29:02 +02:00
Juan Font abf478c9e6 Merge pull request #703 from nnsee/android-readme
Update the readme and documentation with details on the Android app
2022-08-09 15:39:45 +02:00
Juan Font 913a94d2ab Merge branch 'main' into android-readme 2022-08-09 15:37:20 +02:00
Juan Font 01e5be3b57 Merge pull request #711 from sophware/typofix
typo fixed from advertised to advertise
2022-08-09 15:11:23 +02:00
Juan Font e93529e9f3 Merge branch 'main' into typofix 2022-08-09 15:05:53 +02:00
Juan Font ade4e23e14 Merge pull request #698 from GrigoriyMikhalkin/export-errors
Export API errors
2022-08-09 15:04:51 +02:00
Juan Font fc65ded2d5 Merge branch 'main' into oidc-refactoring 2022-08-09 14:37:58 +02:00
Juan Font aa2b92703f Merge branch 'main' into export-errors 2022-08-09 14:33:10 +02:00
Juan Font 2c9dbe158d Merge pull request #713 from juanfont/update-buf-lint
Update buf setup action for proto-lint
2022-08-09 14:32:52 +02:00
Juan Font Alonso d6fa5c96ae Update setup action for proto lint 2022-08-09 14:21:45 +02:00
Juan Font 0506e68a96 Merge branch 'main' into export-errors 2022-08-09 14:16:24 +02:00
Juan Font b32f986105 Merge pull request #710 from juanfont/cosmetic-changes-integration
Improvements in integration tests
2022-08-09 14:16:10 +02:00
Juan Font Alonso 577eedef11 Restore the number of containers 2022-08-09 13:53:25 +02:00
Juan Font Alonso 27855880b2 Updated versions for taiscale 2022-08-09 13:53:02 +02:00
Juan Font Alonso b01d392f9e Run integrtation tests in different steps in Github Actions 2022-08-09 12:26:58 +02:00
Juan Font Alonso d548f5de3f Splitted integration tests in Makefile 2022-08-09 12:26:29 +02:00
Juan Font Alonso f8986132d4 Use tags to split the integration tests 2022-08-09 12:26:12 +02:00
Juan Font Alonso e7148b8080 Temporarily disable unstable branch 2022-08-09 09:58:45 +02:00
Juan Font Alonso 0a29492fc5 Increase swap size in integration tests 2022-08-08 23:20:29 +02:00
Grigoriy Mikhalkin a1e7e771ce refactor OIDC callback aux functions 2022-08-07 13:57:07 +02:00
Grigoriy Mikhalkin 00d2a447f4 decompose OIDCCallback method 2022-08-07 13:27:29 +02:00
Steve Malloy 2254ac2102 typo fixed from advertised to advertise 2022-08-05 15:44:11 -04:00
Juan Font Alonso 21ae31e77d Reduce number of containers in integration tests (for testing) 2022-08-05 18:57:08 +02:00
Juan Font Alonso a6113066ff Improved logs in integration tests 2022-08-05 17:35:28 +02:00
Adrien Raffin-Caboisse 0bb205d31f Merge remote-tracking branch 'origin/main' into fix-bug-in-excludecorrectlytaggednodes 2022-08-05 11:56:33 +02:00
Juan Font d7e8db7adc Merge branch 'main' into export-errors 2022-08-05 10:14:35 +02:00
Juan Font 0eb3b23f16 Merge pull request #708 from juanfont/revert-680-topic/speedup-build
Revert BuildKit (docker buildx) support
2022-08-05 10:14:19 +02:00
Juan Font 54e381cecb Revert "Topic/speedup build" 2022-08-05 00:31:39 +02:00
Grigoriy Mikhalkin cc1343d31d fixed typo in ErrCannotDecryptResponse name 2022-08-05 00:00:36 +02:00
Adrien Raffin-Caboisse bce59345e4 docs: add entry in changelog 2022-08-04 10:51:06 +02:00
Adrien Raffin-Caboisse 79688e6187 chore(all): apply formater 2022-08-04 10:47:00 +02:00
Adrien Raffin-Caboisse babf9470c2 fix(acl): fix issue with groups in excludeCorretlyTaggedNodes
This commit fix issue #563
2022-08-04 10:42:47 +02:00
Rasmus Moorats 10d566c946 add details on how to use the android app 2022-08-02 09:49:28 +03:00
Grigoriy Mikhalkin 911e6ba6de exported API errors 2022-07-29 17:35:21 +02:00
Juan Font f9c4d577e2 Merge pull request #680 from ohdearaugustin/topic/speedup-build
Topic/speedup build
2022-07-28 23:07:32 +02:00
Juan Font 9826b518bd Merge branch 'main' into topic/speedup-build 2022-07-28 22:58:07 +02:00
Juan Font 32a8f06486 Merge pull request #689 from restanrm/fix-duplicate-tags-returned-by-api
Remove duplicate tags if sent by the client
2022-07-28 22:52:35 +02:00
Juan Font 2ab2b8656b Merge branch 'main' into fix-duplicate-tags-returned-by-api 2022-07-27 00:37:07 +02:00
Juan Font d9ab98e47f Merge branch 'main' into topic/speedup-build 2022-07-26 18:45:41 +02:00
Juan Font 9d584bb0d3 Merge pull request #692 from juanfont/update-runc-dependencies
Update runc dependencies to fix security notification
2022-07-26 17:20:51 +02:00
Juan Font 4f725ba9e1 Merge branch 'main' into update-runc-dependencies 2022-07-26 13:59:35 +02:00
Juan Font b75a113c91 Merge pull request #688 from juanfont/prepare-cl-0.17.0
Prepare changelog structure for 0.17.0
2022-07-26 13:59:24 +02:00
Juan Font Alonso 75af83bb81 Update checksum for nix 2022-07-26 12:11:15 +02:00
Juan Font 0f6f0c3b6b Merge branch 'main' into prepare-cl-0.17.0 2022-07-26 12:05:28 +02:00
Juan Font Alonso b344524a6d Update runc dependencies to fix security notification 2022-07-26 12:02:58 +02:00
Juan Font Alonso 6f4d5a532e fixed linting errors 2022-07-26 11:25:20 +02:00
Juan Font 2d83c70173 Merge pull request #670 from iSchluff/feature/db-health-check
ping db in health check
2022-07-26 00:40:23 +02:00
Adrien Raffin-Caboisse c90e862460 fix(grpc): add more checks for tag validation 2022-07-25 14:01:41 +02:00
Adrien Raffin-Caboisse c46a34e6b8 fix(machine): remove duplicate in forcedTags 2022-07-25 11:04:30 +02:00
Juan Font Alonso 693f59ba2f Prepare changelog structure for 0.17.0 2022-07-25 10:35:21 +02:00
Juan Font abae078855 Merge branch 'main' into feature/db-health-check 2022-07-24 22:10:16 +02:00
Juan Font 0212db3fad Merge pull request #687 from huskyii/node_ls
more intuitive output of node ls
2022-07-24 12:06:41 +02:00
Jiang Zhu 49354f678e update CHANGELOG 2022-07-23 04:47:37 +08:00
Jiang Zhu dc94570c4a more intuitive output of node ls 2022-07-23 01:33:11 +08:00
Kristoffer Dalby 51b1027aec Merge pull request #686 from juanfont/update-contributors 2022-07-22 18:56:49 +02:00
github-actions[bot] 936adb7d2c docs(README): update contributors 2022-07-22 07:36:16 +00:00
Juan Font 581d1f3bfa Merge pull request #668 from GrigoriyMikhalkin/graceful-shutdown
graceful shutdown fix
2022-07-22 09:35:40 +02:00
Juan Font 7c87ef6c86 Merge branch 'main' into graceful-shutdown 2022-07-22 09:06:46 +02:00
Juan Font 1a9a9b718d Merge pull request #684 from juanfont/fix-api-mux
Fix API router
2022-07-22 09:06:06 +02:00
Juan Font Alonso 6c9f3420e2 Updated changelog 2022-07-21 23:59:44 +02:00
Juan Font Alonso a4d0efbe8d Fix API router 2022-07-21 23:57:07 +02:00
Grigoriy Mikhalkin 56858a56db Revert "decompose OIDCCallback method"
This reverts commit 395caaad42.
2022-07-21 23:54:35 +02:00
Grigoriy Mikhalkin 395caaad42 decompose OIDCCallback method 2022-07-21 23:47:20 +02:00
Grigoriy Mikhalkin 3f0639c87d graceful shutdown lint fixes 2022-07-21 23:47:20 +02:00
Grigoriy Mikhalkin 889eff265f graceful shutdown fix 2022-07-21 23:47:20 +02:00
Kristoffer Dalby c6eb7be7fb Merge pull request #683 from juanfont/update-contributors 2022-07-20 10:57:38 +02:00
github-actions[bot] 02c7a46b97 docs(README): update contributors 2022-07-20 07:21:19 +00:00
Kristoffer Dalby ea7b3baa8b Merge pull request #677 from huskyii/remove_gin 2022-07-20 09:20:24 +02:00
Jiang Zhu 5724f4607c fix nix build 2022-07-19 20:45:32 +08:00
Jiang Zhu b755d47652 update CHANGELOG 2022-07-19 20:45:23 +08:00
ohdearaugustin 96221cc4f7 docs: add bulding container docs 2022-07-17 21:18:04 +02:00
ohdearaugustin 34d261179e Speedup docker container build 2022-07-17 21:18:04 +02:00
ohdearaugustin 091b05f155 Change build os 2022-07-17 21:18:04 +02:00
Jiang Zhu aca5646032 remove gin completely, ~2MB reduction on final binary 2022-07-16 02:03:46 +08:00
Kristoffer Dalby 7e9abbeaec Merge pull request #676 from juanfont/update-contributors 2022-07-15 09:15:18 +01:00
Anton Schubert c6aaa37f2d ping db in health check 2022-07-12 22:56:53 +02:00
github-actions[bot] b8c3387892 docs(README): update contributors 2022-07-12 11:35:28 +00:00
Juan Font c50d3aa9bd Merge pull request #675 from juanfont/configurable-update-interval
Make tailnet updates check interval configurable
2022-07-12 13:34:49 +02:00
Juan Font Alonso 4ccff8bf28 Added the new parameter to the integration test params 2022-07-12 13:13:04 +02:00
Juan Font Alonso 5b5298b025 Renamed config param for node update check internal 2022-07-12 12:52:03 +02:00
Juan Font Alonso 8e0939f403 Updated changelog 2022-07-12 12:33:42 +02:00
Juan Font Alonso cf3fc85196 Make tailnet updates check configurable 2022-07-12 12:27:28 +02:00
Juan Font e0b15c18ce Merge pull request #667 from kradalby/rerun-docker
Make integration tests retry on failure.
2022-06-27 17:04:39 +02:00
Kristoffer Dalby 566b8c3df3 Fix issue were dockertest fails to start because of container mismatch 2022-06-27 12:07:30 +00:00
Kristoffer Dalby 32a6151df9 Rerun integration tests 5 times if error 2022-06-27 12:02:29 +00:00
Kristoffer Dalby 3777de7133 Use failnow for cli tests aswell 2022-06-27 12:00:21 +00:00
Kristoffer Dalby 8cae4f80d7 Fail tests instead of fatal
Currently we exit the program if the setup does not work, this can cause
is to leave containers and other resources behind since we dont run
TearDown. This change will just fail the test if we cant set up, which
should mean that the TearDown runs aswell.
2022-06-27 11:58:16 +00:00
Kristoffer Dalby 911c5bddce Make saving logs from tests an option (default false)
We currently have a bit of flaky logic which prevents the docker plugin
from cleaning up the containers if the tests or setup fatals or crashes,
this is due to a limitation in the save / passed stats handling.

This change makes it an environment variable which by default ditches
the logs and makes the containers clean up "correctly" in the teardown
method.
2022-06-27 11:56:37 +00:00
Juan Font 4a200c308b Merge pull request #656 from juanfont/abandon-gin
Drop Gin as web framework for TS2019 API
2022-06-26 15:54:41 +02:00
Juan Font Alonso 625e45b1cb Merge branch 'abandon-gin' of https://github.com/juanfont/headscale into abandon-gin 2022-06-26 14:25:05 +02:00
Juan Font Alonso 8551b0dde0 Fixed issue when in linting rampage 2022-06-26 14:24:57 +02:00
Juan Font 050782aff3 Merge branch 'main' into abandon-gin 2022-06-26 12:36:49 +02:00
Juan Font Alonso 00885dffe1 Fix implicit memory aliasing in for loop (lint 8/n) 2022-06-26 12:35:18 +02:00
Juan Font Alonso ffcc72876c Lint fixes 7/n 2022-06-26 12:30:52 +02:00
Juan Font Alonso fa91ece5b4 Lint fixes 6/n 2022-06-26 12:25:26 +02:00
Juan Font Alonso c810b24eb9 Lint fixes 5/n 2022-06-26 12:21:35 +02:00
Juan Font Alonso 03ced0ecfe Lint fixes 4/n 2022-06-26 12:06:25 +02:00
Juan Font Alonso c859bea0cf Lint fixes 3/n 2022-06-26 12:01:04 +02:00
Juan Font Alonso a913d1b521 Lint fixes 2/n 2022-06-26 11:55:37 +02:00
Kristoffer Dalby 2464c92572 Merge pull request #665 from juanfont/update-contributors 2022-06-26 11:48:11 +02:00
Juan Font Alonso 10cd87e5a2 Lint fixes 1/n 2022-06-26 11:43:17 +02:00
Juan Font Alonso 58c336e7f4 updated nix flake go.sum 2022-06-26 11:31:31 +02:00
Juan Font bb4a9583a7 Merge branch 'main' into abandon-gin 2022-06-26 11:08:48 +02:00
github-actions[bot] 7ae38346e5 docs(README): update contributors 2022-06-26 08:22:05 +00:00
Kristoffer Dalby 7604c0f691 Merge pull request #658 from juanfont/fix-segfault-when-not-runner 2022-06-26 10:21:27 +02:00
Kristoffer Dalby f2f4c3f684 Merge branch 'main' into fix-segfault-when-not-runner 2022-06-26 09:52:15 +02:00
Kristoffer Dalby 34f489b1f4 Update cmd/headscale/cli/utils.go 2022-06-26 09:52:11 +02:00
Kristoffer Dalby 72d1d2630e Update cmd/headscale/cli/utils.go 2022-06-26 09:52:04 +02:00
Kristoffer Dalby d559e23bc6 Merge pull request #651 from iSchluff/fix/db-shutdown 2022-06-26 09:51:45 +02:00
Kristoffer Dalby 4637400d29 Update CHANGELOG.md 2022-06-26 09:30:16 +02:00
Kristoffer Dalby 0fa943e4b7 Update CHANGELOG.md 2022-06-26 09:29:33 +02:00
Kristoffer Dalby 9707b1f540 Merge branch 'main' into fix/db-shutdown 2022-06-26 08:28:50 +01:00
Juan Font Alonso 657fb208d6 Flush buffered data on polling 2022-06-25 20:47:42 +02:00
Juan Font 647972c7cf Merge branch 'main' into fix-segfault-when-not-runner 2022-06-23 22:17:33 +02:00
Juan Font Alonso 39b58f7d4c Use a signal to close the longpolls on shutdown 2022-06-23 19:40:07 +02:00
Juan Font Alonso c8378e8b7d Quick fix to segfault on CLI when Headscale is not running (fix #652) 2022-06-22 14:40:40 +02:00
Juan Font Alonso d404ba102d Use request context to close when client disconnects 2022-06-20 21:47:02 +02:00
Juan Font Alonso 5e9004c407 Fix issues in the poll loop 2022-06-20 21:40:28 +02:00
Juan Font Alonso 8e63b53b0c Merge branch 'abandon-gin' of https://github.com/juanfont/headscale into abandon-gin 2022-06-20 21:38:03 +02:00
Juan Font Alonso 116bef25a7 Fixed wrong copy paste in Header 2022-06-20 21:19:49 +02:00
Juan Font 294975ba87 Merge branch 'main' into abandon-gin 2022-06-20 21:16:11 +02:00
Juan Font Alonso 51b8c659f1 Updated changelog 2022-06-20 21:13:12 +02:00
Juan Font Alonso 082fbead66 Added mux dependency 2022-06-20 21:12:23 +02:00
Juan Font Alonso 73c16ffc65 Fixed issue with the method used to send data 2022-06-20 20:30:08 +02:00
Juan Font Alonso dec51348e6 Minor status change 2022-06-20 20:29:42 +02:00
Juan Font Alonso b0b919efb0 Added more logging to derp server 2022-06-20 12:32:13 +02:00
Juan Font Alonso 396c3ecdf7 Remove Gin from the OIDC handlers 2022-06-20 12:31:19 +02:00
Juan Font Alonso 53e5c05b0a Remove gin from the poll handlers 2022-06-20 12:30:51 +02:00
Juan Font Alonso dedeb4c181 Remove Gin from the Registration handler 2022-06-20 12:30:41 +02:00
Juan Font Alonso e611063669 Migrate platform config out of Gin 2022-06-20 12:29:59 +02:00
Juan Font Alonso 6c9c9a401f Remove gin from DERP server 2022-06-18 19:51:37 +02:00
Juan Font 6da4396faa Merge pull request #654 from ChibangLW/main
Add version info to binary in Docker container
2022-06-18 18:48:35 +02:00
Juan Font Alonso d89fb68a7a Switch to use gorilla's mux as muxer 2022-06-18 18:41:42 +02:00
Leon Lenzen 8d9462147c chore: use docker-meta version 2022-06-18 12:00:02 +02:00
Leon Lenzen 89b7fa6b06 chore: fix lint 2022-06-18 11:39:27 +02:00
Leon Lenzen d4a550bb4c chore: add version to binary in containers 2022-06-18 11:36:09 +02:00
Juan Font Alonso d5e331a2fb Remove Gin from OIDC callback 2022-06-17 17:42:17 +02:00
Juan Font Alonso 367da0fcc2 Remove Gin from simple endpoints for TS2019 2022-06-17 16:48:04 +02:00
Anton Schubert 8111b0aa83 update changelog 2022-06-17 11:07:35 +02:00
Anton Schubert 735440d1a3 add timeout for http shutdown, add db disconnect 2022-06-17 11:07:25 +02:00
Juan Font 3ae340527f Merge pull request #648 from juanfont/show-nodes-online
Send Online field of tailcfg.Node based on LastSeen
2022-06-16 19:26:13 +02:00
Juan Font bfa9ed814d Merge branch 'main' into show-nodes-online 2022-06-16 18:53:25 +02:00
Juan Font Alonso 1e4678c02f Updated changelog 2022-06-16 18:48:32 +02:00
Juan Font Alonso 66fffd69ce Send Online field of tailcfg.Node based on LastSeen 2022-06-16 18:43:50 +02:00
Kristoffer Dalby e3f99d670e Merge pull request #646 from juanfont/update-contributors 2022-06-16 16:08:31 +01:00
github-actions[bot] 360488abb4 docs(README): update contributors 2022-06-16 13:08:07 +00:00
Kristoffer Dalby 8dda44105e Merge pull request #643 from iSchluff/fix/dns-name-panic 2022-06-16 14:07:21 +01:00
Kristoffer Dalby 2215e17223 Merge branch 'main' into fix/dns-name-panic 2022-06-16 11:04:31 +01:00
Kristoffer Dalby 157db307f9 Merge pull request #642 from kradalby/ignore-integtest-dump 2022-06-16 08:35:47 +01:00
Juan Font 0bd39b2c5e Merge branch 'main' into ignore-integtest-dump 2022-06-16 00:25:45 +02:00
Anton Schubert 8f31ed51e1 fix occasional panic on registration
GenerateRandomStringDNSSafe will panic occasionally if the random base64
string contains too many - and _ due to the replacement. Fix by looping.
2022-06-15 12:22:57 +02:00
Kristoffer Dalby d2d1f92836 Merge pull request #641 from juanfont/update-contributors 2022-06-12 22:57:32 +01:00
Kristoffer Dalby c02819ab9f Ignore new dump file 2022-06-12 17:26:44 +00:00
github-actions[bot] 28a3a5bd61 docs(README): update contributors 2022-06-12 17:00:23 +00:00
Kristoffer Dalby 891815634b Merge pull request #639 from kradalby/ephemeral-error-msg 2022-06-12 17:59:48 +01:00
Kristoffer Dalby 8650328922 Remove debug output, it runs before we disable it 2022-06-12 16:40:43 +00:00
Kristoffer Dalby 7bd07e3b9b Merge branch 'main' into ephemeral-error-msg 2022-06-12 14:33:49 +01:00
Kristoffer Dalby 76195bb3ac Add warn if configuration could not be found 2022-06-12 13:32:16 +00:00
Juan Font 6afd492095 Merge pull request #638 from kradalby/update-nodes-derp
Simplify DERP maps update function
2022-06-12 15:26:20 +02:00
Kristoffer Dalby c95bce4aea Update changelog 2022-06-12 13:18:49 +00:00
Kristoffer Dalby fd3a1c13e3 Add a default to ephemeral_node_inactivity_timeout 2022-06-12 13:12:53 +00:00
Kristoffer Dalby 95824ac2ec MOve ephemeral inactivity config check to all the other config check 2022-06-12 13:12:43 +00:00
Kristoffer Dalby a050158d11 Use new update state logic for derp maps 2022-06-12 12:27:37 +00:00
Kristoffer Dalby e0ef601123 Merge pull request #636 from huskyii/fix_issue635 2022-06-12 12:53:19 +01:00
Jiang Zhu 9c5d485fdd fix issue 635 2022-06-12 17:01:17 +08:00
Juan Font cb88b16207 Merge pull request #630 from kradalby/test-126
Add 1.26 to tests
2022-06-11 18:14:38 +02:00
Kristoffer Dalby 257c025975 Update build system 2022-06-11 15:42:06 +00:00
Kristoffer Dalby 50bdf9d3b9 Update vendor sha 2022-06-11 15:39:37 +00:00
Kristoffer Dalby 8d58894daa Tailscale 1.26 uses dnstype pointer 2022-06-11 15:34:02 +00:00
Kristoffer Dalby 43fa7f9fd5 Upgrade tailscale lib to 1.26 2022-06-11 15:34:02 +00:00
Kristoffer Dalby f2a8bfeb9f Merge branch 'main' into test-126 2022-06-11 16:04:35 +01:00
Kristoffer Dalby 06bbeea37f Merge pull request #632 from juanfont/update-contributors 2022-06-11 16:04:21 +01:00
github-actions[bot] e5f26f819a docs(README): update contributors 2022-06-11 14:35:56 +00:00
Kristoffer Dalby a058f17946 Merge branch 'main' into test-126 2022-06-11 15:35:36 +01:00
Kristoffer Dalby a4b4fc8b6c Merge pull request #624 from iSchluff/feature/configure-randomize-port 2022-06-11 15:35:24 +01:00
Kristoffer Dalby ab35baaa29 Merge branch 'main' into feature/configure-randomize-port 2022-06-11 15:07:47 +01:00
Kristoffer Dalby 883bb92991 Merge pull request #618 from juanfont/acl-syntax-fixes 2022-06-11 15:07:29 +01:00
Kristoffer Dalby bfb58de7b8 Add 1.26 to tests 2022-06-11 13:45:32 +00:00
Kristoffer Dalby 6faf2d63d0 Update integration dump tests 2022-06-11 13:31:30 +00:00
Kristoffer Dalby 569f3caab9 Use constants in tests 2022-06-11 13:17:07 +00:00
Kristoffer Dalby 7cd0f5e8a4 Merge branch 'main' into acl-syntax-fixes 2022-06-11 14:14:21 +01:00
Kristoffer Dalby 02cc6bcc05 Merge branch 'main' into feature/configure-randomize-port 2022-06-11 13:49:32 +01:00
Kristoffer Dalby 9ff09b73ad Update Changelog 2022-06-11 13:49:17 +01:00
Kristoffer Dalby f93cf4b980 Merge pull request #628 from kradalby/acl-update-nodes 2022-06-11 13:32:57 +01:00
Juan Font Alonso 3d7be5b287 Minor rename 2022-06-11 14:12:53 +02:00
Juan Font Alonso cdf41bd500 Merge branch 'acl-syntax-fixes' of https://github.com/juanfont/headscale into acl-syntax-fixes 2022-06-11 14:12:39 +02:00
Juan Font Alonso 735a6aaa39 Use const for IANA protcol numbers 2022-06-11 14:09:08 +02:00
Kristoffer Dalby 0c2648c188 Update the nodes after we have reloaded the ACL policy with sighup 2022-06-11 12:54:44 +01:00
Kristoffer Dalby 7e6291c21c Change Set state change function to filter instead of single namespace
This commit makes the setLastStateChangeToNow function take a list of
namespaces instead of a single namespace. If no namespaces is passed,
all namespaces will be updated. This means that the argument acts like a
filter.
2022-06-11 12:53:02 +01:00
Kristoffer Dalby 3f7749c6d4 Merge branch 'main' into feature/configure-randomize-port 2022-06-11 10:55:05 +01:00
Kristoffer Dalby 586c5411f1 Merge pull request #611 from huskyii/doc_openbsd 2022-06-11 10:54:28 +01:00
Jiang Zhu 2be16b581c 1) fix typo 2) another hard coded version 2022-06-11 17:23:01 +08:00
Jiang Zhu 06e22bf878 Merge branch 'juanfont:main' into doc_openbsd 2022-06-11 16:54:01 +08:00
Jiang Zhu 0b4b530809 remove the hardcoded version(suggested by @kradalby) 2022-06-11 16:41:52 +08:00
Kristoffer Dalby efca3daa5c Merge pull request #612 from huskyii/enhance_cli_config 2022-06-10 20:38:11 +01:00
Kristoffer Dalby fdefe46c40 Merge branch 'main' into enhance_cli_config 2022-06-10 20:18:33 +01:00
Anton Schubert 34be10840c add ability to set randomizeClientPort 2022-06-09 21:26:40 +02:00
Juan Font 80ad1db228 Merge branch 'main' into acl-syntax-fixes 2022-06-09 14:09:26 +02:00
Juan Font e918ea89a3 Merge pull request #619 from majst01/simplify-split
Use strings.Cut to simplify logic
2022-06-09 14:08:49 +02:00
Juan Font Alonso 19b968849f Added missing file 2022-06-08 18:21:35 +02:00
Juan Font Alonso 5bc11891f5 Update internal docs with protocol usage 2022-06-08 18:15:38 +02:00
Juan Font Alonso 818d26b5f9 Updated changelog 2022-06-08 18:12:56 +02:00
Juan Font Alonso c47354bdc3 Update internal docs to the new syntax 2022-06-08 18:12:47 +02:00
Stefan Majer 86ce0e0c66 Use strings.Cut to simplify logic 2022-06-08 18:09:11 +02:00
Juan Font Alonso 39f03b86c8 Added ACL test file 2022-06-08 18:06:25 +02:00
Juan Font Alonso 8287ba24b9 Do not lint the protocol magic numbers
I happily use https://pkg.go.dev/golang.org/x/net/internal/iana, but it is internal
2022-06-08 17:55:32 +02:00
Juan Font Alonso ab1aac9f3e Improve ACLs by adding protocol parsing support 2022-06-08 17:43:59 +02:00
Juan Font Alonso 3e353004b8 Migrate ACLs syntax to new Tailscale format
Implements #617.

Tailscale has changed the format of their ACLs to use a more firewall-y terms ("users" & "ports" -> "src" & "dst"). They have also started using all-lowercase tags. This PR applies these changes.
2022-06-08 13:40:15 +02:00
Jiang Zhu bcb04d38a5 Merge branch 'main' into enhance_cli_config
Extract LoadConfig from GetHeadscaleConfig, as they are conceptually
different operation, e.g.,
1) you can reload config through LoadConfig and do not get config
2) you can get config without reload config
2022-06-07 22:51:47 +08:00
Jiang Zhu de0e2bf828 Merge branch 'main' into doc_openbsd 2022-06-07 22:31:32 +08:00
Kristoffer Dalby 8fed47a2be Merge pull request #616 from juanfont/update-contributors 2022-06-07 15:58:53 +02:00
github-actions[bot] 17d4968425 docs(README): update contributors 2022-06-07 06:16:00 +00:00
Kristoffer Dalby 54acee6880 Merge pull request #615 from demiflat/fix_typo 2022-06-07 08:15:17 +02:00
Darrell Kundel a4e05d4db3 fix typo for GGO->CGO 2022-06-07 11:36:13 +08:00
Kristoffer Dalby b0acbed329 Merge pull request #608 from kradalby/config-rework 2022-06-05 20:18:20 +02:00
Kristoffer Dalby 1b2967320b Merge branch 'main' into config-rework 2022-06-05 17:57:15 +02:00
Kristoffer Dalby 90f6be0c98 Rename one char var 2022-06-05 17:52:28 +02:00
Kristoffer Dalby 78ed610b50 Switch config to pointer 2022-06-05 17:47:26 +02:00
Kristoffer Dalby af891808f6 Make get config load the config, use config in main method 2022-06-05 17:47:12 +02:00
Jiang Zhu 0c5a402206 add changelog 2022-06-05 23:15:21 +08:00
Jiang Zhu 8744eeeb19 ExecuteCommand set HEADSCALE_LOG_LEVEL to disabled 2022-06-05 23:14:49 +08:00
Jiang Zhu ce13596077 add integration test for headscale -c 2022-06-05 23:13:58 +08:00
Jiang Zhu 402a29e50c impl heascale -c to specify config file 2022-06-05 18:25:09 +08:00
Jiang Zhu 0363e58467 cli.LoadConfig accepts config file now 2022-06-05 17:55:27 +08:00
Jiang Zhu c8a14ccabb fix prettier 2022-06-05 16:01:53 +08:00
Jiang Zhu 1de29fd4e6 fix rcd link 2022-06-05 15:49:24 +08:00
Jiang Zhu 75a0155f73 add openbsd doc 2022-06-05 15:45:38 +08:00
Kristoffer Dalby adb55bcfe9 Merge pull request #610 from huskyii/fix_pie_build 2022-06-04 12:37:02 +02:00
Jiang Zhu 2201ec8905 some GOOS do not support pie build, detect in makefile and fall back to non-pie build 2022-06-04 18:11:10 +08:00
Kristoffer Dalby 39f6fdef1a Merge pull request #609 from kradalby/add-arm64-darwin-drop-32 2022-06-04 11:42:51 +02:00
Kristoffer Dalby 699aa5cf38 Merge branch 'main' into add-arm64-darwin-drop-32 2022-06-03 19:36:01 +02:00
Kristoffer Dalby 1486adb25a Update changelog 2022-06-03 17:35:47 +00:00
Kristoffer Dalby 2653c2f5e8 Drop arm32 (armhf) for linux and add Darwin arm64 2022-06-03 17:34:06 +00:00
Kristoffer Dalby 7b7244dac2 Merge pull request #607 from juanfont/update-contributors 2022-06-03 11:01:07 +02:00
github-actions[bot] 571ce2b0b9 docs(README): update contributors 2022-06-03 08:49:19 +00:00
Kristoffer Dalby c3db5ed749 Merge remote-tracking branch 'upstream/main' into config-rework 2022-06-03 10:49:08 +02:00
Kristoffer Dalby 0797148076 Merge pull request #601 from kradalby/signals-reload-acl 2022-06-03 10:48:43 +02:00
Kristoffer Dalby 24c9530eee Add loglevel and disable update to config struct 2022-06-03 10:37:45 +02:00
Kristoffer Dalby 679cf7c0d7 Merge branch 'main' into signals-reload-acl 2022-06-03 10:23:53 +02:00
Kristoffer Dalby 19b6405332 Merge pull request #597 from kradalby/db-error-handling 2022-06-03 10:23:21 +02:00
Kristoffer Dalby aee8aa1c61 Move TLS config into its own struct 2022-06-03 10:14:14 +02:00
Kristoffer Dalby 5514a862dc Update headscale read config tests 2022-06-03 09:26:46 +02:00
Kristoffer Dalby 1ea8bb782c Move all read config logic to config.go 2022-06-03 09:26:36 +02:00
Kristoffer Dalby 35722cd5aa Move FilePerm function from cli to headscale 2022-06-03 09:24:36 +02:00
Kristoffer Dalby 533ecee252 Move config struct to its own file 2022-06-03 09:05:41 +02:00
Kristoffer Dalby f1db2d0c8e Merge branch 'main' into signals-reload-acl 2022-06-02 11:12:15 +02:00
Kristoffer Dalby 6f6fb4dcd6 Merge branch 'main' into db-error-handling 2022-06-02 11:11:58 +02:00
Kristoffer Dalby b1ba7ba685 Merge pull request #602 from iSchluff/fix/forced-tags-with-tagOwner 2022-06-02 11:11:43 +02:00
Anton Schubert 6dccfee862 Fix forced Tags with legitimate tagOwners
Also replace loops contains
2022-06-01 15:43:32 +02:00
Kristoffer Dalby 6f32b80b2b Update changelog 2022-05-31 14:30:11 +02:00
Kristoffer Dalby 2feed18b28 Support reloading ACLs with SIGHUP
Also continously listen for signals, not just once.
2022-05-31 14:28:23 +02:00
Kristoffer Dalby 36dca3516a Move Abspath function to headscale utils 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 06129277ed Rename abspath function to describe what it does 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 6b1482daee Use config object instead of viper for policy path 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 24e4787a64 Make ACL policy part of the config struct 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 5bfae22c8f Make config get function global 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 3e078f0494 Fix logtail config function name 2022-05-31 14:28:01 +02:00
Kristoffer Dalby 0b4f59b82b Improve signal handling
This commit starts to wire up better signal handling, it starts with
handling shutdown a bit better, using the graceful shutdown for all the
listeners we use.

It also adds the initial switch case for handling config and acl reload,
which is to be implemented.
2022-05-31 14:28:00 +02:00
Kristoffer Dalby a19af04582 Fix errors introduced by merge 2022-05-31 11:03:08 +02:00
Kristoffer Dalby 0676aa11a9 Merge branch 'main' into db-error-handling 2022-05-31 10:18:13 +02:00
Kristoffer Dalby be25bbce92 Merge pull request #560 from kradalby/rename-fixess 2022-05-31 10:14:48 +02:00
Kristoffer Dalby 5ecfbbaf5d Fix pointer in machine save call 2022-05-31 10:05:00 +02:00
Kristoffer Dalby 7f7cd737dc Merge branch 'main' into rename-fixess 2022-05-31 09:45:49 +02:00
Kristoffer Dalby b472e5a689 Merge pull request #599 from kradalby/parse-duration-improv 2022-05-31 09:45:36 +02:00
Kristoffer Dalby 25c674ed32 Merge branch 'main' into parse-duration-improv 2022-05-31 09:43:18 +02:00
Kristoffer Dalby 3d93cf9e2d Update changelog 2022-05-31 09:42:50 +02:00
Kristoffer Dalby f7edea5f40 Merge branch 'main' into rename-fixess 2022-05-31 09:42:20 +02:00
Kristoffer Dalby d26e220fb9 Merge pull request #598 from kradalby/parse-duration-improv 2022-05-31 09:42:00 +02:00
Kristoffer Dalby d860270733 Use Prometheus duration parser (support days and weeks) 2022-05-30 16:10:39 +02:00
Kristoffer Dalby a09633e859 Check errors of more database calls 2022-05-30 15:39:24 +02:00
Kristoffer Dalby a1837a4d69 Merge branch 'main' into db-error-handling 2022-05-30 15:31:56 +02:00
Kristoffer Dalby 52cc3bc8eb Check all errors for db.Save 2022-05-30 15:31:06 +02:00
Kristoffer Dalby 9175aca094 Merge branch 'main' into rename-fixess 2022-05-30 15:29:50 +02:00
Kristoffer Dalby 848727a21d Merge pull request #596 from kradalby/disable-logcatcher 2022-05-30 15:29:35 +02:00
Kristoffer Dalby df7d5fa2b9 Fix lint 2022-05-30 14:58:40 +02:00
Kristoffer Dalby 86dfc91dd5 update readme 2022-05-30 14:57:49 +02:00
Kristoffer Dalby 7f66d9184b Add config test 2022-05-30 14:57:43 +02:00
Kristoffer Dalby ff5f31b87e Disable logtail for clients 2022-05-30 14:52:50 +02:00
Kristoffer Dalby a0c465c2eb Wire up setting to enable/disable logtail 2022-05-30 14:47:41 +02:00
Kristoffer Dalby d11279e615 Merge branch 'main' into rename-fixess 2022-05-30 13:38:28 +02:00
Kristoffer Dalby 266aac9e61 Update CHANGELOG 2022-05-30 13:35:40 +02:00
Kristoffer Dalby 4ffd3eacb0 Override golangci-lint to use go 1.17 2022-05-30 13:35:40 +02:00
Kristoffer Dalby a443255b3e Validate isOutdated against all namespaces
This commit makes isOutdated validate a nodes necessity to update
against all namespaces, and not just the nodes own namespace (which made
more sense before).

getLastStateChange is now uses the passed namespaces as a filter,
meaning that not requesting any namespace will give you the total last
updated state.

In addition, the sync.Map is exchanged for a variant that uses generics
which allows us to remove some casting logic.
2022-05-30 13:35:40 +02:00
Kristoffer Dalby a992840c9b Give UpdateMachine a more meaningful name 2022-05-30 13:35:40 +02:00
Kristoffer Dalby dbc1d981c9 Revert golines 2022-05-30 13:35:28 +02:00
github-actions[bot] 9993f51b5e docs(README): update contributors 2022-05-30 13:35:28 +02:00
Kristoffer Dalby 3a3fc0a4be Update headscale checksum 2022-05-30 12:03:16 +02:00
Kristoffer Dalby 5316dd9c27 Use new nix stable (22.05) 2022-05-30 11:59:22 +02:00
Kristoffer Dalby 59a1a85a2b Change to a go generics set implementation, no more casting 🎉 2022-05-30 11:49:35 +02:00
Kristoffer Dalby fc502e1e79 Update golines and fix go mod checksum 2022-05-30 11:13:31 +02:00
Kristoffer Dalby 405de9e0f8 Merge pull request #595 from juanfont/update-contributors 2022-05-29 18:13:40 +01:00
Kristoffer Dalby 6eac5046c6 Merge branch 'main' into rename-fixess 2022-05-29 17:21:51 +01:00
github-actions[bot] f7f722af52 docs(README): update contributors 2022-05-29 14:49:25 +00:00
Kristoffer Dalby 583f6eeedd Merge pull request #594 from juanfont/update-contributors 2022-05-29 15:48:41 +01:00
github-actions[bot] bec35b4965 docs(README): update contributors 2022-05-29 11:03:33 +00:00
Kristoffer Dalby e596d8287c Merge pull request #593 from juanfont/update-contributors 2022-05-29 12:02:49 +01:00
github-actions[bot] 6c903d2d93 docs(README): update contributors 2022-05-29 10:23:00 +00:00
Kristoffer Dalby 914431b94a Merge pull request #591 from pvinis/patch-2 2022-05-29 11:22:26 +01:00
Kristoffer Dalby 11da7436c7 Merge branch 'main' into patch-2 2022-05-29 11:19:29 +01:00
Kristoffer Dalby 0f532aa5c1 Merge pull request #590 from pvinis/patch-1 2022-05-29 11:19:14 +01:00
Pavlos Vinieratos 835828fe92 link fix 2022-05-28 20:48:59 +03:00
Pavlos Vinieratos fff1011ed8 typo 2022-05-28 20:46:01 +03:00
Kristoffer Dalby ef497caa1b Merge pull request #2 from juanfont/fix-rename-integration-tests 2022-05-28 17:14:41 +01:00
Juan Font Alonso 4f3f0542d4 Fix some issues in testing with new hostname handling 2022-05-28 12:54:57 +02:00
Kristoffer Dalby 5fa987519d move populate to after when given_name exist 2022-05-23 17:33:07 +01:00
Kristoffer Dalby 77ceeaf5fd Test magic dns with the correct urls 2022-05-18 21:18:04 +02:00
Kristoffer Dalby 4a9d3bedf9 Use new names to resolve magic dns 2022-05-18 20:14:18 +02:00
Kristoffer Dalby 802eb931d1 Make sure givenname is set for preauthkeys 2022-05-17 22:02:18 +02:00
Kristoffer Dalby 9ebeb3d7e4 Retreive hostnames from headscale, now that they are random 2022-05-17 22:11:51 +02:00
Kristoffer Dalby e631c6f7e0 Merge master 2022-05-16 21:41:46 +02:00
Kristoffer Dalby 163e5c29e4 fix trace log message 2022-05-16 20:35:35 +02:00
Kristoffer Dalby 4aae917f74 Require GivenName to be unique 2022-05-16 20:33:47 +02:00
Kristoffer Dalby 9b393eb861 Add integration cli tests for rename command 2022-05-16 20:32:56 +02:00
Kristoffer Dalby 5fa3016703 Generate unique givennames for hosts joining (and debug added) 2022-05-16 20:32:38 +02:00
Kristoffer Dalby 03cccd60a6 Reword FQDN normalize errors to not _only_ cover namespaces 2022-05-16 20:31:32 +02:00
Kristoffer Dalby 177c21b294 Add helper function to create a unique givenname 2022-05-16 20:30:43 +02:00
Kristoffer Dalby f4873d9387 Fix rename cli error 2022-05-16 20:29:31 +02:00
Kristoffer Dalby 747d64cdae Merge pull request #558 from restanrm/feat-list-tags-of-machines 2022-05-16 19:03:48 +01:00
Kristoffer Dalby c9efd5c132 Merge branch 'main' into feat-list-tags-of-machines 2022-05-16 16:35:52 +01:00
Kristoffer Dalby 546ddd2a84 Merge pull request #510 from reynico/acls-doc 2022-05-16 16:32:51 +01:00
Kristoffer Dalby 2edb5428f9 Merge branch 'main' into acls-doc 2022-05-16 16:32:18 +01:00
Adrien Raffin-Caboisse 9f082125fa fix: remove version pinning for golangci-lint it does not work 2022-05-16 16:48:04 +02:00
Adrien Raffin-Caboisse 11582105ab fix: flake.nex update sha256 2022-05-16 15:26:00 +02:00
Adrien Raffin-Caboisse c4e69fe2c3 fix: ignore exhaust linter 2022-05-16 15:13:16 +02:00
Adrien Raffin-Caboisse 4435a4f19d chore: apply lint recommendations 2022-05-16 14:59:46 +02:00
Adrien Raffin-Caboisse 02ae7a0563 fix: pin version of golangci-lint to match dev config 2022-05-16 14:40:45 +02:00
Adrien Raffin-Caboisse 852dc0f4de feat: add golangci-lint in nix develop 2022-05-16 14:40:05 +02:00
Adrien Raffin-Caboisse 844ad15109 fix: revert previous commit and add exclusion of linter 2022-05-16 14:29:05 +02:00
Adrien Raffin-Caboisse 522e892099 fix: remove unknown linters:
When running in CI, I obtained the following error:

```
  Running [/home/runner/golangci-lint-1.41.0-linux-amd64/golangci-lint run --out-format=github-actions --new-from-patch=/tmp/tmp-1795-28vaWZek2jfM/pull.patch --new=false --new-from-rev=] in [] ...
  level=error msg="Running error: unknown linters: 'ireturn,maintidx', run 'golangci-lint linters' to see the list of supported linters"
```
2022-05-16 14:17:31 +02:00
Adrien Raffin-Caboisse 0445f404ec fix: pin version of golangci-lint in GA 2022-05-16 14:12:49 +02:00
Adrien Raffin-Caboisse bc1909fa22 Merge branch 'feat-list-tags-of-machines' of github.com:restanrm/headscale into feat-list-tags-of-machines 2022-05-16 11:17:36 +02:00
Adrien Raffin-Caboisse ca71830963 docs: add small documentation on getTags func 2022-05-16 11:16:07 +02:00
Kristoffer Dalby a28eebfca3 Merge branch 'main' into feat-list-tags-of-machines 2022-05-15 12:11:28 +01:00
Kristoffer Dalby 0d31ea08c3 Merge pull request #578 from samson4649/main 2022-05-15 11:58:40 +01:00
Samuel Lock 614c003704 updated changelog 2022-05-14 22:36:04 +10:00
Adrien Raffin-Caboisse b511295349 fix: integration tests result
Execute command doesn't fail, the result is passed in json content.
2022-05-13 13:02:40 +02:00
Adrien Raffin-Caboisse fcdc292647 fix: update tag in db if acl is enabled 2022-05-13 13:00:32 +02:00
Adrien Raffin-Caboisse 09836cd150 chore: update vendorSha after update of go.mod and go.sum 2022-05-13 12:19:32 +02:00
Adrien Raffin-Caboisse 49ec9943b9 fix: loop over result machines instead of startup machines 2022-05-13 12:14:11 +02:00
Adrien Raffin-Caboisse 72c1edaaa4 Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines 2022-05-13 11:56:06 +02:00
Adrien Raffin-Caboisse 294ed7a751 docs: update changelog 2022-05-13 11:51:31 +02:00
Adrien Raffin-Caboisse 31c0062d5e feat: add integration tests for tag support 2022-05-13 11:47:22 +02:00
Adrien Raffin-Caboisse 63d920510d feat: improve nodes list with inputs from @deonthomasgy
cf: https://github.com/juanfont/headscale/compare/main...deonthomasgy:dev/thomas/show-tags
2022-05-13 11:46:28 +02:00
Adrien Raffin-Caboisse 16f9691e80 fix: ignore emptyPolicy errors for db insertion 2022-05-13 11:20:40 +02:00
Adrien Raffin-Caboisse 209d003832 feat: handle insert into database error 2022-05-13 11:09:28 +02:00
Adrien Raffin-Caboisse 62cfd60e38 feat: add validation of tags 2022-05-13 10:18:01 +02:00
Adrien Raffin-Caboisse fdbc9657bc feat: return error if validation is failed 2022-05-13 10:14:38 +02:00
Adrien Raffin-Caboisse ad4401aa40 fix: remove debug code 2022-05-13 10:14:36 +02:00
Samuel Lock c26280c331 modified code to satisfy golangci-lint and added integration test 2022-05-11 09:31:24 +10:00
Kristoffer Dalby b028a7dfc9 Merge branch 'main' into main 2022-05-10 22:33:33 +01:00
Kristoffer Dalby 41cd0d30eb Merge pull request #576 from juanfont/update-contributors 2022-05-10 18:26:14 +01:00
Samuel Lock 8be9e9655c fixed issue #360 2022-05-10 20:51:14 +10:00
github-actions[bot] 31bdba7456 docs(README): update contributors 2022-05-08 21:57:04 +00:00
Kristoffer Dalby d6e1d10b12 Merge pull request #573 from deonthomasgy/patch-1 2022-05-08 22:56:32 +01:00
Kristoffer Dalby 21268f7abe Merge branch 'main' into patch-1 2022-05-08 22:55:19 +01:00
Juan Font 91b95ff707 Merge pull request #574 from deonthomasgy/main
show ipv4 address first in node list
2022-05-08 23:32:25 +02:00
Deon Thomas 6ed79b7bb8 order Ip Address, IPv4 first, cleanup 2022-05-08 15:21:10 -04:00
Deon Thomas b4f5ed6618 order ip address output, IPv4 first 2022-05-08 15:06:12 -04:00
Deon Thomas ed46491a3d fixed typo
not => note
2022-05-07 16:23:26 -04:00
Adrien Raffin-Caboisse dc8c20e002 fix: handle empty aclPolicy for integration tests 2022-05-04 22:56:55 +02:00
Adrien Raffin-Caboisse 68417cc888 fix(go): add missing updated files 2022-05-03 20:37:06 +02:00
Adrien Raffin-Caboisse a2fb5b2b9d Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines 2022-05-03 20:35:28 +02:00
Kristoffer Dalby 3fbfc5a649 Merge pull request #570 from juanfont/update-contributors 2022-05-02 22:23:30 +01:00
github-actions[bot] 00535a2016 docs(README): update contributors 2022-05-02 21:12:01 +00:00
Kristoffer Dalby fd452d52ca Merge pull request #565 from apognu/dev/oidc-custom-config 2022-05-02 22:11:14 +01:00
Antoine POPINEAU 7cc58af932 Allow more configuration over the OIDC flow.
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
2022-05-02 17:11:07 +02:00
Kristoffer Dalby ddb87af5ce Merge pull request #569 from Kazauwa/362-add-move-command 2022-05-02 12:38:00 +01:00
Igor Perepilitsyn b9ea83fed8 check that new command does not break nodes list output 2022-05-02 15:04:24 +04:00
Igor Perepilitsyn e279224484 add integrations tests 2022-05-02 14:00:09 +04:00
Igor Perepilitsyn 12d8f0f4b0 remove redundant lines of code, fix response when output is not plain text 2022-05-02 14:00:00 +04:00
Igor Perepilitsyn 6ba68d150c correctly update machine namespace 2022-05-02 13:58:28 +04:00
Igor Perepilitsyn 1b3a7bbf03 apply styling fixes 2022-05-02 08:32:33 +04:00
Igor Perepilitsyn 4e686f8b77 add unit test 2022-05-01 21:40:18 +04:00
Igor Perepilitsyn 62c780a448 update changelog 2022-05-01 17:56:02 +04:00
Igor Perepilitsyn bc055edf12 add command for moving node between namespaces 2022-05-01 17:55:34 +04:00
Igor Perepilitsyn 47c72a4e2e add rpc method for moving node 2022-05-01 17:55:34 +04:00
Juan Font 02a78e5a45 Merge pull request #568 from juanfont/reduce-containers-int-tests
Reduce the number of containers in integration tests
2022-05-01 08:07:29 +02:00
Juan Font Alonso 01d9a2f589 Fixed linting issues 2022-04-30 23:48:28 +02:00
Juan Font 5403f215bc Reduce the number of containers in integration tests 2022-04-30 21:19:54 +00:00
Kristoffer Dalby 96e2955ba7 Merge pull request #566 from juanfont/fix-spurious-updates 2022-04-30 22:12:57 +01:00
Juan Font 03659c4175 Updated changelog 2022-04-30 14:50:55 +00:00
Juan Font 843e2bd9b6 Do not setLastStateChangeToNow every 5 seconds 2022-04-30 14:47:16 +00:00
Kristoffer Dalby 28efd92fca Merge pull request #559 from kradalby/update-deps 2022-04-28 10:17:54 +01:00
Kristoffer Dalby 7bb87a7300 Update vendor sha 2022-04-26 19:57:49 +00:00
Adrien Raffin-Caboisse fec8cda16a fix: fix linting issue on my computer 2022-04-25 22:33:53 +02:00
Adrien Raffin-Caboisse 2c448d4a5c chore: apply linting 2022-04-25 22:27:44 +02:00
Adrien Raffin-Caboisse 3d302441b6 fix: order error in the tests 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse 8061abe279 refact: use generics for contains functions 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse ea9aaa6022 feat: update functions to use set command 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse cc9eeda889 feat: updating cli to match the set command 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse 25f1dcf724 feat: update generated files 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse 31debf7055 feat: rewrite proto to only update tags of machine 2022-04-25 22:17:23 +02:00
Kristoffer Dalby db8db0299e Resolve merge 2022-04-25 16:58:06 +00:00
Juan Font e80954b6c8 Merge pull request #482 from kradalby/flake-build-env
Add Nix reproducible build system
2022-04-25 18:38:44 +02:00
Kristoffer Dalby 8504d0d8ba Move todo to correct file 2022-04-24 21:12:45 +01:00
Kristoffer Dalby 7ef8cd881c Fix comment 2022-04-24 21:10:50 +01:00
Kristoffer Dalby 79704dc9b0 Update command with new fields 2022-04-24 20:57:15 +01:00
Kristoffer Dalby 06c928bc52 Migrate name and nickname fields 2022-04-24 20:56:42 +01:00
Kristoffer Dalby 62808cbd86 Bubble error up to user for rename 2022-04-24 20:56:28 +01:00
Kristoffer Dalby 14994cb6cc Use new logic and fields for dns 2022-04-24 20:55:54 +01:00
Kristoffer Dalby 6b79679cb4 Generate from proto 2022-04-24 20:55:20 +01:00
Kristoffer Dalby caf79f6910 Change nickname to givenname in proto 2022-04-24 20:55:11 +01:00
Kristoffer Dalby 6e2768097a Rename name -> hostname, nickname -> givenname 2022-04-24 20:54:38 +01:00
Kristoffer Dalby 8845938881 Merge branch 'main' into main 2022-04-24 09:48:00 +02:00
Kristoffer Dalby a23035aee7 update rest of deps 2022-04-24 07:21:50 +00:00
Kristoffer Dalby e51e6f487f Resolve merge conflict 2022-04-23 08:31:57 +00:00
Kristoffer Dalby f78deaebb6 Add new tailscale to integration tests 2022-04-23 08:30:13 +00:00
Kristoffer Dalby 4d2949bda9 Upgrade tailscale dep 2022-04-23 08:29:26 +00:00
Kristoffer Dalby cb0899b534 Update vendor shar 2022-04-23 00:02:57 +02:00
Kristoffer Dalby ecf5259693 resolve merge conflict 2022-04-22 22:34:20 +02:00
Kristoffer Dalby 3a90079ab8 Merge branch 'main' into feat-list-tags-of-machines 2022-04-22 22:27:36 +02:00
Kristoffer Dalby 970dea5d68 Merge pull request #557 from mpldr/remove-buf-installation 2022-04-22 08:16:03 +01:00
Kristoffer Dalby cd9807a1d3 Merge branch 'main' into flake-build-env 2022-04-22 07:52:29 +01:00
Kristoffer Dalby 613dc61339 Merge branch 'main' into remove-buf-installation 2022-04-22 07:51:40 +01:00
Adrien Raffin-Caboisse b9fee36f6e fix: linting 2022-04-21 23:56:58 +02:00
Adrien Raffin-Caboisse 17d6624bb9 chore: fix lint 2022-04-21 23:49:21 +02:00
Adrien Raffin-Caboisse f53bb63b2d fix: move tag command to subcommand of nodes 2022-04-21 23:43:20 +02:00
Adrien Raffin-Caboisse ea7bcfffbb Merge branch 'main' into feat-list-tags-of-machines 2022-04-21 20:38:51 +02:00
Moritz Poldrack 3023323528 remove necessary buf installation
This commit adds buf as a regular dependency and go running it instead
of requiring installing buf to one's own GOBIN.
2022-04-21 20:23:21 +02:00
Kristoffer Dalby 2dfd8a9098 Merge pull request #556 from juanfont/update-contributors 2022-04-21 12:53:14 +01:00
github-actions[bot] c8ed1f0f43 docs(README): update contributors 2022-04-21 11:51:30 +00:00
Kristoffer Dalby f9e2ce2c8c Merge pull request #551 from mpldr/patch-1 2022-04-21 12:50:50 +01:00
Moritz Poldrack 886e95c00d Merge branch 'main' into patch-1 2022-04-21 11:00:33 +02:00
Moritz Poldrack 6dd9e93346 expanded arguments in useradd to be easier to understand for beginners 2022-04-21 11:00:17 +02:00
Kristoffer Dalby 2dacf839dc Upgrade tailscale dep 2022-04-21 08:35:08 +00:00
Kristoffer Dalby 8f6952acee Merge branch 'main' into flake-build-env 2022-04-21 09:23:23 +01:00
Kristoffer Dalby 235a90276f Merge pull request #531 from juanfont/suggest-english 2022-04-21 09:21:37 +01:00
Kristoffer Dalby 5c285afda5 Merge branch 'main' into flake-build-env 2022-04-21 09:21:10 +01:00
Kristoffer Dalby db930af50e Merge branch 'main' into patch-1 2022-04-21 09:13:34 +01:00
Kristoffer Dalby ffa570e877 Merge branch 'main' into suggest-english 2022-04-21 09:13:08 +01:00
Kristoffer Dalby 96ae78f422 Merge pull request #553 from kradalby/fix-discord-link 2022-04-21 09:12:49 +01:00
Kristoffer Dalby 580c72bf16 Update discord link so it does not grant temp memberships 2022-04-21 09:06:30 +01:00
Kristoffer Dalby 9254afff2d Add direnv and nix output to gitignore 2022-04-21 09:06:13 +01:00
Moritz Poldrack 7ce0bd053c removed leading whitespace 2022-04-16 23:58:05 +02:00
Moritz Poldrack 41a8c14acb add information on how to create a headscale user 2022-04-16 23:56:57 +02:00
Moritz Poldrack be2487f4c0 Clarified systemd friendly path
Suggested-by: Rendezvous
2022-04-16 23:52:06 +02:00
Adrien Raffin-Caboisse 4651c44dde feat: print tags in nodes list 2022-04-16 13:32:00 +02:00
Adrien Raffin-Caboisse 4fcc5e253c chore: fmt for grpc file 2022-04-16 13:15:18 +02:00
Adrien Raffin-Caboisse 89a1a56328 feat: add unit tests and fmt 2022-04-16 13:15:04 +02:00
Adrien Raffin-Caboisse db1528bc73 feat: add invalid and valid tags to grpc response 2022-04-16 12:27:54 +02:00
Adrien Raffin-Caboisse 587bdc75de feat: add valid and invalid fields
Also change ID in proto for ForcedTags since the previous ID's should be reserved for commented fields
2022-04-16 11:30:51 +02:00
Adrien Raffin-Caboisse 98f54c9f7f chore: apply format and lint 2022-04-15 18:27:57 +02:00
Adrien Raffin-Caboisse cd1d10761f feat(acls): add support for forced tags 2022-04-15 18:01:13 +02:00
Adrien Raffin-Caboisse 9de9bc23f8 feat(cli): add tag subcommand to add and remove tags 2022-04-15 16:12:35 +02:00
Adrien Raffin-Caboisse 02f68ebac8 feat: add forcedTags field and update proto 2022-04-15 16:00:08 +02:00
Kristoffer Dalby dd3f24b83f Merge branch 'main' into suggest-english 2022-04-12 18:16:39 +01:00
Kristoffer Dalby bc63c577a9 Merge pull request #537 from reynico/exit-if-acl-wrong 2022-04-12 18:15:15 +01:00
Kristoffer Dalby 57c81e4153 Merge branch 'main' into exit-if-acl-wrong 2022-04-12 17:01:40 +01:00
Kristoffer Dalby 556ca5fec7 Merge pull request #544 from mpldr/makefile-improvements 2022-04-12 17:00:58 +01:00
Kristoffer Dalby 93682ab708 Merge branch 'main' into makefile-improvements 2022-04-12 17:00:30 +01:00
Kristoffer Dalby 6eeee8e5c7 Merge pull request #545 from mpldr/fix-discord-invite 2022-04-12 16:59:40 +01:00
Kristoffer Dalby d195847d8f Merge branch 'main' into fix-discord-invite 2022-04-12 16:59:04 +01:00
Moritz Poldrack 3d8dc9d2bf fix discord invite
Fixes: https://github.com/juanfont/headscale/issues/533
2022-04-11 19:08:07 +02:00
Moritz Poldrack 8601dd1f42 fixed CGO disabling 2022-04-11 14:57:12 +02:00
Kristoffer Dalby 3abdc870d8 Merge branch 'main' into makefile-improvements 2022-04-11 11:49:55 +01:00
Kristoffer Dalby 367f8489db Merge pull request #542 from mpldr/issue-342-send-on-closed-channel 2022-04-11 11:48:53 +01:00
Moritz Poldrack c312f8bf4a set up Makefile for reproducible builds 2022-04-11 08:56:40 +02:00
Moritz Poldrack 1f43c39f93 replaced version-at-commit script with git-describe call 2022-04-11 08:54:12 +02:00
Moritz Poldrack 9f03a012fb updated changelog 2022-04-10 22:47:52 +02:00
Moritz Poldrack 22dd61d849 fixed the issue of sending on closed channel
This commit fixes the issue of headscale crashing after sending on a
closed channel by moving the channel close to the sender side, instead
of the creator. closeChanWithLog is also implemented with generics now.

Fixes: https://github.com/juanfont/headscale/issues/342
Signed-off-by: Moritz Poldrack <git@moritz.sh>
2022-04-10 17:31:09 +02:00
Kristoffer Dalby a92f6abc6e Merge pull request #541 from juanfont/update-contributors 2022-04-10 10:04:44 +01:00
github-actions[bot] 9cdaa9730b docs(README): update contributors 2022-04-10 09:03:16 +00:00
Kristoffer Dalby 5d67ed0ce1 Merge pull request #540 from yangchuansheng/dev 2022-04-10 10:02:42 +01:00
Carson Yang 62d774b6ee Fix key name about derp port 2022-04-10 09:53:27 +08:00
Kristoffer Dalby a14f50eeca Merge pull request #538 from artemklevtsov/patch-1 2022-04-09 18:49:47 +01:00
Artem Klevtsov 98e98a8adb Fix wrong metrics port in docs
It should be 9090.
2022-04-09 16:24:57 +07:00
Nico Rey fa7ef3df2f make linter happy 2022-04-07 15:21:26 -03:00
Nico Rey c3324371d6 Update changelog 2022-04-06 18:41:13 -03:00
Nico Rey 6e08241712 Exit Headscale if ACL policy file cannot be parsed 2022-04-06 11:05:08 -03:00
Kristoffer Dalby c07dd3f14f Merge pull request #534 from nning/main 2022-04-06 08:35:39 +01:00
henning mueller b2ae9b6cac fix: Remove days from expiry option value examples 2022-04-05 18:45:29 +02:00
Juan Font 57536b020e Merge branch 'main' into suggest-english 2022-04-02 11:47:11 +02:00
Juan Font Alonso 0003e30084 Suggest English as lingua franca 2022-04-02 11:45:18 +02:00
Juan Font 23be13b113 Merge pull request #528 from juanfont/update-contributors
docs(README): update contributors
2022-03-29 23:12:16 +02:00
github-actions[bot] 5e44266292 docs(README): update contributors 2022-03-28 15:06:39 +00:00
Kristoffer Dalby 32522cb482 Merge pull request #521 from Niek/patch-1 2022-03-28 16:06:00 +01:00
Niek van der Maas 6d296a195d Update docs/running-headscale-container.md
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-03-28 08:58:33 +02:00
Niek van der Maas 3272febfb3 Change publish interface 2022-03-26 13:33:31 +01:00
Niek van der Maas 7dae780be1 Update docs/running-headscale-container.md
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-03-25 23:44:55 +01:00
Niek van der Maas 73f1c06f65 Fix long line 2022-03-25 07:46:01 +00:00
Niek van der Maas b60727b205 Merge branch 'main' into patch-1 2022-03-25 08:44:16 +01:00
Niek van der Maas 8cee31d8d7 Fix prettier 2022-03-25 07:43:15 +00:00
Juan Font b5aace6d3a Merge pull request #519 from hdhoang/pak-counter
Fix labels cardinality error when registering unknown pre-auth key
2022-03-25 00:25:19 +01:00
Niek van der Maas 7e286c570e Docker docs enhancements
While configuring a Docker setup I noticed that the docs could use some enhancements.
2022-03-22 13:45:30 +01:00
hdhoang 52fd13bfc4 Fix labels cardinality error when registering unknown pre-auth key 2022-03-21 15:49:14 +07:00
Kristoffer Dalby b8e4aeede8 Upgrade golines 2022-03-20 22:39:43 +00:00
Kristoffer Dalby 9a632c17d1 Merge pull request #518 from juanfont/update-contributors 2022-03-20 14:42:41 +00:00
github-actions[bot] 8758ee1c4d docs(README): update contributors 2022-03-20 14:18:39 +00:00
Kristoffer Dalby 150ae1846a Merge pull request #517 from juanfont/changelog-prep-0.15
Prepare CHANGELOG for v0.15.0
2022-03-20 14:18:01 +00:00
Juan Font 452286552c Update CHANGELOG.md to include future 0.16.0
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-03-20 15:07:22 +01:00
Juan Font Alonso 631cf58ff0 Added date for 0.15.0 in changelog 2022-03-20 13:36:25 +01:00
Juan Font 8a2c0e88f4 Merge pull request #513 from juanfont/unstable-integration-tests
Add Tailscale unstable channel and repo HEAD to integration tests
2022-03-20 13:35:23 +01:00
Juan Font Alonso af6a47fdd3 Changelog updated 2022-03-20 12:36:30 +01:00
Juan Font 94d910557f Merge branch 'main' into unstable-integration-tests 2022-03-20 12:34:04 +01:00
Juan Font Alonso a8a683d3cc Added default values in Dockerfile.tailscale 2022-03-20 12:33:41 +01:00
Juan Font Alonso a1caa5b45c Minor improvements on logging 2022-03-20 12:31:18 +01:00
Juan Font Alonso f42868f67f Docker requires lowercase for the container names 2022-03-20 12:30:56 +01:00
Juan Font Alonso a6455653c0 Added missing package 2022-03-20 12:30:08 +01:00
Kristoffer Dalby c8aa653275 Merge branch 'main' into main 2022-03-19 09:36:36 +00:00
Kristoffer Dalby 91e5cbd793 Add direnv flake support 2022-03-19 09:23:03 +00:00
Kristoffer Dalby 79fc74c7a4 Merge branch 'main' into acls-doc 2022-03-18 22:43:17 +00:00
Kristoffer Dalby c8503075e0 Merge pull request #514 from aofei/main 2022-03-18 21:18:22 +00:00
Kristoffer Dalby 4068a7b00b Merge branch 'main' into main 2022-03-18 21:02:05 +00:00
Kristoffer Dalby daae2fe549 Merge pull request #512 from restanrm/feat-add-debug-log 2022-03-18 21:01:16 +00:00
Kristoffer Dalby 47bbb85a20 Merge branch 'main' into acls-doc 2022-03-18 20:44:44 +00:00
Kristoffer Dalby 739653fa71 Merge branch 'main' into feat-add-debug-log 2022-03-18 20:44:21 +00:00
Kristoffer Dalby 304109a6c5 Merge pull request #511 from restanrm/fix-machine-registration-expired 2022-03-18 20:44:05 +00:00
Kristoffer Dalby c29af96a19 Merge branch 'main' into main 2022-03-18 20:42:44 +00:00
Kristoffer Dalby d21e9d29d1 Merge branch 'main' into feat-add-debug-log 2022-03-18 19:41:32 +00:00
Kristoffer Dalby b65bd5baa8 Merge branch 'main' into fix-machine-registration-expired 2022-03-18 19:41:26 +00:00
Juan Font Alonso 0165b89941 Fixed paths 2022-03-18 19:35:09 +01:00
Kristoffer Dalby 53b62f3f39 Merge pull request #499 from juanfont/mandatory-stun 2022-03-18 18:28:37 +00:00
Kristoffer Dalby cd2914ab3b Merge branch 'main' into mandatory-stun 2022-03-18 17:44:12 +00:00
Kristoffer Dalby e85b97143c Merge pull request #509 from kradalby/go118 2022-03-18 17:43:41 +00:00
Aofei Sheng 1eafe960b8 fix: possible panic in Headscale.scheduledDERPMapUpdateWorker
There is a possible nil pointer dereference panic in the
`Headscale.scheduledDERPMapUpdateWorker`. Such as when the embedded
DERP server is disabled.
2022-03-19 01:20:25 +08:00
Juan Font Alonso 749c92954c Add Tailscale unstable channel and repo HEAD to integration tests
In preparation for the implementation of the new TS2021 protocol (Tailscale control protocol v2) we are expanding the test infrastructure
2022-03-18 17:05:28 +01:00
Juan Font Alonso db9ba17920 Added missing file 2022-03-18 13:10:35 +01:00
Juan Font Alonso d5ce7d7523 Prettier 2022-03-18 13:09:57 +01:00
Juan Font Alonso 2e6687209b Make STUN server mandatory if DERP embedded is enabled 2022-03-18 12:58:00 +01:00
Adrien Raffin-Caboisse 2e04abf4bb feat(oidc): add debug log 2022-03-18 09:40:12 +01:00
Adrien Raffin-Caboisse 882c0c34c1 chore(changelog): update changelog 2022-03-18 09:34:18 +01:00
Adrien Raffin-Caboisse 61ebb713f2 fix(oidc): Reset expiry for reauthentication
The previous code resetted the expiry time to be expired.  So the machine was never reauthenticated
2022-03-18 09:32:07 +01:00
Kristoffer Dalby ac5ad42474 Fix integration nix 2022-03-18 08:24:21 +00:00
Nico Rey d68d7d5a6f Docs/ACLs: Add a network diagram to help explain ACLs 2022-03-17 19:58:56 -03:00
Nico Rey bff9036f14 Docs/ACLs: Add router examples with subnets 2022-03-17 19:58:34 -03:00
Nico Rey 8b08c2a918 Docs/ACLs: Namespaces are created automatically 2022-03-17 19:24:39 -03:00
Nico Rey b9f0fabb5c Docs/ACLs: Wording, add intermediary router example 2022-03-17 19:23:37 -03:00
Kristoffer Dalby 9d4822b8c7 Actually set up nix 2022-03-17 18:20:01 +00:00
Kristoffer Dalby 466d03d574 Nixify integration test 2022-03-17 18:18:51 +00:00
Kristoffer Dalby d43fec7f96 Merge branch 'main' into flake-build-env 2022-03-17 18:11:21 +00:00
Kristoffer Dalby 62f4c205f5 Run binary build with nix 2022-03-17 18:11:04 +00:00
Kristoffer Dalby 003c19004d Run tests with nix 2022-03-17 18:10:50 +00:00
Kristoffer Dalby 70274d528c Add nix to runn on lint and integration 2022-03-17 18:08:49 +00:00
Kristoffer Dalby 6d41279781 Upgrade to go 1.18 2022-03-17 18:07:26 +00:00
Kristoffer Dalby b781446e86 Upgrade to go 1.18 2022-03-17 17:43:11 +00:00
Kristoffer Dalby 1c9b1c0579 Merge pull request #507 from juanfont/update-contributors 2022-03-17 07:28:42 +00:00
github-actions[bot] ade9552736 docs(README): update contributors 2022-03-17 06:38:00 +00:00
Kristoffer Dalby 68403cb76e Merge pull request #505 from y0ngb1n/fix-docs-metrics-endpoint 2022-03-17 06:37:27 +00:00
Yang Bin 537ecb8db0 docs: fixed /metrics endpoint 8080 → 9090, reference config-example.yaml 2022-03-17 09:25:42 +08:00
Juan Font Alonso 8f5875efe4 Reorg errors 2022-03-16 19:46:59 +01:00
Juan Font 98ac88d5ef Changed comment position
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-03-16 18:45:34 +01:00
Kristoffer Dalby d13338a9fb Merge branch 'main' into mandatory-stun 2022-03-16 07:18:18 +00:00
Juan Font 1579ffb66a Merge pull request #500 from bravechamp/patch-1
Fix API access
2022-03-15 14:53:23 +01:00
bravechamp 0bfa5302a7 Fix API access
By allowing API keys to be validated
2022-03-15 16:05:56 +03:00
Juan Font Alonso b8aad5451d Make STUN run by default when embedded DERP is enabled
This commit also allows to set an external STUN server, while running the embedded DERP server (without embedded STUN)
2022-03-15 13:22:25 +01:00
bravechamp 60ee04674d Normalize nickname before saving to database 2022-03-13 21:55:36 +00:00
bravechamp 9901d6b2e7 Ability to clear nickname 2022-03-13 21:10:41 +00:00
bravechamp 663e8384a3 Nickname support 2022-03-13 21:03:20 +00:00
Kristoffer Dalby 61440c42d3 Merge pull request #496 from juanfont/update-contributors
docs(README): update contributors
2022-03-10 19:58:24 +00:00
github-actions[bot] 18ee6274e1 docs(README): update contributors 2022-03-10 19:50:59 +00:00
Kristoffer Dalby 0abfbdc18a Merge pull request #495 from appbricks/appbricks/main-bug-fix
Regression bug fix when re-authenticating machine with auth-key
2022-03-10 19:50:23 +00:00
Mevan Samaratunga 082a852c5e fixed linting recommendation 2022-03-10 10:40:20 -05:00
Mevan Samaratunga af081e9fd3 fixed lint errors 2022-03-10 10:22:21 -05:00
Mevan Samaratunga 8b5e8b7dfc Refresh expired machine on re-auth - closes #489 2022-03-10 08:59:28 -05:00
Kristoffer Dalby 1e7d7e510e Update go sha for flake 2022-03-08 17:17:02 +00:00
Kristoffer Dalby a806694d23 fix gosum merge 2022-03-08 17:11:46 +00:00
Kristoffer Dalby 62d7fae056 Merge pull request #311 from restanrm/docs-acl-modifications
Issues with current ACL implementation and solution proposal
2022-03-08 17:08:17 +00:00
Kristoffer Dalby 06d85688fd set version based on git rev 2022-03-08 17:07:25 +00:00
Kristoffer Dalby dd219d0ff6 Merge branch 'main' into docs-acl-modifications 2022-03-08 17:05:59 +00:00
Kristoffer Dalby 6087e1cf6f Merge pull request #488 from juanfont/update-contributors 2022-03-08 17:02:47 +00:00
github-actions[bot] c47fb1ae54 docs(README): update contributors 2022-03-08 16:50:11 +00:00
Kristoffer Dalby 48cec3cd90 Merge pull request #486 from e-zk/main 2022-03-08 16:49:32 +00:00
Kristoffer Dalby e54c508c10 Merge branch 'main' into main 2022-03-08 16:05:41 +00:00
Kristoffer Dalby 941e9d9b0f Merge pull request #388 from juanfont/embedded-derp 2022-03-08 16:05:30 +00:00
Kristoffer Dalby 11ccae8e52 Merge branch 'main' into flake-build-env 2022-03-08 16:04:52 +00:00
Juan Font Alonso b803240dc1 Added new line for prettier 2022-03-08 12:21:08 +01:00
Juan Font Alonso bdbf620ece Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp 2022-03-08 12:16:43 +01:00
Juan Font e5d22b8a70 Merge branch 'main' into embedded-derp 2022-03-08 12:16:34 +01:00
Juan Font Alonso 05c5e2280b Updated CHANGELOG and README 2022-03-08 12:15:05 +01:00
Juan Font Alonso b41d89946a Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp 2022-03-08 12:11:59 +01:00
Juan Font Alonso cc0c88a63a Added small integration test for stun 2022-03-08 12:11:51 +01:00
e-zk c06689dec1 fix: make register html/template consistent with other html
- makes the html/template for /register follow the same formatting
  as /apple and /windows
- adds a <title> element
- minor change for consistency's sake
2022-03-08 18:34:46 +10:00
Kristoffer Dalby b85dd7abbd Merge pull request #484 from juanfont/prtemplate-fix
Fix checkboxes in PR template
2022-03-08 07:29:30 +00:00
Kristoffer Dalby 6aeaff43aa Fix checkboxes in PR template 2022-03-08 07:21:04 +00:00
Kristoffer Dalby dd26cbd193 Merge branch 'main' into embedded-derp 2022-03-08 07:18:51 +00:00
Kristoffer Dalby 9a60eeaf86 Merge branch 'main' into flake-build-env 2022-03-08 07:18:21 +00:00
Kristoffer Dalby b0ae3240fd Merge pull request #387 from restanrm/fix-magic-dns-and-uppercase-letters
Fix magic dns and uppercase letters
2022-03-08 07:17:45 +00:00
Adrien Raffin-Caboisse 41efe98953 fix: apply fmt and fix missing name changes 2022-03-07 23:20:30 +01:00
Adrien Raffin-Caboisse 2b68c90778 chore: update changelog 2022-03-07 23:14:39 +01:00
Adrien Raffin-Caboisse f19c048569 fix: change normalization function name 2022-03-07 22:55:54 +01:00
Adrien Raffin-Caboisse 6cc8bbc24f feat(api): add normalisation at machine register step 2022-03-07 22:46:29 +01:00
Kristoffer Dalby c24de595f6 Add example commands for docker 2022-03-07 17:41:16 +00:00
Kristoffer Dalby 63641a7b17 Correct pkgs call 2022-03-07 17:37:53 +00:00
Kristoffer Dalby a6570d33a6 Add option to build docker image
This commit adds dockerbuild to flakes.nix:

```
nix build .#headscale-docker
```

This uses the Nix infra to build and _does not_ use Dockerfile.

It currently works on Linux (no macOS)
2022-03-07 17:18:41 +00:00
Kristoffer Dalby 124d8a3424 Update readme with nix notes 2022-03-07 16:58:07 +00:00
Kristoffer Dalby 5de9de14a9 Add flake build file
This commit adds a flake.nix build file, it can be used for three
things:

Build `headscale` from local or straight from git:

nix build
or
nix build github:juanfont/headscale

Run and Build `headscale` from local or straight from git:

nix run
or
nix run github:juanfont/headscale

Set up a development environment including all our tools,
- linters
- protobuf tooling
- compilers

nix develop
2022-03-07 16:51:38 +00:00
Kristoffer Dalby 15f8cb5034 Remove hacky go tool install 2022-03-07 07:40:56 +00:00
Juan Font Alonso 03452a8dca Prettied 2022-03-07 00:29:40 +01:00
Juan Font Alonso 15ed71315c Merge branch 'embedded-derp' of https://github.com/juanfont/headscale into embedded-derp 2022-03-06 23:47:31 +01:00
Juan Font Alonso 05df8e947a Added missing file 2022-03-06 23:47:14 +01:00
Juan Font Alonso b3fa66dbd2 Check for DERP in test 2022-03-06 23:46:16 +01:00
Juan Font Alonso a27b386123 Clarified expiration dates 2022-03-06 23:45:01 +01:00
Juan Font Alonso 580db9b58f Mention that STUN is UDP 2022-03-06 23:19:21 +01:00
Adrien Raffin-Caboisse 1114449601 change: update name of method to check and normalize Domain name 2022-03-06 20:46:17 +01:00
Juan Font b47de07eea Update Dockerfile.tailscale
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-03-06 20:42:27 +01:00
Juan Font e1fcf0da26 Added more version
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-03-06 20:40:55 +01:00
Juan Font dcf3ea567c Merge branch 'main' into fix-magic-dns-and-uppercase-letters 2022-03-06 17:37:48 +01:00
Juan Font Alonso de2ea83b3b Linting here and there 2022-03-06 17:35:54 +01:00
Juan Font Alonso eb06054a7b Make DERP Region configurable 2022-03-06 17:25:21 +01:00
Juan Font Alonso eb500155e8 Make STUN server configurable 2022-03-06 17:00:56 +01:00
Juan Font Alonso dc909ba6d7 Improved logging on startup 2022-03-06 16:54:19 +01:00
Juan Font Alonso 70910c4595 Working /bootstrap-dns DERP helper 2022-03-06 01:23:35 +01:00
Juan Font Alonso 54c3e00a1f Merge local DERP server region with other configured DERP sources 2022-03-05 20:04:31 +01:00
Juan Font Alonso e78c002f5a Fix minor issue 2022-03-05 19:48:30 +01:00
Juan Font Alonso 237f7f1027 Merge branch 'main' into embedded-derp 2022-03-05 19:42:29 +01:00
Juan Font Alonso 992efbd84a Added missing private TLS key 2022-03-05 19:35:15 +01:00
Juan Font Alonso e9eb90fa76 Added integration tests for the embedded DERP server 2022-03-05 19:34:06 +01:00
Juan Font Alonso 88378c22fb Rename the file to derp_server.go for coherence 2022-03-05 19:31:50 +01:00
Juan Font Alonso b742379627 Do not use the term embedded 2022-03-05 19:30:30 +01:00
Juan Font Alonso df37d1a639 Do not offer the option to be DERP insecure
Websockets, in which DERP is based, requires a TLS certificate. At the same time,
if we use a certificate it must be valid... otherwise Tailscale wont connect (does not
have an Insecure option). So there is no option to expose insecure here
2022-03-05 19:19:21 +01:00
Juan Font Alonso 758b1ba1cb Renamed configuration items of the DERP server 2022-03-05 16:22:02 +01:00
Kristoffer Dalby 435ee36d78 Merge pull request #394 from juanfont/renovateaction/dockerfiles 2022-03-05 00:41:22 +00:00
Renovate Bot 35efd8f95a chore(deps): update dependency docker.io/golang to v1.17.8 2022-03-05 00:09:36 +00:00
Juan Font Alonso 09d78c7a05 Even more stuff moved to common 2022-03-04 13:54:59 +01:00
Kristoffer Dalby 60655c5242 Merge pull request #393 from juanfont/update-contributors 2022-03-04 12:30:20 +00:00
Juan Font Alonso 22d2443281 Move more stuff to common 2022-03-04 13:26:45 +01:00
github-actions[bot] a70669fca7 docs(README): update contributors 2022-03-04 11:04:12 +00:00
Kristoffer Dalby 0720473033 Merge pull request #392 from e-zk/windows-endpoint 2022-03-04 11:03:33 +00:00
Kristoffer Dalby e799307e74 Merge branch 'main' into windows-endpoint 2022-03-04 10:47:52 +00:00
e-zk 575f33d183 docs: fix comments to comply with golangci-lint 2022-03-04 20:35:09 +10:00
Juan Font Alonso 607c1eb316 Be consistent with uppercase DERP 2022-03-04 11:31:41 +01:00
e-zk d69dada8ff feat(windows): rename apple_mobileconfig.go => platform_config.go
rename apple_mobileconfig.go to platform_config.go since the file
includes configuration info for multiple platforms now.
2022-03-04 20:03:49 +10:00
e-zk f9e0c13890 docs: update CHANGELOG 2022-03-04 19:53:57 +10:00
e-zk 12a50ac8ac feat(windows): add /windows endpoint for Windows configuration
- registry file /windows/tailscale.reg is generated, filling in the
  associated control server URL
- also includes CLI instructions
- fix /apple incorrect template: 'Url' is supposed to be '.URL'
2022-03-04 19:53:44 +10:00
e-zk b342cf0240 feat(windows): cleanup /apple endpoint
- rename the gin function to AppleConfigMessage
- use <pre> + <code> for code blocks
- add headscale heading
- reword some sections
2022-03-04 19:53:29 +10:00
Kristoffer Dalby e3ff87b7ef Merge pull request #389 from e-zk/main 2022-03-04 07:26:35 +00:00
zakaria 745696b310 docs: fix mistake in ACME challenge type comment 2022-03-04 12:11:43 +10:00
Juan Font Alonso 23cde8445f Merge branch 'main' into embedded-derp 2022-03-04 00:04:59 +01:00
Juan Font Alonso 9d43f589ae Added missing deps 2022-03-04 00:04:28 +01:00
Juan Font Alonso 897d480f4d Add an embedded DERP server to Headscale
This series of commit will be adding an embedded DERP server (and STUN) to Headscale,
thus making it completely self-contained and not dependant in other infrastructure.
2022-03-04 00:01:31 +01:00
Adrien Raffin-Caboisse 6f172a6e4c fix(acls): remove dead error code 2022-03-03 23:53:08 +01:00
Adrien Raffin-Caboisse 44a5372c53 fix(poll): Normalize hostname
This function is called often. Normalization of the hostname will be written in database.
2022-03-03 23:52:25 +01:00
Kristoffer Dalby f2ea6fb30f Merge pull request #384 from restanrm/fix-issue-with-empty-namespace-and-acl-evaluation 2022-03-03 08:43:37 +00:00
Adrien Raffin-Caboisse 4a4952899b feat(acls): add some logs and skip error
logs looks like the following
```
2022-03-02T20:43:08Z DBG Expanding alias=app-test
2022-03-02T20:43:08Z DBG Expanding alias=kube-test
2022-03-02T20:43:08Z DBG Expanding alias=test
2022-03-02T20:43:08Z WRN No IPs found with the alias test
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
2022-03-02T20:43:08Z DBG Expanding alias=prod
2022-03-02T20:43:08Z WRN No IPs found with the alias prod
```
2022-03-02 21:54:43 +01:00
Kristoffer Dalby b72a8aa7d1 Merge pull request #381 from juanfont/update-contributors 2022-03-02 14:18:09 +00:00
github-actions[bot] e301d0d1df docs(README): update contributors 2022-03-02 13:44:26 +00:00
Kristoffer Dalby 75ca91b0f7 Merge pull request #380 from juanfont/update-contributors
docs(README): update contributors
2022-03-02 13:43:53 +00:00
github-actions[bot] e208ccc982 docs(README): update contributors 2022-03-02 13:42:25 +00:00
Kristoffer Dalby 71a62697aa Merge pull request #379 from juanfont/kradalby-patch-1
Second contributor attempt
2022-03-02 13:41:50 +00:00
Kristoffer Dalby f9c0597875 Second contributor attempt 2022-03-02 13:40:37 +00:00
Kristoffer Dalby aa3eb5171a Merge pull request #344 from reynico/metrics-listen 2022-03-02 13:06:29 +00:00
Nico Rey dcc46af8de Changelog: add breaking change 2022-03-02 09:22:29 -03:00
Kristoffer Dalby b61500670c Merge branch 'main' into metrics-listen 2022-03-02 11:35:33 +00:00
Kristoffer Dalby ccec534e19 Merge pull request #377 from juanfont/smarter-contribute-pipeline 2022-03-02 11:17:02 +00:00
Kristoffer Dalby 9b10457209 Merge branch 'main' into smarter-contribute-pipeline 2022-03-02 11:14:50 +00:00
Kristoffer Dalby 9a8f605cba Merge pull request #371 from kradalby/use-specific-database-typess 2022-03-02 11:14:04 +00:00
Kristoffer Dalby 1246267ead Merge branch 'main' into smarter-contribute-pipeline 2022-03-02 10:43:07 +00:00
Kristoffer Dalby a0a56d43f8 Merge branch 'main' into use-specific-database-typess 2022-03-02 10:29:34 +00:00
Kristoffer Dalby 63d87110f6 Merge pull request #376 from e-zk/feat/command-aliases 2022-03-02 10:28:18 +00:00
Kristoffer Dalby 7c99d963e2 Merge branch 'main' into feat/command-aliases 2022-03-02 10:06:38 +00:00
zakaria a614f158be docs: update changelog 2022-03-02 19:53:07 +10:00
Kristoffer Dalby 2b6a5173da Allow upstream delete continue on failure 2022-03-02 09:12:00 +00:00
Kristoffer Dalby 32ac690494 Update contributors.yml 2022-03-02 09:08:30 +00:00
Kristoffer Dalby 0835bffc3c Update changelog 2022-03-02 08:15:21 +00:00
Kristoffer Dalby c80e364f02 Remove always nil error 2022-03-02 08:15:14 +00:00
Kristoffer Dalby 5b169010be Resolve merge conflict 2022-03-02 08:11:50 +00:00
Kristoffer Dalby eeded85d9c Merge pull request #366 from kradalby/registration-simplification 2022-03-02 08:02:26 +00:00
Kristoffer Dalby e4d81bbb16 Merge branch 'main' into registration-simplification 2022-03-02 07:31:02 +00:00
Kristoffer Dalby 1f8c7f427b Add comment 2022-03-02 07:29:56 +00:00
Kristoffer Dalby ef422e6988 Protect against expiry nil 2022-03-02 07:29:56 +00:00
Kristoffer Dalby ec4dc68524 Use correct machinekey format for oidc reg 2022-03-02 07:29:56 +00:00
Kristoffer Dalby 86ade72c19 Remove err check 2022-03-02 07:29:56 +00:00
Kristoffer Dalby 0c0653df8b Merge pull request #375 from restanrm/fix-limitations-in-source-acls-rules
Fix limitations in source acls rules
2022-03-02 07:02:29 +00:00
zakaria 12b3b5f8f1 feat(aliases): add aliases for preauthkeys command
- `preauthkey`, `authkey`, `pre` are aliases for `preauthkey` command
- `ls`, `show` are aliases for `list` subcommand
- `c`, `new` are aliases for `create` subcommand
- `revoke`, `exp`, `e` are aliases for `expire` subcommand
2022-03-02 15:42:12 +10:00
zakaria 052dbfe440 feat(aliases): add aliases for apikeys command
- `apikey`, `api` are aliases for `apikeys` command
- `ls`, `show` are aliases for `list` subcommand
- `c`, `new` are aliases for `create` subcommand
- `revoke`, `exp`, `e` are aliases for the `expire` subcommand
2022-03-02 15:32:35 +10:00
zakaria 5310f8692b feat(aliases): add aliases for namespaces command
- `namespace`, `ns`, `user`, `users` are aliases for `namespaces`
   command
- `c`, `new` are aliases for the `create` subcommand
- `delete` is an alias for the `destroy` subcommand
- `mv` is an alias for the `rename` subcommand
- `ls`, `show` are aliases for the `list` subcommand
2022-03-02 14:35:20 +10:00
zakaria aff6b84250 feat(aliases): add 'gen' alias for 'generate' command 2022-03-02 14:29:33 +10:00
zakaria 21eee912a3 feat(aliases): add aliases for nodes command
- `node`, `machine`, `machines` are aliases for `nodes` command
- `ls`, `show` aliases for `list` subcommand
- `logout`, `exp`, `e` are aliases for `expire` subcommand
- `del` is an alias for `delete` subcommand
2022-03-02 14:28:03 +10:00
zakaria dbb2af0238 feat(aliases): add aliases for route command
- `r` is alias for `route` command
- `ls`, or `show` is alias for `list` subcommand
2022-03-02 14:27:56 +10:00
Adrien Raffin-Caboisse 77fe0b01f7 docs: update changelog 2022-03-01 22:50:22 +01:00
Adrien Raffin-Caboisse 361b4f7f4f fix(machine): allow to use * in ACL sources 2022-03-01 22:48:21 +01:00
Kristoffer Dalby dec4ee5f73 Merge pull request #373 from restanrm/feat-email-in-acls 2022-03-01 21:18:13 +00:00
Adrien Raffin-Caboisse b2dca80e7a docs: update changelog 2022-03-01 21:16:33 +01:00
Adrien Raffin-Caboisse a455a874ad feat(acls): normalize the group name 2022-03-01 21:10:52 +01:00
Kristoffer Dalby 49cd761bf6 Use new machine types in tests 2022-03-01 16:34:35 +00:00
Kristoffer Dalby 6477e6a583 Use new machine types 2022-03-01 16:34:24 +00:00
Kristoffer Dalby 8a95fe517a Use specific types for all fields on machine (no datatypes.json)
This commit removes the need for datatypes.JSON and makes the code a bit
cleaner by allowing us to use proper types throughout the code when it
comes to hostinfo and other datatypes on the machine object.

This allows us to remove alot of unmarshal/marshal operations and remove
a lot of obsolete error checks.

This following commits will clean away a lot of untyped data and
uneccessary error checks.
2022-03-01 16:31:25 +00:00
Kristoffer Dalby a9d4fa89dc Merge branch 'main' into registration-simplification 2022-03-01 15:53:06 +01:00
Kristoffer Dalby 94c5474212 Merge pull request #369 from kradalby/update-dependencies
Update dependencies
2022-03-01 15:52:27 +01:00
Kristoffer Dalby d34d617935 Merge branch 'main' into registration-simplification 2022-03-01 15:18:24 +01:00
Kristoffer Dalby 573008757d Merge branch 'main' into update-dependencies 2022-03-01 15:16:56 +01:00
Kristoffer Dalby 4c74043f72 Merge pull request #359 from kradalby/yaml-acls
Add YAML support to ACLs
2022-03-01 15:16:37 +01:00
Kristoffer Dalby 0551b34de5 Merge branch 'main' into update-dependencies 2022-03-01 14:51:57 +01:00
Kristoffer Dalby 105812421e Merge branch 'main' into yaml-acls 2022-03-01 14:49:37 +01:00
Kristoffer Dalby 4a9fd3a680 Merge pull request #368 from kradalby/apple-profile-fix
Fix apple profile issue being generated with escaped characters
2022-03-01 14:49:07 +01:00
Kristoffer Dalby 1cb39d914c Update dependencies 2022-03-01 07:35:17 +00:00
Kristoffer Dalby 5157f356cb Fix apple profile issue being generated with escaped characters 2022-03-01 07:30:35 +00:00
Kristoffer Dalby 7c63412df5 Remove todo 2022-02-28 23:02:41 +00:00
Kristoffer Dalby 82cb6b9ddc Cleanup some unreachable code 2022-02-28 23:00:41 +00:00
Kristoffer Dalby 379017602c Reformat and add db backup note 2022-02-28 22:50:35 +00:00
Kristoffer Dalby 8bef04d8df Remove sorted todo 2022-02-28 22:45:42 +00:00
Kristoffer Dalby 5e92ddad43 Remove redundant caches
This commit removes the two extra caches (oidc, requested time) and uses
the new central registration cache instead. The requested time is
unified into the main machine object and the oidc key is just added to
the same cache, as a string with the state as a key instead of machine
key.
2022-02-28 22:42:30 +00:00
Kristoffer Dalby e64bee778f Regenerate proto 2022-02-28 22:21:14 +00:00
Kristoffer Dalby 5e1b12948e Remove registered field from proto 2022-02-28 22:21:06 +00:00
Kristoffer Dalby eea8e7ba6f Update changelog 2022-02-28 22:11:31 +00:00
Kristoffer Dalby 78251ce8ec Remove registrated field
This commit removes the field from the database and does a DB migration
**removing** all unregistered machines from headscale.

This means that from this version, all machines in the database is
considered registered.
2022-02-28 18:05:03 +00:00
Kristoffer Dalby a8649d83c4 Remove all references to Machine.Registered from tests 2022-02-28 17:42:03 +00:00
Kristoffer Dalby 16b21e8158 Remove all references to Machine.Registered 2022-02-28 16:55:57 +00:00
Kristoffer Dalby 35616eb861 Fix oidc error were namespace isnt created #365 2022-02-28 16:41:28 +00:00
Kristoffer Dalby e7bef56718 Remove reference to registered in integration test 2022-02-28 16:36:29 +00:00
Kristoffer Dalby c6b87de959 Remove poorly aged test 2022-02-28 16:36:16 +00:00
Kristoffer Dalby 50053e616a Ignore complexity linter 2022-02-28 16:35:08 +00:00
Kristoffer Dalby 54cc3c067f Implement new machine register parameter 2022-02-28 16:34:50 +00:00
Kristoffer Dalby 402a76070f Reuse machine structure for parameters, named parameters 2022-02-28 16:34:28 +00:00
Nico Rey 9a61725e9f Metrics: Disable toggle. Set default port to 9090 2022-02-28 10:40:02 -03:00
Kristoffer Dalby 6126d6d9b5 Merge branch 'main' into metrics-listen 2022-02-28 14:24:25 +01:00
Kristoffer Dalby 469551bc5d Register new machines needing callback in memory
This commit stores temporary registration data in cache, instead of
memory allowing us to only have actually registered machines in the
database.
2022-02-28 08:06:39 +00:00
Kristoffer Dalby 1caa6f5d69 Add todo for JSON datatype 2022-02-27 18:48:25 +01:00
Kristoffer Dalby ecc26432fd Fix excessive replace 2022-02-27 18:48:12 +01:00
Kristoffer Dalby caffbd8956 Update cli registration with new method 2022-02-27 18:42:43 +01:00
Kristoffer Dalby fd1e4a1dcd Generalise registration for openid 2022-02-27 18:42:24 +01:00
Kristoffer Dalby acb945841c Generalise registration for pre auth keys 2022-02-27 18:42:15 +01:00
Kristoffer Dalby c58ce6f60c Generalise the registration method to DRY stuff up 2022-02-27 18:40:10 +01:00
Kristoffer Dalby d6f6939c54 Update changelog 2022-02-27 09:08:29 +01:00
Kristoffer Dalby e0b9a317f4 Add note to config example 2022-02-27 09:05:08 +01:00
Kristoffer Dalby c159eb7541 Add basic test of yaml parsing 2022-02-27 09:04:59 +01:00
Kristoffer Dalby 8a3a0b6403 Add YAML support to ACLs 2022-02-27 09:04:48 +01:00
Kristoffer Dalby 67d6c8f946 Remove oversensitive tracing output 2022-02-27 09:04:27 +01:00
Nico Rey 06e6c29a5b metrics: make metrics endpoint toggleable 2022-02-25 18:36:03 -03:00
Nico Rey a9122c3de3 prometheus: replace default port by a port between the recommended prometheus range 2022-02-25 18:21:20 -03:00
Kristoffer Dalby b1bd17f316 Merge pull request #350 from restanrm/feat-oidc-login-as-namespace 2022-02-25 13:22:26 +01:00
Adrien Raffin-Caboisse b39faa124a Merge remote-tracking branch 'origin/main' into feat-oidc-login-as-namespace 2022-02-25 11:28:17 +01:00
Kristoffer Dalby 8689a39c96 Merge pull request #357 from kradalby/make-namespace-to-users
Remove boundaries between Namespaces
2022-02-25 11:01:41 +01:00
Kristoffer Dalby bae8ed3e70 Merge branch 'main' into make-namespace-to-users 2022-02-25 10:39:12 +01:00
Kristoffer Dalby 08c7076667 Merge pull request #346 from kradalby/integration-test-concurrent-join
Fix ip allocation bug, make integration tests faster
2022-02-25 10:37:35 +01:00
Kristoffer Dalby 91b50550ee Update readme and glossary to reflect features and goals 2022-02-25 10:34:35 +01:00
Kristoffer Dalby 2c7064462a Update changelog 2022-02-25 10:30:58 +01:00
Kristoffer Dalby d9e7f37280 Uncomment previous test and update them for no boundries 2022-02-25 10:27:27 +01:00
Kristoffer Dalby e03b3d558f Remove boundries between namespaces 2022-02-25 10:26:34 +01:00
Kristoffer Dalby 2fd36dd254 Resolve merge 2022-02-25 09:08:15 +00:00
Kristoffer Dalby 381598663d Merge pull request #347 from kradalby/remove-shared
Remove the concept of "shared nodes"
2022-02-25 10:06:58 +01:00
Kristoffer Dalby 6d699d3c29 Update changelog 2022-02-25 08:44:16 +00:00
Kristoffer Dalby ebe59a5a27 Fix utils tests, use ipset datastructure 2022-02-25 08:28:22 +00:00
Nico d55c79e75b Merge branch 'main' into metrics-listen 2022-02-24 10:41:07 -03:00
Kristoffer Dalby eda0a9f88a Lock allocation of IP address
current logic is not safe as it will allow an IP that isnt persisted to
the DB to be given out multiple times if machines joins in quick
succession.

This adds a lock around the "get ip" and machine registration and save
to DB so we ensure thiis isnt happning.

Currently this had to be done three places, which is silly, and outlined
in #294.
2022-02-24 13:18:18 +00:00
Adrien Raffin-Caboisse 47e8442d91 Update CHANGELOG.md
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-02-24 13:34:48 +01:00
Adrien Raffin-Caboisse f9ce32fe1a Update CHANGELOG.md
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-02-24 13:34:36 +01:00
Kristoffer Dalby 189e883f91 Resolve merge 2022-02-24 11:41:54 +00:00
Kristoffer Dalby aa506503e2 Merge branch 'main' into feat-oidc-login-as-namespace 2022-02-24 11:40:34 +00:00
Kristoffer Dalby 9c2c09fce7 Merge branch 'main' into remove-shared 2022-02-24 11:39:44 +00:00
Kristoffer Dalby 5596a0acef Merge pull request #297 from arch4ngel/configurable-mtls
Configurable mtls
2022-02-24 11:32:02 +00:00
Kristoffer Dalby 9687e6768d Remove retry from integration tests 2022-02-24 11:29:53 +00:00
Kristoffer Dalby fb85c78e8a Fail integration tests fast 2022-02-24 11:28:34 +00:00
Kristoffer Dalby d27f2bc538 Merge branch 'main' into metrics-listen 2022-02-24 11:16:57 +00:00
Kristoffer Dalby 8c33907655 Sort lint 2022-02-24 11:10:40 +00:00
Kristoffer Dalby afb67b6e75 Merge branch 'main' into configurable-mtls 2022-02-24 11:09:05 +00:00
Kristoffer Dalby 69f220fe5c Merge branch 'main' into feat-oidc-login-as-namespace 2022-02-24 11:01:32 +00:00
Kristoffer Dalby c46dfd761c Merge pull request #349 from kradalby/remove-cgo 2022-02-24 10:11:15 +00:00
Adrien Raffin-Caboisse 95453cba75 Merge branch 'main' into feat-oidc-login-as-namespace 2022-02-23 17:56:45 +01:00
Kristoffer Dalby ed2175706c Merge branch 'remove-cgo' of github.com:kradalby/headscale into remove-cgo 2022-02-23 16:23:53 +00:00
Kristoffer Dalby 686e45cf27 Set all anti-cgo options and add comment 2022-02-23 16:15:20 +00:00
Adrien Raffin-Caboisse ae6a20e4d9 fix: add valid test identified by linter 2022-02-23 14:28:25 +01:00
Adrien Raffin-Caboisse 046116656b chore: update formatting 2022-02-23 14:22:21 +01:00
Adrien Raffin-Caboisse 972bef1194 feat: add length error if hostname too long 2022-02-23 14:21:46 +01:00
Adrien Raffin-Caboisse 4f1f235a2e feat: add strip_email_domain to normalization of namespace 2022-02-23 14:03:07 +01:00
Adrien Raffin-Caboisse 7e4709c13f fix(namespace): remove name validation for destroy and get 2022-02-23 13:35:57 +01:00
Adrien Raffin-Caboisse cef0a2b0b3 fix(namespaces_test): fix missing namespace name 2022-02-23 11:40:48 +01:00
Adrien Raffin-Caboisse fcdbe7c510 fix(utils_test): fix namespace name 2022-02-23 11:38:20 +01:00
Adrien Raffin-Caboisse 995731a29c fix(namespace): checknamespace name before actions
I keep the check server side because it's better from a security point of view.
2022-02-23 11:32:16 +01:00
Adrien Raffin-Caboisse 45727dbb21 feat(namespace): add check function for namespace 2022-02-23 11:32:14 +01:00
Kristoffer Dalby f0a73632e0 Merge branch 'main' into remove-cgo 2022-02-23 09:01:38 +00:00
Kristoffer Dalby 823cc493f0 Merge branch 'main' into configurable-mtls 2022-02-23 07:29:31 +00:00
Juan Font a86b33f1ff Merge pull request #345 from juanfont/update-contributors
docs(README): update contributors
2022-02-22 23:46:54 +01:00
Juan Font 28c2bbeb27 Merge branch 'main' into update-contributors 2022-02-22 23:35:34 +01:00
github-actions[bot] d4761da27c docs(README): update contributors 2022-02-22 22:34:27 +00:00
Juan Font b0c7ebeb7d Merge pull request #351 from pernila/patch-1
Added FreeBSD to the supported clients
2022-02-22 23:33:58 +01:00
Juan Font 5f375d69b5 Merge branch 'main' into update-contributors 2022-02-22 23:32:02 +01:00
Juan Font 9eb705a4fb Merge branch 'main' into patch-1 2022-02-22 23:31:29 +01:00
Juan Font 1b87396a8c Merge pull request #333 from ohdearaugustin/topic/renovatebot
Topic/renovatebot
2022-02-22 23:30:46 +01:00
Juan Font bb14bcd4d2 Merge branch 'main' into topic/renovatebot 2022-02-22 23:29:08 +01:00
pernila 48c866b058 Added FreeBSD to the supported clients
Added FreeBSD to the supported clients
Now in ports: https://www.freshports.org/security/headscale/
2022-02-22 23:06:35 +02:00
Adrien Raffin-Caboisse fe0b43eaaf chore: update changelog 2022-02-22 21:20:59 +01:00
Adrien Raffin-Caboisse afd4a3706e chore: update formating 2022-02-22 21:05:39 +01:00
Adrien Raffin-Caboisse 717250adb3 feat: removing matchmap from headscale 2022-02-22 20:58:08 +01:00
Kristoffer Dalby 67f5c32b49 Only allow one connection to sqlite 2022-02-22 19:04:52 +00:00
Adrien Raffin-Caboisse 0191ea93ff feat(oidc): bind email to namespace 2022-02-22 19:59:15 +01:00
Adrien Raffin-Caboisse 92ffac625e feat(namespace): add normalization function for namespace 2022-02-22 19:59:12 +01:00
Kristoffer Dalby bfbcea35a0 Remove dependency on CGO
This commit changes the SQLite dependency to one that does not depend on
CGO. It uses a C-to-Go translated sqlite library that is Pure go.
2022-02-22 16:51:54 +00:00
Kristoffer Dalby 638a84adb9 Merge branch 'main' into integration-test-concurrent-join 2022-02-22 16:49:32 +00:00
Kristoffer Dalby ec58979ce0 Merge branch 'main' into remove-shared 2022-02-22 16:48:14 +00:00
Kristoffer Dalby 7e6e093f17 Merge branch 'integration-test-concurrent-join' of github.com:kradalby/headscale into integration-test-concurrent-join 2022-02-22 16:19:28 +00:00
Kristoffer Dalby 4962335860 Remove dependency on CGO
This commit changes the SQLite dependency to one that does not depend on
CGO. It uses a C-to-Go translated sqlite library that is Pure go.
2022-02-22 16:18:25 +00:00
Kristoffer Dalby a37339fa54 Merge pull request #348 from restanrm/remove-comment
fix(machine): remove comment
2022-02-22 14:06:12 +00:00
Kristoffer Dalby f7eeb979fb Add timeout 2022-02-22 13:46:59 +00:00
Adrien Raffin-Caboisse f2f8d834e8 fix(machine): remove comment
After some more tests in tailscale I couldn't replicate the behavior
described in there.

When adding a rule, allowing A to talk to B the reverse connection was
instantly added to B to allow communication to B.

The previous assumption was probably wrong.
2022-02-22 11:26:21 +01:00
Kristoffer Dalby fe2f75d13d Allow integration test to retry 2022-02-22 07:40:56 +00:00
Kristoffer Dalby 52db6188df Merge branch 'main' into update-contributors 2022-02-21 23:38:56 +00:00
Kristoffer Dalby 8dca40535f Test if we can join headscale in parallell to speed up 2022-02-21 23:16:39 +00:00
Kristoffer Dalby f4c302f1fb Uncomment tests that will failed in transition period 2022-02-21 23:10:20 +00:00
Kristoffer Dalby 4ca8181dcb Remove sharing from integration tests 2022-02-21 23:04:10 +00:00
Kristoffer Dalby 24a8e198a1 Remove sharing references across the code 2022-02-21 23:01:35 +00:00
Kristoffer Dalby 9411ec47c3 Remove sharing class and tests 2022-02-21 22:53:30 +00:00
Kristoffer Dalby 1e8f4dbdff Drop shared node table 2022-02-21 22:52:55 +00:00
Kristoffer Dalby 9399754489 Remove protobuf share/unshare generated go 2022-02-21 22:48:27 +00:00
Kristoffer Dalby 9d1752acbc Remove protobuf share/unshare 2022-02-21 22:48:14 +00:00
Kristoffer Dalby 6da2a19d10 Remove grpc share/unshare functions 2022-02-21 22:45:04 +00:00
Kristoffer Dalby 9ceac5c0fc Remove CLI and tests for Shared node 2022-02-21 22:44:08 +00:00
Kristoffer Dalby f562ad579a Merge branch 'main' into configurable-mtls 2022-02-21 21:44:49 +00:00
github-actions[bot] bbadeb567a docs(README): update contributors 2022-02-21 21:41:48 +00:00
Kristoffer Dalby 69cdfbb56f Merge pull request #320 from restanrm/feat-improve-acls-usage
Improvements on the ACLs and bug fixing
2022-02-21 21:41:15 +00:00
Adrien Raffin-Caboisse d971f0f0e6 fix(acls_test): fix comment in go code 2022-02-21 21:48:05 +01:00
Adrien Raffin-Caboisse 650108c7c7 chore(fmt): apply fmt 2022-02-21 21:46:40 +01:00
Adrien Raffin-Caboisse baae266db0 Update acls_test.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-02-21 20:25:41 +01:00
Adrien Raffin-Caboisse 50af44bc2f fix: add error checking in acl and poll
If aclPolicy is not defined, in updateAclPolicy, return an error.
2022-02-21 20:06:31 +01:00
Nico Rey e3bcc88880 Linter: make linter happy 2022-02-21 15:22:36 -03:00
Nico Rey 14e49885fb metrics/kustomize: update Kustomize examples 2022-02-21 12:51:25 -03:00
Nico Rey fbc1843889 metrics/tests: update tests 2022-02-21 12:51:05 -03:00
Nico Rey 45d5ab30ff metrics/cfg: add a new entry for the Prometheus listen address 2022-02-21 12:50:44 -03:00
Nico Rey d5fd7a5c00 metrics: add a new router and listener for Prometheus' metrics endpoint 2022-02-21 12:50:15 -03:00
Justin Angel b5a59d4e7a updating changelog and docs 2022-02-21 10:20:11 -05:00
Adrien Raffin-Caboisse 211fe4034a chore(linter): ignore tt var as it's generated code (vscode) 2022-02-21 16:10:20 +01:00
Justin Angel daa75da277 Linting and updating tests 2022-02-21 10:09:23 -05:00
Adrien Raffin-Caboisse 25550f8866 chore(format): run prettier on repo 2022-02-21 16:06:20 +01:00
Adrien Raffin-Caboisse 4bbe0051f6 chore(machines): apply lint 2022-02-21 10:02:59 +01:00
Adrien Raffin-Caboisse 5ab62378ae tests(machines): test all combinations of peer filtering 2022-02-21 09:58:19 +01:00
Adrien Raffin-Caboisse f006860136 feat(machines): untie dependency with class for filter func
The dependency to the `headscale` struct makes tests harder to do.

This change allow to easily add some tests for this quite sensible function.
2022-02-21 09:58:19 +01:00
Adrien Raffin-Caboisse 9c6ce02554 fix(machines): use ListAllMachines function
added a simple filter to remove the current node
2022-02-21 09:58:19 +01:00
Adrien Raffin-Caboisse 960412a335 fix(machines): simplify complex if check
This should fix the performance issue with computation of `dst` variable. It's also easier to read now.
2022-02-21 09:58:19 +01:00
Kristoffer Dalby ecb3ee6bfa Merge branch 'main' into feat-improve-acls-usage 2022-02-21 08:51:21 +00:00
Adrien Raffin-Caboisse 5242025ab3 fix(machines): renaming following review comments 2022-02-20 23:50:08 +01:00
Adrien Raffin-Caboisse b3d0fb7a93 fix(machine): revert modifications
Using h.ListAllMachines also listed the current machine in the result. It's unnecessary (I don't know if it's harmful).

Breaking the check with the `matchSourceAndDestinationWithRule` broke the tests. We have a specificity with the '*' destination that isn't symetrical.
I need to think of a better way to do this. It too hard to read.
2022-02-20 23:47:04 +01:00
Adrien Raffin-Caboisse 5e167cc00a fix(tests): fix naming issues related to code review 2022-02-20 23:00:31 +01:00
Adrien Raffin-Caboisse d00251c63e fix(acls,machines): apply code review suggestions 2022-02-20 21:26:20 +01:00
Adrien Raffin-Caboisse 4f9ece14c5 Apply suggestions from code review on changelog
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-02-20 20:47:12 +01:00
Kristoffer Dalby 7bf2a91dd0 Merge branch 'main' into configurable-mtls 2022-02-20 14:33:23 +00:00
Justin Angel 385dd9cc34 refactoring 2022-02-20 09:06:14 -05:00
Kristoffer Dalby 602291df61 Merge pull request #338 from juanfont/update-contributors 2022-02-19 23:13:08 +00:00
github-actions[bot] 5245f1accc docs(README): update contributors 2022-02-19 22:48:26 +00:00
Kristoffer Dalby 91babb5130 Merge pull request #336 from ohdearaugustin/topic/fix-contributors-action 2022-02-19 21:08:53 +00:00
ohdearaugustin 8798efd353 contributor: set specific version 2022-02-19 21:36:08 +01:00
Kristoffer Dalby 66a12004e7 Merge branch 'main' into topic/renovatebot 2022-02-19 19:34:30 +00:00
Kristoffer Dalby 74621e2750 Merge pull request #332 from e-zk/main
Fix spelling error
2022-02-19 19:34:24 +00:00
Kristoffer Dalby 74c3c6bb60 Merge branch 'main' into main 2022-02-19 19:32:34 +00:00
Kristoffer Dalby 84b98e716a Merge pull request #334 from ohdearaugustin/topic/renovatebot-codeowner
CODEOWNER: add renovate config ohdearaugustin
2022-02-19 19:32:21 +00:00
ohdearaugustin e9f13b6031 CODEOWNER: add renovate config ohdearaugustin 2022-02-19 20:28:08 +01:00
ohdearaugustin fe6d47030f renovatebot: configure 2022-02-19 20:15:53 +01:00
ohdearaugustin a19550adbf prettier: renovatebot.yml 2022-02-19 19:49:12 +01:00
ohdearaugustin 3db88d27de github/workflows: init renovatebot 2022-02-19 19:49:12 +01:00
e-zk a6b7bc5939 Fix spelling error 2022-02-20 03:14:51 +10:00
Kristoffer Dalby 397b6fc4bf Merge branch 'main' into docs-acl-modifications 2022-02-18 20:13:10 +00:00
Kristoffer Dalby 7d5e6d3f0f Merge pull request #330 from kradalby/codeowners
Add ohdearaugustin to CODEOWNERS for config and docs
2022-02-18 20:12:29 +00:00
Kristoffer Dalby 7a90c2fba1 Merge branch 'main' into codeowners 2022-02-18 20:11:33 +00:00
Kristoffer Dalby 5cf215a44b Merge pull request #325 from juanfont/kradalby-patch-4
Update changelog for 0.13.0
2022-02-18 20:11:03 +00:00
Kristoffer Dalby 7916fa8b45 Add ohdearaugustin to CODEOWNERS for config and docs 2022-02-18 19:57:03 +00:00
Kristoffer Dalby 5fbef07627 Update changelog for 0.13.0 2022-02-18 18:54:27 +00:00
Kristoffer Dalby 21df798f07 Merge branch 'main' into feat-improve-acls-usage 2022-02-18 17:19:19 +00:00
Kristoffer Dalby 67bb1fc9dd Merge pull request #324 from m-tanner-dev0/patch-1 2022-02-18 07:18:22 +00:00
Tanner 61bfa79be2 Update README.md
change flippant language
2022-02-17 17:55:40 -08:00
Adrien Raffin-Caboisse f073d8f43c chore(lint): ignore linting on test_expandalias
This is a false positive on the way the function is built.
Small tests cases are all inside this functions, making it big.
2022-02-17 09:32:55 +01:00
Adrien Raffin-Caboisse 5f642eef76 chore(lint): more lint fixing 2022-02-17 09:32:54 +01:00
Adrien Raffin-Caboisse d8c4c3163b chore(fmt): apply make fmt command 2022-02-17 09:32:54 +01:00
Adrien Raffin-Caboisse 9cedbbafd4 chore(all): update some files for linter 2022-02-17 09:32:51 +01:00
Adrien Raffin-Caboisse aceaba60f1 docs(changelog): bump changelog 2022-02-17 09:30:09 +01:00
Adrien Raffin-Caboisse 7b5ba9f781 docs(acl): add configuration example to explain acls 2022-02-17 09:30:09 +01:00
Adrien Raffin de59946447 feat(acls): rewrite functions to be testable
Rewrite some function to get rid of the dependency on Headscale object. This allows us
to write succinct test that are more easy to review and implement.

The improvements of the tests allowed to write the removal of the tagged hosts
from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-17 09:30:09 +01:00
Adrien Raffin 97eac3b938 feat(acl): update frequently the aclRules
This call should be done quite at each modification of a server resources like RequestTags.
When a server changes it's tag we should rebuild the ACL rules.

When a server is added to headscale we also should update the ACLRules.
2022-02-17 09:30:08 +01:00
Adrien Raffin fb45138fc1 feat(acls): check acl owners and add bunch of tests 2022-02-17 09:30:08 +01:00
Adrien Raffin e9949b4c70 feat(acls): simplify updating rules 2022-02-17 09:30:08 +01:00
Adrien Raffin e482dfeed4 feat(machine): add ACLFilter if ACL's are enabled.
This commit change the default behaviour and remove the notion of namespaces between the hosts. It allows all namespaces to be only filtered by the ACLs. This behavior is closer to tailsnet.
2022-02-17 09:30:05 +01:00
Jamie Greeff 9b7d657cbe Return all peers instead of peers in same namespace 2022-02-17 09:27:59 +01:00
Adrien Raffin-Caboisse 55d746d3f5 docs(acls-proposal): wording comment
A hidden thing was implied in this document is that each person should have his own namespace.
Hidden information in spicification isn't good.
Thank's @kradalby for pointing it out.
2022-02-16 09:16:25 +01:00
Kristoffer Dalby 73497382b7 Merge pull request #306 from kradalby/apiwork
Introduce API keys and enable remote control API
2022-02-15 22:23:32 +00:00
Adrien Raffin-Caboisse c364c2a382 chore(acl-proposals): apply prettier 2022-02-15 09:53:22 +01:00
Adrien Raffin-Caboisse e540679dbd docs(acl-proposals): integrate comments 2022-02-15 09:52:05 +01:00
Adrien Raffin-Caboisse 86b329d8bf chore(docs): create proposals directory 2022-02-15 09:27:33 +01:00
Kristoffer Dalby b2b2954545 Merge branch 'main' into apiwork 2022-02-14 22:29:20 +00:00
Kristoffer Dalby a3360b082f Merge pull request #321 from ohdearaugustin/topic/specific-go-version 2022-02-14 22:03:17 +00:00
Kristoffer Dalby b721502147 Merge branch 'main' into topic/specific-go-version 2022-02-14 20:51:33 +00:00
Kristoffer Dalby 1869bff4ba Merge pull request #316 from kradalby/kv-worker-cleanup 2022-02-14 20:51:00 +00:00
ohdearaugustin 0b9dd19ec7 Dockerfiles: update go version to 1.17.7 2022-02-14 21:32:20 +01:00
ohdearaugustin b2889bc355 github/workflows: set specific go version 2022-02-14 21:31:49 +01:00
Kristoffer Dalby 28c824acaf Merge branch 'main' into apiwork 2022-02-14 16:17:34 +00:00
Kristoffer Dalby 57f1da6dca Merge branch 'main' into kv-worker-cleanup 2022-02-14 11:35:15 +00:00
Kristoffer Dalby c9640b2f3e Merge pull request #317 from kradalby/sponsor 2022-02-14 11:34:56 +00:00
Kristoffer Dalby 546b1e8a05 Merge branch 'main' into kv-worker-cleanup 2022-02-14 10:17:03 +00:00
Kristoffer Dalby 3b54a68f5c Merge branch 'main' into sponsor 2022-02-14 10:16:58 +00:00
Kristoffer Dalby 1b1aac18d2 Merge pull request #315 from kradalby/windows-client-docs2 2022-02-14 10:16:25 +00:00
Kristoffer Dalby f30ee3d2df Add note about support in readme 2022-02-13 11:07:45 +00:00
Kristoffer Dalby 9f80349471 Add sponsorship button
This commit adds a sponsor/funding section to headscale.

@juanfont and I have discussed this and this arrangement is agreed upon
and hopefully this can bring us to a place in the future were even more
features and prioritization can be put upon the project.
2022-02-13 11:02:31 +00:00
Kristoffer Dalby 14b23544e4 Add note about running grpc behind a proxy and combining ports 2022-02-13 09:48:33 +00:00
Kristoffer Dalby 4e54796384 Allow gRPC server to run insecure 2022-02-13 09:08:46 +00:00
Kristoffer Dalby c3b68adfed Fix lint 2022-02-13 08:46:35 +00:00
Kristoffer Dalby 0018a78d5a Add insecure option
Add option to not _validate_ if the certificate served from headscale is
trusted.
2022-02-13 08:41:49 +00:00
Kristoffer Dalby 50f0270543 Merge branch 'main' into windows-client-docs2 2022-02-12 22:35:23 +00:00
Kristoffer Dalby bb80b679bc Remove RequestMapUpdates function 2022-02-12 21:04:00 +00:00
Kristoffer Dalby 6fa0903a8e Update changelog 2022-02-12 20:50:17 +00:00
Kristoffer Dalby 2bc8051ae5 Remove kv-namespace-worker
This commit removes the namespace kv worker and related code, now that
we talk over gRPC to the server, and not directly to the DB, we should
not need this anymore.
2022-02-12 20:46:05 +00:00
Kristoffer Dalby 4841e16386 Add remote control doc 2022-02-12 20:39:42 +00:00
Kristoffer Dalby d79ccfc05a Add comment on why grpc is on its own port, replace deprecated 2022-02-12 19:50:12 +00:00
Kristoffer Dalby ead8b68a03 Fix lint 2022-02-12 19:42:55 +00:00
Kristoffer Dalby 3bb4c28c9a Merge branch 'main' into apiwork 2022-02-12 19:39:30 +00:00
Kristoffer Dalby 2fbcc38f8f Emph trusted cert 2022-02-12 19:36:43 +00:00
Kristoffer Dalby 315ff9daf0 Remove insecure, only allow valid certs 2022-02-12 19:35:55 +00:00
Kristoffer Dalby 4078e75b50 Correct log message 2022-02-12 19:30:25 +00:00
Kristoffer Dalby 58bfea4e64 Update examples and docs 2022-02-12 19:08:59 +00:00
Kristoffer Dalby e18078d7f8 Rename j 2022-02-12 19:08:41 +00:00
Kristoffer Dalby c73b57e7dc Use undeprecated method for insecure 2022-02-12 19:08:33 +00:00
Kristoffer Dalby 531298fa59 Fix import 2022-02-12 17:13:51 +00:00
Kristoffer Dalby 30a2ccd975 Add tls certs as creds for grpc 2022-02-12 17:05:30 +00:00
Kristoffer Dalby 59e48993f2 Change the http listener 2022-02-12 16:33:18 +00:00
Kristoffer Dalby bfc6f6e0eb Split grpc and http 2022-02-12 16:15:26 +00:00
Kristoffer Dalby 811d3d510c Add grpc_listen_addr config option 2022-02-12 16:14:33 +00:00
Kristoffer Dalby 2aba37d2ef Try to support plaintext http2 after termination 2022-02-12 14:42:23 +00:00
Kristoffer Dalby 8853ccd5b4 Terminate tls immediatly, mux after 2022-02-12 13:25:27 +00:00
Kristoffer Dalby c794f32f58 Merge pull request #312 from hdhoang/patch-1 2022-02-12 12:27:57 +00:00
Kristoffer Dalby dd8bae8c61 Add link from the docs readme 2022-02-11 18:39:41 +00:00
Kristoffer Dalby 1b47ddd583 Improve the windows client docs as per discord recommendations 2022-02-11 18:36:53 +00:00
Hoàng Đức Hiếu 20991d6883 Merge branch 'main' into patch-1 2022-02-11 17:56:46 +07:00
Kristoffer Dalby 96f09e3f30 Merge pull request #313 from kradalby/windows-client-docs 2022-02-11 09:34:11 +00:00
Kristoffer Dalby 8f40696f35 Merge branch 'main' into windows-client-docs 2022-02-11 09:32:49 +00:00
Kristoffer Dalby c1845477ef Merge pull request #314 from kradalby/tailscale-204 2022-02-11 09:32:24 +00:00
Kristoffer Dalby 1d40de3095 Update changelog 2022-02-11 08:45:02 +00:00
Kristoffer Dalby 2357fb6f80 Upgrade all dependencies 2022-02-11 08:43:31 +00:00
Kristoffer Dalby ba8afdb7be Upgrade to tailscale 1.20.4 2022-02-11 08:39:00 +00:00
Kristoffer Dalby d9aaa0bdfc Add docs on how to set up Windows clients 2022-02-11 08:26:22 +00:00
Hoàng Đức Hiếu 66ff34c2dd apply changelog 2022-02-11 13:49:09 +07:00
Hoàng Đức Hiếu 150652e939 poll: fix swapped machine<->namespace labels 2022-02-11 13:46:36 +07:00
Adrien Raffin-Caboisse 7bdd7748e4 fix(acl): add missing internal namespace communications 2022-02-10 12:03:03 +01:00
Adrien Raffin-Caboisse 0426212348 docs(acls): add example use case 2022-02-10 10:42:26 +01:00
Adrien Raffin-Caboisse 85cf443ac6 docs(acls): Issues with ACL and proposition 2022-02-08 16:59:35 +01:00
Justin Angel 1b2fff4337 Merge branch 'main' into configurable-mtls 2022-02-02 11:54:49 -05:00
Kristoffer Dalby 8c79165b0d Merge pull request #305 from lachy-2849/main 2022-02-02 08:09:06 +00:00
lachy-2849 7b607b3fe8 Forgot to run Prettier 2022-02-01 19:32:13 -05:00
lachy-2849 41fbe47cdf Note when running as another user in systemd
Headscale commands fail when running them as the current user instead of the user defined in the systemd file. This note provides 2 methods of how to correctly run the headscale commands.
2022-02-01 14:23:18 -05:00
Justin Angel af25aa75d9 Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls 2022-01-31 10:27:57 -05:00
Justin Angel da5250ea32 linting again 2022-01-31 10:27:43 -05:00
Kristoffer Dalby 168b1bd579 Merge branch 'main' into configurable-mtls 2022-01-31 12:28:00 +00:00
Justin Angel 9de5c7f8b8 updating default 2022-01-31 07:22:17 -05:00
Justin Angel 52db80ab0d Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls 2022-01-31 07:19:14 -05:00
Justin Angel 0c3fd16113 refining and adding tests 2022-01-31 07:18:50 -05:00
Kristoffer Dalby e05c5e0b93 Merge pull request #303 from kradalby/migrate_ipaddresses 2022-01-31 08:57:22 +00:00
Justin Angel 310e7b15c7 making alternatives constants 2022-01-30 10:46:57 -05:00
Kristoffer Dalby 9e3318ca27 Simplify postgres uuid-ossp stirng 2022-01-30 14:53:40 +00:00
Kristoffer Dalby e9adfcd678 Migrate ip_address field to ip_addresses
The automatic migration did not pick up this change and it breaks
current setups as it only adds a new field which is empty.

This means that clients who dont request a new IP will not have any IP
at all.
2022-01-30 14:18:24 +00:00
Justin Angel d44b2a7c01 adding default for tls_client_auth_mode 2022-01-30 07:26:28 -05:00
Kristoffer Dalby 5b5ecd52e1 Merge pull request #208 from enoperm/ipv6
Support for IPv6 prefixes in namespaces
2022-01-30 10:46:20 +00:00
Kristoffer Dalby eddd62eee0 Merge branch 'main' into ipv6 2022-01-30 10:09:52 +00:00
Kristoffer Dalby 38c27f6bf8 Merge pull request #300 from stensonb/patch-2
Typo
2022-01-30 10:09:35 +00:00
Kristoffer Dalby 90fb9aa4ed Merge branch 'main' into ipv6 2022-01-30 10:08:44 +00:00
Kristoffer Dalby 3af1253a65 Merge branch 'main' into patch-2 2022-01-30 10:08:28 +00:00
Kristoffer Dalby eb1ce64b7c Merge pull request #301 from kradalby/goreleaser
Set goreleaser to only care about Go 1.17
2022-01-30 10:08:04 +00:00
Kristoffer Dalby 2c9ed63021 Merge branch 'main' into goreleaser 2022-01-30 10:07:35 +00:00
Kristoffer Dalby 4c779d306b Merge pull request #302 from kradalby/build-avoidance
Set up build avoidance
2022-01-30 10:07:30 +00:00
Kristoffer Dalby 0862f60ff0 Put depth in the correct place 2022-01-30 09:54:26 +00:00
Kristoffer Dalby 991175f2aa Add depth and avoidance for build 2022-01-30 09:49:15 +00:00
Kristoffer Dalby 1815040d98 Set up build build avoidance
This commit configures the CI to run specific parts of the CI when
relevant changes has been made.

This should help us not have to deal with the integration tests when we
do doc/admin changes.
2022-01-30 09:43:48 +00:00
Kristoffer Dalby 71ab4c9b2c Fix type according to config schema 2022-01-30 08:59:25 +00:00
Kristoffer Dalby e0c22a414b Remove wrong comment 2022-01-30 08:56:28 +00:00
Kristoffer Dalby 4e63bba4fe Only compat go 1.17 in go mod tidy 2022-01-30 08:55:41 +00:00
Kristoffer Dalby 445c04baf7 Fix lint 2022-01-30 08:35:10 +00:00
Kristoffer Dalby ad4e3a89e0 Format changelog 2022-01-30 08:25:49 +00:00
Kristoffer Dalby 6f6018bad5 Merge branch 'main' into ipv6 2022-01-30 08:21:11 +00:00
Bryan Stenson ccd41b9a13 Typo 2022-01-29 22:34:51 -08:00
Juan Font d8ce440309 Merge pull request #299 from kradalby/0124prep
Tag 0.12.4 in CHANGELOG
2022-01-30 01:13:10 +01:00
Kristoffer Dalby 0609c97459 Merge branch 'main' into configurable-mtls 2022-01-29 20:15:58 +00:00
Kristoffer Dalby 2f576b2fb1 Tag 0.12.4 in CHANGELOG 2022-01-29 20:04:56 +00:00
Kristoffer Dalby 853a5288f1 Merge pull request #292 from kradalby/socket-permission
Make Unix socket permissions configurable
2022-01-29 19:55:11 +00:00
Kristoffer Dalby cd0df1e46f Merge branch 'main' into socket-permission 2022-01-29 19:30:49 +00:00
Juan Font b195c87418 Merge pull request #290 from kradalby/generate-privkey
Add generate private-key command
2022-01-29 20:24:52 +01:00
Justin Angel c98a559b4d linting/formatting 2022-01-29 14:15:33 -05:00
Justin Angel 5935b13b67 refining 2022-01-29 13:35:08 -05:00
Justin Angel 9e619fc020 Making client authentication mode configurable 2022-01-29 12:59:31 -05:00
Csaba Sarkadi 45bcf39894 fixup! fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:52:27 +01:00
Csaba Sarkadi 0a1db89d33 fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:27:36 +01:00
Kristoffer Dalby dbfb9e16e0 Merge branch 'main' into socket-permission 2022-01-29 15:26:19 +00:00
Kristoffer Dalby 8aa2606853 Merge branch 'main' into generate-privkey 2022-01-29 15:26:15 +00:00
Kristoffer Dalby a238a8b33a Merge pull request #291 from kradalby/tailscale-203
Upgrade to latest tailscale
2022-01-29 15:26:06 +00:00
Csaba Sarkadi 74f26d3685 fixup! CHANGELOG: document breaking configuration change regarding multiple prefixes 2022-01-29 16:08:02 +01:00
Csaba Sarkadi e66f8b0eeb cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:04:15 +01:00
Kristoffer Dalby e7b69dbf91 Merge branch 'main' into generate-privkey 2022-01-29 14:35:24 +00:00
Kristoffer Dalby 13f23d2e7e Merge branch 'main' into socket-permission 2022-01-29 14:34:36 +00:00
Csaba Sarkadi 7a86321252 CHANGELOG: document breaking configuration change regarding multiple prefixes 2022-01-29 15:33:54 +01:00
Kristoffer Dalby 7aace7eb6b Update CHANGELOG.md 2022-01-29 14:33:12 +00:00
Kristoffer Dalby 7a6be36f46 Merge branch 'main' into tailscale-203 2022-01-29 14:32:04 +00:00
Kristoffer Dalby bb27c80bad Update CHANGELOG.md 2022-01-29 14:31:42 +00:00
Csaba Sarkadi c0c3b7d511 Merge remote-tracking branch 'origin/main' into ipv6 2022-01-29 15:27:49 +01:00
Csaba Sarkadi 6220836050 utils: extract GetIPPrefixEndpoints from anonymous function 2022-01-29 15:26:28 +01:00
Kristoffer Dalby b122d06f12 Merge pull request #278 from enoperm/pollnetmap-update-only 2022-01-29 13:46:08 +00:00
Kristoffer Dalby 6f9ed958ca Merge branch 'main' into pollnetmap-update-only 2022-01-29 13:12:09 +00:00
Kristoffer Dalby 39ce59fcb1 Merge branch 'main' into generate-privkey 2022-01-29 13:11:26 +00:00
Kristoffer Dalby 052fccdc98 Merge pull request #289 from juanfont/whitespace 2022-01-29 13:09:16 +00:00
Csaba Sarkadi 17411b65f3 fixup! fixup! update CHANGELOG
prettier changes
2022-01-29 13:48:14 +01:00
Csaba Sarkadi bf7ee78324 config-example: add configuration for a dual-stack tailnet 2022-01-28 22:13:45 +01:00
Csaba Sarkadi fbe5054a67 fixup! update CHANGELOG 2022-01-28 22:00:13 +01:00
Csaba Sarkadi 761147ea3b update CHANGELOG 2022-01-28 21:59:08 +01:00
Csaba Sarkadi 25ccf5ef18 PollNetMapStream: do not create any rows during long-poll operation 2022-01-28 21:59:08 +01:00
Kristoffer Dalby b4f8961e44 Make Unix socket permissions configurable 2022-01-28 18:58:22 +00:00
Kristoffer Dalby 726ccc8c1f Upgrade to latest tailscale 2022-01-28 18:15:41 +00:00
Kristoffer Dalby 126e694f26 Add generate private-key command
This commit adds a command to generate a private key for headscale.

Mostly useful for systems were you drive the deployment from another
machine and use a secret management system.
2022-01-28 18:08:52 +00:00
Kristoffer Dalby ab45cd37f8 Only golint new problems 2022-01-28 17:40:39 +00:00
Kristoffer Dalby f59071ff1c Trim whitespace from privateKey before parsing 2022-01-28 17:23:01 +00:00
Kristoffer Dalby 537cd35cb2 Try to add the grpc cert correctly 2022-01-25 22:22:15 +00:00
Kristoffer Dalby 56b6528e3b Run prettier 2022-01-25 22:11:15 +00:00
Kristoffer Dalby bae7ba46de Update changelog 2022-01-25 22:11:15 +00:00
Kristoffer Dalby fa197cc183 Add docs for remote access 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 00c69ce50c Enable remote gRPC and HTTP API
This commit enables the existing gRPC and HTTP API from remote locations
as long as the user can provide a valid API key. This allows users to
control their headscale with the CLI from a workstation. 🎉
2022-01-25 22:11:15 +00:00
Kristoffer Dalby a6e22387fd Formatting of machine.go 2022-01-25 22:11:15 +00:00
Kristoffer Dalby a730f007d8 Formatting of DNS files 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 3393363a67 Add safe random hash generators 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 8218ef96ef Formatting of integration tests 2022-01-25 22:11:15 +00:00
Kristoffer Dalby e8e573de62 Add apikeys command integration test 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 05db1b7109 Formatting and improving logs for config loading 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 6e14fdf0d3 More reusable stuff in cli 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 1fd57a3375 Add apikeys command to create, list and expire 2022-01-25 22:11:15 +00:00
Kristoffer Dalby b4259fcd79 Add helper function for colouring expiries 2022-01-25 22:11:15 +00:00
Kristoffer Dalby f9137f3bb0 Create helper functions around gRPC interface 2022-01-25 22:11:15 +00:00
Kristoffer Dalby b1a9b1ada1 Generate code from proto 2022-01-25 22:11:15 +00:00
Kristoffer Dalby b8e9024845 Add proto model for api key 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 70d82ea184 Add migration for new data model 2022-01-25 22:11:05 +00:00
Kristoffer Dalby 9dc20580c7 Add api key data model and helpers
This commits introduces a new data model for holding api keys for the
API. The keys are stored in the database with a prefix and a hash and
bcrypt with 10 passes is used to store the hash and it is "one way
safe".

Api keys have an expiry logic similar to pre auth keys.

A key cannot be retrieved after it has created, only verified.
2022-01-25 22:11:05 +00:00
Kristoffer Dalby 4d60aeae18 Merge pull request #282 from ryanfowler/main 2022-01-23 21:23:50 +00:00
Ryan Fowler 67d1dd984f Fix missing return in PollNetMapHandler 2022-01-21 21:48:58 -08:00
Juan Font b02f8dd45d Merge pull request #274 from majst01/reduce-binary-size
Strip binary, update to go-1.17.6
2022-01-20 11:38:52 +01:00
Kristoffer Dalby 3837f1714a Merge branch 'main' into reduce-binary-size 2022-01-17 08:47:19 +00:00
Kristoffer Dalby ed5498ef86 Merge pull request #276 from jimt/patch-1 2022-01-17 08:46:42 +00:00
Csaba Sarkadi e2f8c69e2e integration-test: use tailscale ip to test dual-stack MagicDNS 2022-01-16 14:18:22 +01:00
Csaba Sarkadi beb3e9abc2 integration-test: taildrop test refactor 2022-01-16 14:18:22 +01:00
Csaba Sarkadi 78039f4cea integration-test: use TUN devices, enable IPv6 addresses on local interfaces in containers 2022-01-16 14:18:22 +01:00
Csaba Sarkadi ed39b91f71 Dockerfiles: specify origin registry explicitly 2022-01-16 14:18:22 +01:00
Csaba Sarkadi 8f632e9062 machine: isOutdated: handle machines without LastSuccefulUpdate set 2022-01-16 14:18:22 +01:00
Csaba Sarkadi a32175f791 PollNetMapHandler: refactor with chan lifetimes in mind
* Resolves an issue where sometimes attempted sends on a closed channel
  happened by ensuring the channels remain open for the entire goroutine.
* May be of help with regards to issue #203
2022-01-16 14:18:22 +01:00
Csaba Sarkadi d35fb8bba0 integration-test: add IPv6 prefix to configuration 2022-01-16 14:18:22 +01:00
Csaba Sarkadi 115d0cbe85 dns: IPv6 roots generation 2022-01-16 14:18:22 +01:00
Csaba Sarkadi 1a6e5d8770 Add support for multiple IP prefixes 2022-01-16 14:18:22 +01:00
Csaba Sarkadi 3a3aecb774 Regenerate files based on ProtoBuf schema. 2022-01-16 14:17:51 +01:00
Csaba Sarkadi 8b40343277 Add multiple IP prefixes support to ProtoBuf schema 2022-01-16 14:17:27 +01:00
Csaba Sarkadi 7ec8346179 Do not assume IPv4 during Tailscale node construction 2022-01-15 16:06:34 +01:00
Csaba Sarkadi 46cdce00af Do not assume IPv4 during address generation 2022-01-15 16:06:34 +01:00
Jim Tittsler 86f3f26a18 Fix typos 2022-01-15 16:44:36 +09:00
Stefan Majer febbb6006f use most recent go 1.17 for tests 2022-01-14 12:59:53 +01:00
Stefan Majer 1d68509463 Strip binary, update to go-1.17.6 2022-01-14 09:19:16 +01:00
Kristoffer Dalby b6d0c4f2aa Merge pull request #273 from juanfont/tailscale-1-20
Add new tailscale version to integration test
2022-01-13 22:21:27 +00:00
Kristoffer Dalby 2c057c2d89 Update integration_test.go 2022-01-13 19:16:12 +00:00
Juan Font cf7effda1b Merge pull request #272 from juanfont/cl-0.12.3
Prepare CHANGELOG for 0.12.3
2022-01-13 17:02:37 +01:00
Juan Font Alonso 19effe7034 Updated changelog for 0.12.3 2022-01-13 12:42:56 +01:00
Juan Font 41053482b3 Merge pull request #271 from juanfont/minor-security-fixes
Minor security updates in go.mod
2022-01-12 22:13:28 +01:00
Juan Font e463283a58 Merge branch 'main' into minor-security-fixes 2022-01-12 17:10:15 +01:00
Juan Font 99814b468b Merge pull request #270 from artemklevtsov/docker-alpine
Add docker alpine image
2022-01-12 17:10:05 +01:00
Juan Font Alonso 163ecb2a6b go.sum updated 2022-01-12 15:22:16 +01:00
Juan Font Alonso 4660b265d9 Minor security updates in go.mod 2022-01-12 15:17:55 +01:00
Artem Klevtsov 1b6bad0b63 Add docker alpine image 2022-01-12 19:29:59 +07:00
Juan Font 26623d794b Merge pull request #268 from juanfont/prepare-0.12.2
Prepare CHANGELOG for 0.12.2
2022-01-11 16:49:51 +01:00
Juan Font Alonso e9cc60e49c Updated changelog for 0.12.2 2022-01-11 15:45:13 +01:00
Juan Font be2a28dd61 Merge pull request #267 from piec/patch-1
Fix example config link
2022-01-11 15:39:55 +01:00
Pierre Carru cec236ce24 Fix example config link
Everything is in the title :p
2022-01-10 14:44:11 +01:00
Kristoffer Dalby 45d331da99 Merge pull request #263 from JJGadgets/patch-1 2022-01-06 10:40:04 +00:00
JJGadgets 897fa558b0 prettier: Docker docs 2022-01-06 17:25:07 +08:00
JJGadgets d971cf1295 Improve Docker docs
- Fix URLs referring to files in this repository
- Better explain that we are creating the headscale directory and running the commands on the host Docker node
- Place instructions to download example config file to use as config file, as recommended steps.
2022-01-06 14:10:28 +08:00
Kristoffer Dalby 42bed58329 Merge pull request #262 from kradalby/improve-docs
Rewrite main documentation
2022-01-04 16:26:27 +00:00
Kristoffer Dalby d9f52efe70 Fix typo 2022-01-02 23:17:48 +00:00
Kristoffer Dalby 25b5eb8d7f Update tests to aline with new config example 2022-01-02 23:17:42 +00:00
Kristoffer Dalby 81c60939c9 Add vertical line for breathing 2022-01-02 19:55:38 +00:00
Kristoffer Dalby 4edc96d14d Make strongly strong 2022-01-02 19:54:37 +00:00
Kristoffer Dalby 6b7c74133d Use markdown numbering so github gets it 2022-01-02 19:53:49 +00:00
Kristoffer Dalby 8da029bd14 Add missing links 2022-01-02 19:48:57 +00:00
Kristoffer Dalby 1d01103b67 Link to example config from docs 2022-01-02 19:43:06 +00:00
Kristoffer Dalby 5df100539c Remove outdated configuration page in favour of config-example 2022-01-02 19:42:35 +00:00
Kristoffer Dalby 11c86acbe3 update case in readme 2022-01-02 19:39:51 +00:00
Kristoffer Dalby 86f36f9a43 Lowercase markdown docs 2022-01-02 19:39:03 +00:00
Kristoffer Dalby 271cb71754 Add more explaination and less redunancy with docs 2022-01-02 19:38:04 +00:00
Kristoffer Dalby 80d196cbfd Remove DNS file, it will be merged into example configuration 2022-01-02 19:37:48 +00:00
Kristoffer Dalby 3ce3ccb559 Reorder tls docs 2022-01-02 19:36:50 +00:00
Kristoffer Dalby a11c6fd8b9 Fix formatting error in container doc 2022-01-02 20:08:18 +01:00
Kristoffer Dalby a75c5a4cff Add eradme to examples 2022-01-02 20:08:04 +01:00
Kristoffer Dalby 8d504c35bf Move kubernetes to kustomize, since thats what it is 2022-01-02 20:06:32 +01:00
Kristoffer Dalby 8a07a63b1c Write disclaimer in kubernetes example 2022-01-02 20:06:21 +01:00
Kristoffer Dalby 74fd5de43d Move kubernetes example under docs 2022-01-02 20:04:35 +01:00
Kristoffer Dalby f9e6722635 Rewrite main documentation
This commit starts restructuring the documentation and updating it to be
compliant with 0.12.x+ releases.

The main change is that the documentation has been rewritten for the
ground up, and hopefully simplified.

The documentation has been split into an official documentation for
running headscale as a binary under Linux with SystemD and a "community"
provided documentation for Docker.

This should make the two documents a lot easier to read and follow than
the mishmash document we had.
2022-01-02 19:11:36 +01:00
Juan Font 0bd4250a53 Merge pull request #261 from juanfont/kradalby-patch-2
Add note about outdated docs until we fix them
2021-12-29 10:53:15 +01:00
Kristoffer Dalby 4b44aa2180 Add note about outdated docs until we fix them 2021-12-28 10:16:20 +01:00
Kristoffer Dalby f78984f2ef Merge pull request #258 from ohdearaugustin/fix-docker-release
Fix docker release
2021-12-27 22:09:16 +01:00
ohdearaugustin 3de311b7f4 Fix docker release 2021-12-27 21:24:57 +01:00
Juan Font 5192841016 Merge pull request #256 from juanfont/prepare-0.12.1-cl
Prepare CHANGELOG for 0.12.1
2021-12-24 23:40:33 +01:00
Juan Font 07384fd2bb Leave the TDB 2021-12-24 16:46:04 +01:00
Juan Font a795e7c0c9 Minor correction on the purpose of Headscale 2021-12-24 16:40:18 +01:00
Juan Font ebfbd4a37d Update changelog for 0.12.1 2021-12-24 16:39:22 +01:00
Juan Font fb933b7d41 Merge pull request #255 from Wakeful-Cloud/main
Template Fixes
2021-12-24 16:12:33 +01:00
wakeful-cloud 1c7cb98042 Template Fixes 2021-12-22 19:43:53 -07:00
Kristoffer Dalby fb634cdfc2 Merge pull request #242 from kradalby/changelog 2021-12-07 14:16:34 +00:00
Kristoffer Dalby f60f62792a Merge branch 'main' into changelog 2021-12-07 13:21:17 +00:00
Kristoffer Dalby 418fde2731 Merge pull request #243 from dragetd/feature/github_templates 2021-12-07 13:20:54 +00:00
Kristoffer Dalby 53108207be Merge branch 'main' into feature/github_templates 2021-12-07 11:07:10 +00:00
Kristoffer Dalby 3fb3db6f20 Merge pull request #248 from negbie/main 2021-12-07 11:07:03 +00:00
Eugen Biegler 5a504fa711 Better error description
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-12-07 11:44:09 +01:00
Eugen Biegler b4cce22415 Better error description
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-12-07 11:44:00 +01:00
Kristoffer Dalby 54c2306637 Merge branch 'main' into main 2021-12-07 10:39:08 +00:00
Juan Font bc8f5f484d Merge branch 'main' into feature/github_templates 2021-12-07 11:21:50 +01:00
Juan Font d00780b574 Merge pull request #250 from juanfont/use-1.17-for-release
Use go1.17 in goreleaser as required my go mod
2021-12-07 11:21:37 +01:00
Eugen 686384ebb7 Merge branch 'main' of https://github.com/negbie/headscale into main 2021-12-07 08:49:08 +01:00
Eugen 3a85c4d367 Better error description 2021-12-07 08:46:55 +01:00
Juan Font 1b007d2208 Use go1.17 in goreleaser as required my go mod 2021-12-06 23:19:08 +01:00
Kristoffer Dalby 5a7f669505 Update .github/ISSUE_TEMPLATE/config.yml 2021-12-05 09:37:11 +00:00
Michael Ko. Gajda 0c13d9da15 Fix format with prettier 2021-12-04 18:51:09 +01:00
Kristoffer Dalby 58ec26ee89 Merge branch 'main' into changelog 2021-12-04 12:16:01 +00:00
Kristoffer Dalby 969bcf17c4 Merge branch 'main' into feature/github_templates 2021-12-04 10:55:43 +00:00
Kristoffer Dalby 04d81a0e5c Merge branch 'main' into main 2021-12-02 08:31:48 +00:00
Eugen a6e99525ac Add log_level to config, more ACL debug log 2021-12-01 20:02:00 +01:00
Eugen 7e95b3501d Ignoe derp.yaml, don't panic in Serve() 2021-12-01 19:32:47 +01:00
Kristoffer Dalby ab52acba4b Merge pull request #247 from negbie/main 2021-12-01 16:18:46 +00:00
Eugen 07a437c707 Add private_key_path to example config 2021-12-01 14:34:08 +01:00
Kristoffer Dalby d56fb1aaa1 Merge pull request #245 from Bpazy/patch-1 2021-12-01 11:53:25 +00:00
ZiYuan c046ffbceb fix typo
Remove redundant quotation: `ephemeral_node_inactivity_timeout": "30m"` => `ephemeral_node_inactivity_timeout: "30m"`
2021-12-01 14:50:08 +08:00
Kristoffer Dalby 3435d95c80 Clarify and formatting 2021-11-30 09:17:21 +00:00
Kristoffer Dalby acaab7a3de Add Open ID connect to changelog 2021-11-30 09:16:09 +00:00
Juan Font 74ba452025 Merge branch 'main' into feature/github_templates 2021-11-29 21:28:43 +01:00
Juan Font 500be2de58 Merge branch 'main' into changelog 2021-11-29 21:25:31 +01:00
Juan Font 5bc0398aaf Merge pull request #241 from juanfont/add-goreleaser-prerelease
Enable marking releases as prerelease
2021-11-29 21:24:01 +01:00
Michael Ko. Gajda 78eba97bf9 Add GitHub templates 2021-11-29 20:53:04 +01:00
Kristoffer Dalby 6350d528a7 Change changelog format 2021-11-29 19:45:31 +00:00
Kristoffer Dalby 42eb6b9e01 format 2021-11-29 17:34:41 +00:00
Kristoffer Dalby 2e2fb68715 Remove unreleased 2021-11-29 17:32:05 +00:00
Kristoffer Dalby 6fc6355d66 Add initial CHANGELOG 2021-11-29 17:31:19 +00:00
Michael Ko. Gajda 48fc93bbdc Add simple overview README for docs 2021-11-29 14:36:47 +01:00
Juan Font 3e941ef959 Enable marking releases as prerelease 2021-11-28 22:00:22 +00:00
Kristoffer Dalby 1dc008133c Merge pull request #229 from juanfont/kradalby-patch-2 2021-11-28 21:46:37 +00:00
Kristoffer Dalby 2d2ae62176 Merge branch 'kradalby-patch-2' of github.com:juanfont/headscale into kradalby-patch-2 2021-11-28 11:00:43 +00:00
Kristoffer Dalby 8e9a94613c Remove outdate integration test private key 2021-11-28 11:00:22 +00:00
Kristoffer Dalby 8932133ae7 Merge branch 'main' into kradalby-patch-2 2021-11-28 09:28:32 +00:00
Kristoffer Dalby 5b8587037d Remove non-existing field from oidc test 2021-11-28 09:25:27 +00:00
Kristoffer Dalby e167be6d64 Remove generate private key step from docs 2021-11-28 09:18:24 +00:00
Kristoffer Dalby 34f4109fbd Add back privatekey, but automatically generate it if it does not exist 2021-11-28 09:17:18 +00:00
Kristoffer Dalby fa813bc0d7 Merge pull request #239 from cure/debug-make-sure-machine-key-is-correct-length
The `create-node` subcommand under `debug` needs a 64 character key.
2021-11-28 08:38:54 +00:00
Kristoffer Dalby 32006f3a20 Use go 1.17 2021-11-28 08:26:36 +00:00
Kristoffer Dalby ff8c961dbb Make sure comparison of nodekey is on the same format 2021-11-28 08:23:45 +00:00
Kristoffer Dalby e9d5214d1c Disable tests which is broken due to split version 2021-11-27 21:04:19 +00:00
Kristoffer Dalby 6295b0bd84 Go mod tidy 2021-11-27 20:34:46 +00:00
Kristoffer Dalby 550f4016dc Merge branch 'kradalby-patch-2' of github.com:juanfont/headscale into kradalby-patch-2 2021-11-27 20:32:08 +00:00
Kristoffer Dalby 2ae882d801 Update go version 2021-11-27 20:31:33 +00:00
Kristoffer Dalby ef81845deb Merge branch 'main' into kradalby-patch-2 2021-11-27 20:30:27 +00:00
Kristoffer Dalby d96b681c83 Fix node cli integration test 2021-11-27 20:25:37 +00:00
Kristoffer Dalby 59aeaa8476 Ensure we always have the key prefix when needed 2021-11-27 20:25:12 +00:00
Ward Vandewege cb2ea300ad Fix linter errors. 2021-11-27 13:59:39 -05:00
Kristoffer Dalby c38f00fab8 Unmarshal keys in the non-deprecated way 2021-11-26 23:50:42 +00:00
Kristoffer Dalby 0012c76170 Make it easier to run cli integration tests 2021-11-26 23:34:11 +00:00
Kristoffer Dalby cfd53bc4aa Factor wgkey to types/key
This commit converts all the uses of wgkey to the new key interfaces.

It now has specific  machine, node and discovery keys and we now should
use them correctly.

Please note the new logic which strips a key prefix (in utils.go) that
is now standard inside tailscale.

In theory we could put it in the database, but to preserve backwards
compatibility and not spend a lot of resources on accounting for both,
we just strip them.
2021-11-26 23:30:42 +00:00
Kristoffer Dalby 07418140a2 Remove config loading of private key path 2021-11-26 23:29:41 +00:00
Kristoffer Dalby c63c259d31 Switch wgkey for types/key
We dont seem to need the wireguard key anymore, we generate a key on
startup based on the new library and the users fetch it from /key.

Clean up app.go and update docs
2021-11-26 23:28:06 +00:00
Kristoffer Dalby 50b47adaa3 Upgrade tailscale to 1.18 2021-11-26 23:27:09 +00:00
Ward Vandewege b6ae60cc44 The create-node subcommand under debug needs a 64 character key. 2021-11-26 14:49:51 -05:00
Ward Vandewege d944aa6e79 Merge pull request #237 from cure/preauthkeys-fix-default-expiration
Fix default preauthkey expiration
2021-11-26 11:09:43 -05:00
Kristoffer Dalby 06f05d6cc2 Merge branch 'main' into preauthkeys-fix-default-expiration 2021-11-26 15:46:00 +00:00
Kristoffer Dalby 0819c6515a Merge pull request #238 from juanfont/kradalby-patch-3 2021-11-26 15:45:38 +00:00
Ward Vandewege c7f3e0632b When creating a preauthkey, the default expiration was passed through as
a nil value, instead of the default value (1h). This resulted in the
preauthkey being created with expiration key '0001-01-01 00:00:00',
which meant the key would not work, because it was already expired.

This commit applies the default expiration time (1h) when a preauthkey
is created without a specific expiration. It also updates an integration
test to make sure this bug does not reoccur.
2021-11-26 10:04:26 -05:00
Kristoffer Dalby 58fd6c4ba5 Revert postgres constant value
changes "postgresql" to "postgres"
2021-11-26 07:13:00 +00:00
Kristoffer Dalby aab4a6043a Merge branch 'main' into kradalby-patch-2 2021-11-25 08:38:59 +00:00
Kristoffer Dalby a52a4d45c0 Merge pull request #236 from restanrm/fix-derp-example-config
fix(derp-example): change regionid in node
2021-11-25 08:37:45 +00:00
Juan Font 45bc3f7a09 Merge branch 'main' into fix-derp-example-config 2021-11-24 18:57:31 +01:00
Kristoffer Dalby 5620858549 Merge pull request #227 from kradalby/expired-issue 2021-11-24 17:49:33 +00:00
Adrien Raffin-Caboisse f2e273b8a2 fix(derp-example): change regionid in nodes
Using a wrong regionid value lead to non working DERP custom server. No checks are performed for this kind of errors making it difficult to find.
2021-11-24 15:54:22 +01:00
Kristoffer Dalby cec1e86b58 Add missing request arguemnt 2021-11-24 12:16:56 +00:00
Kristoffer Dalby dcbf289470 Rename idKey to machineKey to keep consistency 2021-11-24 12:15:55 +00:00
Kristoffer Dalby fdd64d98c8 Add missing iff to handle expired preauthkey machines 2021-11-24 12:15:32 +00:00
Kristoffer Dalby 9968992be0 Fix prettier 2021-11-24 10:47:20 +00:00
Kristoffer Dalby f50f9ac894 Merge branch 'expired-issue' of github.com:kradalby/headscale into expired-issue 2021-11-24 10:13:49 +00:00
Kristoffer Dalby 2eca344f0e Fix gocritic 2021-11-24 10:13:41 +00:00
Kristoffer Dalby 349264830b Use .1 2021-11-23 11:27:44 +00:00
Kristoffer Dalby 0b5c29022b Merge branch 'main' into expired-issue 2021-11-22 20:13:33 +00:00
Kristoffer Dalby 1f1c45a2c0 Fix cli_test 2021-11-22 19:59:44 +00:00
Kristoffer Dalby 68dc2a70db Update neighbours if node is expired or refreshed
In addition, only pass the map of registered and not expired nodes to
clients.
2021-11-22 19:51:16 +00:00
Kristoffer Dalby caf1b1cabc Fix typo 2021-11-22 19:35:24 +00:00
Kristoffer Dalby 021c464148 Add cache for requested expiry times
This commit adds a sentral cache to keep track of clients whom has
requested an expiry time, but were we need to keep hold of it until the
second request comes in.
2021-11-22 19:32:52 +00:00
Kristoffer Dalby e600ead3e9 Make sure nodes can reauthenticate
This commit fixes an issue where nodes were not able to reauthenticate.
2021-11-22 19:32:11 +00:00
Kristoffer Dalby 200c10e48c Add missing return in oidc.go 2021-11-22 17:22:47 +00:00
Kristoffer Dalby e8faff4fe2 Use uint64 straight instead of converting 2021-11-22 17:22:22 +00:00
Kristoffer Dalby 5cbd4513a4 Simplify register function if 2021-11-22 17:21:56 +00:00
Kristoffer Dalby a477c808c7 Merge pull request #230 from lion24/patch-1 2021-11-22 09:47:37 +00:00
Kristoffer Dalby 74044f62f4 Remove anouther potential error leak 2021-11-21 21:54:19 +00:00
Kristoffer Dalby fcd4d94927 Clean up logging and error handling in oidc
We should never expose errors via web, it gives attackers a lot of info
(Insert OWASP guide).

Also handle error that didnt separate not found gorm issue and other
errors.
2021-11-21 21:51:39 +00:00
Kristoffer Dalby fac33e46e1 Add long description for expire 2021-11-21 21:35:36 +00:00
Kristoffer Dalby b152e53b13 Use correct type for nodes command 2021-11-21 21:34:03 +00:00
Kristoffer Dalby 1687e3b03f Removed unused parameter 2021-11-21 21:29:27 +00:00
Kristoffer Dalby c2393685f1 Remove expiry update in expiry, we dont want to extend it just because they _try_ to connect 2021-11-21 21:14:40 +00:00
Kristoffer Dalby fd5f42c2e6 Move handle expired machine to the end of registration 2021-11-21 21:14:13 +00:00
Kristoffer Dalby bda2d9c3b0 Remove unused param 2021-11-21 14:00:48 +00:00
Kristoffer Dalby c4ecc4db91 Simplify control flow in RegistrationHandler
This commits tries to dismantle the complicated "if and or" in the
RegistrationHandler by factoring out the "is Registrated" into a root
if.

This, together with some new comments, should hopefully make it a bit
easier to follow what is happening in all the different cases that needs
to be handled when a Node contacts the registration endpoint.
2021-11-21 13:59:24 +00:00
Kristoffer Dalby 8ccc51ae57 Remove special case for authkey
We no longer have weird expire behaviour, so we dont need this case
2021-11-21 13:45:19 +00:00
Kristoffer Dalby a2b9f3bede Add expire (logout) machine command 2021-11-21 13:40:44 +00:00
Kristoffer Dalby bd1d1b1a3b Implement ExpireMachine rpc 2021-11-21 13:40:19 +00:00
Kristoffer Dalby f1c05f8010 Add ExpireMachine spec to rpc 2021-11-21 13:40:04 +00:00
Kristoffer Dalby f85a77edb5 Remove println statement 2021-11-21 09:48:59 +00:00
Kristoffer Dalby 1c7aff5dd9 Add expired column to machine list command 2021-11-21 09:44:38 +00:00
lion24 e91f72fe4c Running.md: fix missing backslash (\)
* This would cause otherwise the command to abort after the first statement of the docker command ;)
2021-11-20 23:31:49 +01:00
Kristoffer Dalby 5a2cae5081 Add new Tailscale version to integration tests 2021-11-19 09:16:11 +00:00
Kristoffer Dalby 6a9dd2029e Remove expiry logic, this needs to be redone 2021-11-19 09:02:49 +00:00
Kristoffer Dalby 9aac1fb255 Remove expiry logic, this needs to be redone 2021-11-19 09:02:29 +00:00
Kristoffer Dalby 106b1e7e8d Create constants for other reg methods 2021-11-18 17:51:54 +00:00
Kristoffer Dalby 836986aa59 Merge pull request #225 from fdelucchijr/patch-1 2021-11-18 10:13:07 +00:00
Kristoffer Dalby 58d1255357 Remove unneeded returns 2021-11-18 08:51:33 +00:00
Kristoffer Dalby 981f712660 Remove unused param 2021-11-18 08:51:21 +00:00
Kristoffer Dalby 50dcb8bb75 Use valid handler for registered authkey machines 2021-11-18 08:50:53 +00:00
Kristoffer Dalby a8a8f01429 Make "authKey" a constant 2021-11-18 08:49:55 +00:00
Kristoffer Dalby 35c3fe9608 Move registration workflow into functions 2021-11-17 22:39:41 +00:00
Fernando De Lucchi f74b9f5fe2 Styling and prettier 2021-11-17 16:25:37 -05:00
Fernando De Lucchi de42fe3b04 Merge branch 'main' into patch-1 2021-11-16 19:10:42 -05:00
Kristoffer Dalby 49f835d8cf Merge pull request #214 from ItalyPaleAle/docker-distroless 2021-11-16 07:34:08 +00:00
ItalyPaleAle 7bc2f41b33 Run prettier 💄 2021-11-15 15:37:40 -08:00
Alessandro (Ale) Segala a10388b709 Merge branch 'main' into docker-distroless 2021-11-15 15:19:06 -08:00
Kristoffer Dalby bd7b5e97cb Merge branch 'main' into patch-1 2021-11-15 23:00:45 +00:00
Kristoffer Dalby 4b525a3967 Merge pull request #223 from kradalby/golanglint 2021-11-15 22:36:02 +00:00
Kristoffer Dalby d6739386a0 Get rid of dynamic errors 2021-11-15 19:18:14 +00:00
Kristoffer Dalby 25b790d025 Add and fix forcetypeassert 2021-11-15 18:42:44 +00:00
Kristoffer Dalby db8be91d8b Add and fix forbidigo 2021-11-15 18:36:02 +00:00
Kristoffer Dalby c4d4c9c4e4 Add and fix gosec 2021-11-15 18:31:52 +00:00
Kristoffer Dalby 715542ac1c Add and fix stylecheck (golint replacement) 2021-11-15 17:24:24 +00:00
Kristoffer Dalby 0c005a6b01 Add and fix errname 2021-11-15 16:33:16 +00:00
Kristoffer Dalby 0c45f8d252 Add and fix errorlint 2021-11-15 16:26:41 +00:00
Kristoffer Dalby 2dde1242cf Fix formatting 2021-11-15 16:16:35 +00:00
Kristoffer Dalby 78cfba0a31 Add exceptions to var name length 2021-11-15 16:16:16 +00:00
Kristoffer Dalby 8ae682b412 Fix var name length in tests 2021-11-15 16:16:04 +00:00
Kristoffer Dalby 333be80f9c Fix rest of var name in main code 2021-11-15 16:15:50 +00:00
Alessandro (Ale) Segala 2efefca737 Merge pull request #1 from ohdearaugustin/docker-workflows
Docker workflows
2021-11-14 13:33:13 -08:00
ohdearaugustin c6bc9fffe9 workflows/release: fix docker debug tags 2021-11-14 22:24:27 +01:00
ohdearaugustin 8454c1b52c workflows/release: add docker debug 2021-11-14 21:15:33 +01:00
Kristoffer Dalby 471c0b4993 Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00
Kristoffer Dalby 53ed749f45 Start work on making gocritic pass 2021-11-14 18:44:37 +01:00
Kristoffer Dalby ba084b9987 Lint fix integration tests 2021-11-14 18:35:49 +01:00
Kristoffer Dalby 85f28a3f4a Remove all instances of undefined numbers (gonmd) 2021-11-14 18:31:51 +01:00
Kristoffer Dalby 796072a5a4 Add and fix ifshort 2021-11-14 18:09:22 +01:00
Kristoffer Dalby 9390348a65 Add and fix goconst 2021-11-14 18:06:25 +01:00
Kristoffer Dalby c9c16c7fb8 Remove unused params or returns 2021-11-14 18:03:21 +01:00
Kristoffer Dalby 19cd7a4eac Add and fix exhaustive 2021-11-14 17:52:55 +01:00
Kristoffer Dalby 0315f55fcd Add and fix nilnil 2021-11-14 17:51:34 +01:00
Kristoffer Dalby 668e958d3e Add and fix unconvert 2021-11-14 17:49:54 +01:00
Kristoffer Dalby 4ace54c4e1 Move wsl, might not be feasible 2021-11-14 16:49:54 +01:00
Kristoffer Dalby 89eb13c6cb Add and fix nlreturn (new line return) 2021-11-14 16:46:09 +01:00
Kristoffer Dalby d0ef850035 Add and fix noctx linter 2021-11-14 16:37:43 +01:00
Kristoffer Dalby 2f8e9f272c Merge branch 'main' into docker-distroless 2021-11-14 14:35:44 +01:00
Fernando De Lucchi 1af4a3b958 Merge branch 'main' into patch-1 2021-11-14 04:16:00 -05:00
Kristoffer Dalby 1969802c6b Fix golanglint 2021-11-14 08:32:58 +00:00
Kristoffer Dalby 052883aa55 Fix merge conflict 2021-11-14 08:30:48 +00:00
Kristoffer Dalby d2918edc14 Merge pull request #224 from cure/namespace-deletion-fixes
Improvements for namespace deletion
2021-11-14 09:27:58 +01:00
Kristoffer Dalby f3da299457 Format readme 2021-11-14 08:09:33 +00:00
Kristoffer Dalby e8726b1e22 Add readme note about codestyle 2021-11-14 08:08:03 +00:00
Fernando De Lucchi b897a26f42 arm64 docker image build in release process 2021-11-13 21:08:59 -05:00
Alessandro (Ale) Segala 5ec7158b5d Merge branch 'main' into docker-distroless 2021-11-13 14:16:53 -08:00
Alessandro (Ale) Segala 7d77acd88e Docs for debug container 2021-11-13 22:16:37 +00:00
Alessandro (Ale) Segala c0f16603c5 Copy headscale binary in /bin in the container
This way, we don't need to alter the PATH
2021-11-13 22:10:58 +00:00
Ward Vandewege 34dba0ade8 Fix missing error check. 2021-11-13 15:24:32 -05:00
Ward Vandewege acf7e462ad Improvements for namespace deletion: add a confirmation prompt, and make
sure to also delete any associated preauthkeys.
2021-11-13 14:01:05 -05:00
Kristoffer Dalby f94b0b54d8 Remove lint install, update go 2021-11-13 09:39:20 +00:00
Kristoffer Dalby 806f0d3e6c Format lint 2021-11-13 09:20:59 +00:00
Kristoffer Dalby b653572272 Make format shuld format, not lint 2021-11-13 09:20:51 +00:00
Kristoffer Dalby fa0922d5bb define proto dir for buf 2021-11-13 09:18:00 +00:00
Kristoffer Dalby 95b9f03fb3 update buf setup 2021-11-13 09:13:17 +00:00
Kristoffer Dalby 24e0c944b1 Align with update golangci-lint 2021-11-13 09:11:03 +00:00
Kristoffer Dalby 148437f716 Setup more linters and goals for golangci 2021-11-13 08:53:34 +00:00
Kristoffer Dalby 3ddd9962ce Add format make entry 2021-11-13 08:39:20 +00:00
Kristoffer Dalby 2634215f12 golangci-lint --fix 2021-11-13 08:39:04 +00:00
Kristoffer Dalby dae34ca8c5 Proto format 2021-11-13 08:36:56 +00:00
Kristoffer Dalby 03b7ec62ca Go format with shorter lines 2021-11-13 08:36:45 +00:00
Kristoffer Dalby edfcdc466c Update lint ci file with prettier and proto 2021-11-13 08:13:38 +00:00
Kristoffer Dalby 6b3114ad6f Run prettier 2021-11-13 08:11:55 +00:00
Kristoffer Dalby ba65092926 Merge pull request #212 from kradalby/cli-grpc
Rework the CLI to use gRPC
2021-11-12 14:39:39 +00:00
Alessandro (Ale) Segala f44138c944 Added debug container 2021-11-12 02:20:46 +00:00
Alessandro (Ale) Segala c290ce4b91 Revert "Fixed integration tests"
This reverts commit 67953bfe2f.
2021-11-09 16:24:10 +00:00
Alessandro (Ale) Segala 3b34c7b89a Removed / from docker commands in docs
Essentially reverts 6076656373
2021-11-09 16:23:36 +00:00
Alessandro (Ale) Segala 83e72ec57d Allow running headscale without leading / 2021-11-09 16:20:58 +00:00
Kristoffer Dalby 49893305b4 Only turn on response log in grpc in trace mode 2021-11-08 22:06:25 +00:00
Kristoffer Dalby 0803c407a9 Fix Reusable typo, add tests for Augustines scenario 2021-11-08 20:49:03 +00:00
Kristoffer Dalby 6371135459 Try to address issue raised by cure 2021-11-08 20:48:20 +00:00
Kristoffer Dalby 43af11c46a Fix typo in generated code 2021-11-08 20:47:40 +00:00
Kristoffer Dalby b210858dc5 Remove unused dep 2021-11-08 18:28:06 +00:00
Kristoffer Dalby e1f45f9d07 Remove unused dep 2021-11-08 18:27:57 +00:00
Kristoffer Dalby dce6b8d72e Add test case and fix nil pointer in preauthkeys command without expiration 2021-11-08 08:02:01 +00:00
Alessandro (Ale) Segala 67953bfe2f Fixed integration tests 2021-11-07 19:09:51 +00:00
Alessandro (Ale) Segala 6076656373 Updated docs 2021-11-07 18:57:37 +00:00
Kristoffer Dalby 9a26fa7989 Ensure logging is off for integration test commands 2021-11-07 10:40:05 +00:00
Kristoffer Dalby d47b83f80b Unwrap grpc errors to make nicer user facing errors 2021-11-07 10:15:32 +00:00
Kristoffer Dalby b11acad1c9 Fix typo 2021-11-07 09:57:39 +00:00
Kristoffer Dalby b15efb5201 Ensure unix socket is removed before we startup 2021-11-07 09:55:32 +00:00
Kristoffer Dalby 2dfd42f80c Attempt to dry up CLI client, add proepr config
This commit is trying to DRY up the initiation of the gRPC client in
each command:

It renames the function to CLI instead of GRPC as it actually set up a
CLI client, not a generic grpc client

It also moves the configuration of address, timeout (which is now
consistent) and api to use Viper, allowing users to set it via env vars
and configuration file
2021-11-07 09:41:14 +00:00
Kristoffer Dalby ce3f79a3bf Add yaml to output help 2021-11-07 08:58:45 +00:00
Kristoffer Dalby a249d3fe39 Fix color for current namespace in nodes command 2021-11-07 08:58:03 +00:00
Alessandro (Ale) Segala a6d487de00 Using debian11-based distroless image 2021-11-06 23:19:56 +00:00
Alessandro (Ale) Segala 3720da6386 Using distroless base image for Docker 2021-11-06 23:18:13 +00:00
Kristoffer Dalby 26718e8308 Revert gorm upgrade 2021-11-06 20:23:04 +00:00
Kristoffer Dalby f5a196088a Merge branch 'main' into cli-grpc 2021-11-06 20:12:19 +00:00
Kristoffer Dalby 74f0d08f50 Merge pull request #199 from rcursaru/patch-1
update Running.md
2021-11-06 20:05:27 +00:00
Kristoffer Dalby 046681f4ef Merge branch 'main' into patch-1 2021-11-06 19:46:06 +00:00
Kristoffer Dalby 29531a5e90 Merge branch 'main' into cli-grpc 2021-11-06 19:29:00 +00:00
Ward Vandewege 137a9d6333 Merge pull request #213 from aberoham/patch-1
Typo in golang URL
2021-11-06 14:23:17 -04:00
Abraham Ingersoll 8115f50d03 Typo in golang URL 2021-11-06 07:43:41 +00:00
Kristoffer Dalby b75e8ae2bd Merge branch 'main' into patch-1 2021-11-05 18:27:55 +00:00
Kristoffer Dalby 3ad2350c79 Fix new version of hujson 2021-11-05 07:24:00 +00:00
Kristoffer Dalby 204f99dd51 Add CLI integration tests
This PR adds a new part to the integration test suite which spins up a
new headscale and runs through a scenario of test cases for each
command.

The intent is to check that all commands work as intended and produce
the expected output.

I think they have been pretty well covered, but would appreciate
additional test cases if I have missed some.

Please note: headscale is set up, and teared down for _each_ "test
function" in this file, this means that its more suitable for specific
cases.
2021-11-04 22:45:15 +00:00
Kristoffer Dalby 8df41b069f Formatting 2021-11-04 22:45:08 +00:00
Kristoffer Dalby be4256b1d0 Convert routes command to use gRPC 2021-11-04 22:44:59 +00:00
Kristoffer Dalby 77a973878c Convert preauthkeys command to use gRPC 2021-11-04 22:44:49 +00:00
Kristoffer Dalby 7b0d2dfb4a Convert nodes command to use gRPC 2021-11-04 22:44:35 +00:00
Kristoffer Dalby 79871d2463 Make namespace command use gRPC
This commit is a first in a series of commits migrating the command
interfaces to use the new gRPC client.

As a part of this commit, they have been streamlined and each command
_should_ be a bit more similar and use consistent output.

By using the new output function, we now make sure its always json
(errors and everything) if the user asks for JSON.
2021-11-04 22:42:21 +00:00
Kristoffer Dalby dce82f4323 Use new json wrapper for version command 2021-11-04 22:41:55 +00:00
Kristoffer Dalby 9e9049307e Simplify loglevel parser, turn off logs when machine output is set 2021-11-04 22:32:13 +00:00
Kristoffer Dalby cd34a5d6f3 Expand json output to support yaml, make more generic 2021-11-04 22:31:47 +00:00
Kristoffer Dalby 319237910b Resolve new dependencies 2021-11-04 22:28:35 +00:00
Kristoffer Dalby 3eed356d70 Implement rpc calls with new helper functions, implementing the proto spec 2021-11-04 22:19:27 +00:00
Kristoffer Dalby 706ff59d70 Clean pointer list in app.go, add grpc logging and simplify naming 2021-11-04 22:18:55 +00:00
Kristoffer Dalby c2eb3f4d36 Use long command in example and remove pointerlist 2021-11-04 22:18:06 +00:00
Kristoffer Dalby 9acc3e0e73 Add a set of ip prefix convert helpers 2021-11-04 22:17:44 +00:00
Kristoffer Dalby 94dbaa6822 Clean up the return of "pointer list"
This commit is getting rid of a bunch of returned list pointers.
2021-11-04 22:16:56 +00:00
Kristoffer Dalby 5526ccc696 Namespaces are no longer a pointer 2021-11-04 22:15:46 +00:00
Kristoffer Dalby 95690e614e Simplify and streamline namespace functions for new cli/rpc/api 2021-11-04 22:15:17 +00:00
Kristoffer Dalby 77f5f8bd1c Simplify and streamline preauth commands for new cli/rpc/api 2021-11-04 22:14:39 +00:00
Kristoffer Dalby 787814ea89 Consolidate machine related lookups
This commit moves the routes lookup functions to be subcommands of
Machine, making them a lot simpler and more specific/composable.

It also moves the register command from cli.go into machine, so we can
clear out the extra file.

Finally a toProto function has been added to convert between the machine
database model and the proto/rpc model.
2021-11-04 22:11:38 +00:00
Kristoffer Dalby 67adea5cab Move common integration test commands into common file 2021-11-04 22:10:57 +00:00
Kristoffer Dalby 4226da3d6b Add "debug" command
This commit adds a debug command tree, intended to host commands used
for debugging and testing.

It adds a create node/machine command which will be used later to create
machines that can be used to test the registration command.
2021-11-04 22:08:45 +00:00
Kristoffer Dalby 5270361989 Add generated files from protobuf 2021-11-04 22:07:59 +00:00
Kristoffer Dalby a6aa6a4f7b Add proto rpc interface for cli
This commit adds proto rpc definitions for the communication needed for
the CLI interface.
This will allow us to move the rest of the CLI interface over to gRPC
and in the future allow remote access
2021-11-04 22:02:10 +00:00
Kristoffer Dalby 1c530be66c Merge pull request #206 from kradalby/initial-api-cli-work 2021-11-04 14:09:06 +00:00
Kristoffer Dalby 7c774bc547 Remove flag that cant be trapped 2021-11-02 21:49:19 +00:00
Kristoffer Dalby 9954a3c599 Add handling for closing the socket 2021-11-02 21:46:15 +00:00
Kristoffer Dalby b91c115ade Remove "auth skip" for socket traffic 2021-10-31 19:57:42 +00:00
Kristoffer Dalby 53df9afc2a Fix step naming error 2021-10-31 19:54:38 +00:00
Kristoffer Dalby 8db45a4e75 Setup a seperate, non-tls, no auth, socket grpc 2021-10-31 19:52:34 +00:00
Kristoffer Dalby 1c9b1ea91a Add todo 2021-10-31 16:34:20 +00:00
Kristoffer Dalby 12f2a7cee0 Move context per cure's suggestion 2021-10-31 16:26:51 +00:00
Kristoffer Dalby 3f30bf1e33 Ensure we set up TLS for http 2021-10-31 16:19:38 +00:00
Kristoffer Dalby f968b0abdf Merge branch 'main' into initial-api-cli-work 2021-10-31 12:17:47 +00:00
Kristoffer Dalby 16ccbf4cdb Merge pull request #207 from juanfont/update-contributors 2021-10-31 12:17:31 +00:00
Kristoffer Dalby d803fe6123 Merge branch 'main' into update-contributors 2021-10-31 09:58:17 +00:00
Kristoffer Dalby ca15a53fad Add timeout to integration test for execCommand to fail faster 2021-10-31 09:58:01 +00:00
Kristoffer Dalby 264e5964f6 Resolve merge conflict 2021-10-31 09:40:43 +00:00
github-actions[bot] 223c611820 docs(README): update contributors 2021-10-31 09:34:07 +00:00
Kristoffer Dalby fbdfa55629 Merge pull request #126 from unreality/main
Initial work on OIDC (SSO) integration
2021-10-31 09:33:35 +00:00
unreality 73d22cdf54 Merge pull request #2 from kradalby/oidc-1
Fix conflict, prepare for merge
2021-10-31 07:04:04 +08:00
Kristoffer Dalby bac81176b2 Remove lint from generated testcode 2021-10-30 15:39:05 +00:00
Kristoffer Dalby cd2914dbc9 Make note about oidc being experimental 2021-10-30 15:35:58 +00:00
Kristoffer Dalby cbf3f5d640 Resolve merge conflict 2021-10-30 15:33:01 +00:00
Kristoffer Dalby 018e42acad Merge branch 'main' into initial-api-cli-work 2021-10-30 15:31:34 +01:00
Kristoffer Dalby 482a31b66b Setup swagger and swagger UI properly 2021-10-30 14:29:53 +00:00
Kristoffer Dalby 2b340e8fa4 Rename protofile 2021-10-30 14:29:41 +00:00
Kristoffer Dalby 434fac52b7 Fix lint error 2021-10-30 14:29:03 +00:00
Kristoffer Dalby 6aacada852 Switch from gRPC localhost to socket
This commit changes the way CLI and grpc-gateway communicates with the
gRPC backend to socket, instead of localhost. Unauthenticated access now
goes on the socket, while the network interface will require API key (in
the future).
2021-10-30 14:08:16 +00:00
Ward Vandewege 7301d7eb67 Merge pull request #200 from cure/cli-improvements
Cli improvements -- nodes subcommand
2021-10-29 17:36:54 -04:00
Ward Vandewege b2d2d5653e Merge branch 'main' into cli-improvements 2021-10-29 17:20:05 -04:00
Kristoffer Dalby 72fd2a2780 Fix lint error 2021-10-29 17:36:11 +00:00
Kristoffer Dalby 9ef031f0f8 Port create, delete and list of namespace to grpc 2021-10-29 17:16:54 +00:00
Kristoffer Dalby 81b8610dff Add helper function to setup grpc client for cli 2021-10-29 17:15:52 +00:00
Kristoffer Dalby eefd82a574 Move config loading out of the headscale app setup 2021-10-29 17:09:06 +00:00
Kristoffer Dalby 002b5c1dad Add grpc token auth struct 2021-10-29 17:08:21 +00:00
Kristoffer Dalby 68dab0fe7b Move localhost check to utils 2021-10-29 17:04:58 +00:00
Kristoffer Dalby 6d10be8fff Change order of print/nil check in integration test 2021-10-29 16:49:44 +00:00
Kristoffer Dalby a23d82e33a Setup API and prepare for API keys
This commit sets up the API and gRPC endpoints and adds authentication
to them. Currently there is no actual authentication implemented but it
has been prepared for API keys.

In addition, there is a allow put in place for gRPC traffic over
localhost. This has two purposes:

1. grpc-gateway, which is the base of the API, connects to the gRPC
   service over localhost.
2. We do not want to break current "on server" behaviour which allows
   users to use the cli on the server without any fuzz
2021-10-29 16:45:06 +00:00
Kristoffer Dalby c7fa9b6e4a Setup create, delete and list namespace over grpc 2021-10-29 16:44:32 +00:00
Kristoffer Dalby 07bbeafa3b Fix lint errors, add initial namespace rpc 2021-10-29 16:43:10 +00:00
Kristoffer Dalby 06700c1dc4 Setup proto linting 2021-10-29 16:42:56 +00:00
Raal Goff 2d252da221 suggested documentation and comments 2021-10-29 21:35:07 +08:00
Kristoffer Dalby 2c071a8a2d Merge pull request #204 from kradalby/api-playground 2021-10-28 20:17:20 +01:00
Ward Vandewege f9187bdfc4 Switch to named arguments for all nodes subcommands. Update docs
accordingly. Fix integration test failure.
2021-10-28 09:31:15 -04:00
Ward Vandewege 25c67cf2aa Update integration_test.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-28 08:40:30 -04:00
Ward Vandewege b00a2729e3 Update cmd/headscale/cli/nodes.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-28 08:39:42 -04:00
Ward Vandewege 6c01b86e4c Update cmd/headscale/cli/nodes.go
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-28 08:39:27 -04:00
Ward Vandewege d086cf4691 Move the namespace argument back to a flag for the share and unshare
commands.
2021-10-27 17:51:42 -04:00
Kristoffer Dalby 5054ed41ac Make ci lint fix if it can 2021-10-27 07:10:32 +00:00
Kristoffer Dalby e91174e83f Add gen explicitly to skip list 2021-10-27 07:08:24 +00:00
Kristoffer Dalby c9bd25d05c Remove golint from github actions 2021-10-27 07:07:44 +00:00
Kristoffer Dalby f779372154 Add golangcilint config 2021-10-27 07:07:19 +00:00
Kristoffer Dalby acd9ebbdf8 Let lint ignore grpcv1.go as it is placeholder 2021-10-27 07:06:39 +00:00
Kristoffer Dalby 6369cea10e Remove golint, its deprecated
This commit removed `golint`, its deprecated:
https://github.com/golang/lint

and golangci-lint has overlapping features.
2021-10-27 06:58:16 +00:00
Kristoffer Dalby 2d92719095 Dont try to generate code on every make build 2021-10-27 06:48:30 +00:00
Kristoffer Dalby d4265779ef Check in generated code
This does not have to be reviewed, here is some reasoning:

Go (and go mod) is designed for having code available and we need to
check in the generated code to make sure it is "go gettable". If we dont
we give ourselves a headache trying to setup all the ci, tests etc to
install and generate the code before it runs.

Because the code isnt there, the plugins needed to generate the code
fail to install...

I didnt find any good documentation for this, but there is this github
comment:
https://github.com/golang/go/issues/34514#issuecomment-535406759
2021-10-27 06:44:04 +00:00
Kristoffer Dalby 8f2ef6a57d Prepare for checking in generated code 2021-10-27 06:40:39 +00:00
Kristoffer Dalby 6e764942a2 Add grpc step to dockerfile 2021-10-26 21:35:18 +00:00
Kristoffer Dalby 11d987549f Ignore generated files for docker 2021-10-26 21:34:51 +00:00
Kristoffer Dalby b8c89cd63c Add readme and makefile entry about code generation 2021-10-26 20:53:10 +00:00
Kristoffer Dalby 2f045b20fb Refactor tls and wire up grpc, grpc gateway/api
This commit moves the TLS configuration into a seperate function.

It also wires up the gRPC interface and prepares handing the API
endpoints to the grpc gateway.
2021-10-26 20:42:56 +00:00
Kristoffer Dalby caa4d33cbd Add an initial grpcv1 service (implementing the proto generated service) 2021-10-26 20:42:20 +00:00
Kristoffer Dalby a9da7c8fd9 Update go.mod 2021-10-26 20:41:35 +00:00
Kristoffer Dalby b096a2e7e5 Create an initial gRPC service
This commit adds protobuf files and tooling surrounding generating APIs
and datatypes.
2021-10-26 20:37:37 +00:00
Ward Vandewege f9ece0087d Make the cli help a little more explicit for the nodes subcommand. 2021-10-26 08:50:25 -04:00
Kristoffer Dalby c76d3b53d9 Merge branch 'main' into cli-improvements 2021-10-25 22:11:02 +01:00
Kristoffer Dalby e8277595f5 Merge pull request #202 from juanfont/kradalby-patch-1
Add note about main containing unreleased  changes
2021-10-25 20:14:36 +01:00
Kristoffer Dalby 4d3b638a3d Add note about main containing unreleased changes
#201
2021-10-25 19:38:11 +01:00
Ward Vandewege 1d9954d8e9 Fix integration test. 2021-10-24 20:11:47 -04:00
Ward Vandewege dd7557850e cli changes for the nodes subcommand:
* when listing nodes, a namespace is now optional, when it is not
  provided, all nodes are shown
* when deleting, and sharing a node, remove the `namespace` flag, it was
  superfluous and unused
* when unsharing a node, specify the namespace as an argument not a
  flag, making the UX the same as for sharing.

Also refactor the share/unshare code to reuse the shared bits.
2021-10-24 17:50:28 -04:00
Ward Vandewege c8e1afb14b When attempting to unshare a node from the primary namespace, return
errorMachineNotShared, not errorSameNamespace. Add test for same.
2021-10-24 17:50:21 -04:00
Kristoffer Dalby 6d162eeff9 Merge pull request #197 from kradalby/config-simplification 2021-10-24 22:27:18 +01:00
Kristoffer Dalby 746d4037da Fix config and tests 2021-10-24 21:30:51 +01:00
Kristoffer Dalby 1237e02f7c Merge branch 'config-simplification' of github.com:kradalby/headscale into config-simplification 2021-10-24 21:21:08 +01:00
Kristoffer Dalby 7da3d4ba50 Resolve merge conflict 2021-10-24 21:21:01 +01:00
Remus CURSARU c22b93734e update Running.md
clarify setup steps; use a single directory to hold all configuration for docker container
2021-10-24 14:09:07 +02:00
Kristoffer Dalby 8853315dcc Update config-example.yaml
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2021-10-23 10:40:15 +01:00
Kristoffer Dalby 5aaffaaecb Merge pull request #196 from kradalby/derp-improvements
Add ability to fetch DERP from url and file
2021-10-23 09:20:27 +01:00
Kristoffer Dalby 389a8d47a3 Merge branch 'main' into derp-improvements 2021-10-22 23:58:48 +01:00
Kristoffer Dalby a355769416 Update derp-example.yaml
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2021-10-22 23:58:27 +01:00
Juan Font 1a8c9216d6 Merge pull request #194 from juanfont/update-contributors
docs(README): update contributors
2021-10-23 00:11:22 +02:00
Juan Font 81316ef644 Merge branch 'main' into update-contributors 2021-10-22 21:28:27 +02:00
Kristoffer Dalby 4d4d0de356 Start adding comments to config 2021-10-22 18:27:11 +01:00
Kristoffer Dalby b85adbc40a Remove the need for multiple config files
This commit removes the almost a 100% redundant tests (two fields were
checked differently) and makes a single example configuration for users.
2021-10-22 18:14:29 +01:00
Kristoffer Dalby aefbd66317 Remove derpmap volume from integration tests 2021-10-22 16:57:51 +00:00
Kristoffer Dalby d875cca69d move integration to yaml, add new derp configuration 2021-10-22 16:57:01 +00:00
Kristoffer Dalby 0e902fe949 Add certificates to docker image so we can get derpmap from tailscale 2021-10-22 16:56:23 +00:00
Kristoffer Dalby 582eb57a09 Use the new derp map 2021-10-22 16:56:00 +00:00
Kristoffer Dalby 177f1eca06 Add helper functions for building derp maps from urls and file 2021-10-22 16:55:35 +00:00
Kristoffer Dalby 57f46ded83 Split derp into its own config struct 2021-10-22 16:55:14 +00:00
Kristoffer Dalby aa245c2d06 Remove derp.yaml, add selfhosted example
This PR will promote fetching the derpmap directly from tailscale, so we
will remove our example, as it might easily get outdated.

Add a derp-example that shows how a user can also add their own derp
server.
2021-10-22 16:52:39 +00:00
Kristoffer Dalby e836db1ead Add config.yaml to gitignore 2021-10-22 16:51:19 +00:00
github-actions[bot] 5420347d24 docs(README): update contributors 2021-10-22 06:58:20 +00:00
Kristoffer Dalby 9e2637d65f Merge pull request #192 from derelm/patch-2 2021-10-22 07:57:48 +01:00
Juan Font c6046597ed Merge branch 'main' into update-contributors 2021-10-22 00:01:18 +02:00
Juan Font a46c8fe914 Merge branch 'main' into patch-2 2021-10-21 23:56:10 +02:00
Juan Font f822816cdb Merge pull request #193 from juanfont/fix-again-contributors
Another fix for the contributors section in README
2021-10-21 23:55:41 +02:00
Juan Font Alonso f3bf9b4bbb Contributors again fixed 2021-10-21 23:54:20 +02:00
Juan Font 9f02899261 Merge branch 'main' into patch-2 2021-10-21 23:41:52 +02:00
github-actions[bot] 75f3e1fb03 docs(README): update contributors 2021-10-21 21:38:02 +00:00
Juan Font 9fbfa7c1f5 Merge pull request #191 from juanfont/fix-contributors
Fix contributors
2021-10-21 23:32:43 +02:00
Juan Font Alonso d5aef85bf2 Fix contributors 2021-10-21 23:21:38 +02:00
derelm 88b32e4b18 fix typo 2021-10-21 23:07:35 +02:00
Juan Font Alonso e425e3ffd3 Fix contributors 2021-10-21 22:53:30 +02:00
Juan Font 355483fd86 Merge pull request #184 from juanfont/doc-reorg-v1
Move documentation away from README and use YAML everywhere
2021-10-21 22:38:59 +02:00
Juan Font Alonso 672d8474b9 PRettier on the yamls 2021-10-21 21:18:50 +02:00
Juan Font Alonso 73e4d38670 Merge branch 'doc-reorg-v1' of https://github.com/juanfont/headscale into doc-reorg-v1 2021-10-21 21:01:57 +02:00
Juan Font Alonso 561c15bbe8 Prettier 2021-10-21 21:01:52 +02:00
Juan Font Alonso b93aa723cb Run contributors on merge to master 2021-10-21 20:58:30 +02:00
Juan Font Alonso 636943c715 Improved docker cmd 2021-10-21 20:57:18 +02:00
Juan Font 0a6a67da85 Merge branch 'main' into doc-reorg-v1 2021-10-21 20:55:48 +02:00
Juan Font Alonso e9ffd366dd Improvements here and there 2021-10-21 20:54:41 +02:00
Juan Font Alonso 4be0b3f556 Mention disable check updates in the doc 2021-10-21 20:54:29 +02:00
Juan Font Alonso a0bfad6d6e Headscale is not capitalized 2021-10-21 20:48:29 +02:00
Juan Font Alonso bb1f17f5af Added glossary 2021-10-21 20:46:19 +02:00
Juan Font 95bc2ee241 Merge pull request #190 from juanfont/fix-arm64
Fix arm64 (now for good)
2021-10-21 20:40:17 +02:00
Juan Font Alonso 16a90e799c Contributors should be working 2021-10-21 20:36:26 +02:00
Juan Font Alonso 4c2f84b211 Add contributors Action 2021-10-21 20:33:58 +02:00
Juan Font Alonso b799635fbb Merge branch 'fix-arm64' of https://github.com/juanfont/headscale into fix-arm64 2021-10-21 19:56:51 +02:00
Juan Font Alonso bc145952d4 Finally fix arm64 build 2021-10-21 19:56:36 +02:00
Kristoffer Dalby 2c5701917d Merge branch 'main' into doc-reorg-v1 2021-10-21 18:46:29 +01:00
Juan Font ed7b840fea Merge pull request #188 from juanfont/fix-arm64
Fixed ARM64 compiler name
2021-10-21 19:10:14 +02:00
Kristoffer Dalby 23372e29cd Merge branch 'main' into fix-arm64 2021-10-21 17:03:46 +01:00
Juan Font Alonso fb569b0483 Fixed ARM64 compiler name 2021-10-21 17:47:10 +02:00
Juan Font e2b5638ca0 Merge pull request #187 from juanfont/fix-arm64
Use CGO_ENABLED=1 when building arm64
2021-10-21 00:00:47 +02:00
Juan Font Alonso 8f5a1dce3e Merge branch 'doc-reorg-v1' of https://github.com/juanfont/headscale into doc-reorg-v1 2021-10-20 23:34:27 +02:00
Juan Font Alonso 6b0f5da113 Separate config examples for sqlite and postgres for the time being 2021-10-20 23:27:59 +02:00
Juan Font Alonso 5159b6d085 Trying to fix arm64 2021-10-20 23:10:59 +02:00
Juan Font 03d97c3872 Merge pull request #183 from juanfont/split-dns
Add support for Split DNS (Restricted Nameservers)
2021-10-20 10:53:52 +02:00
Juan Font 41c5a0ddf5 Apply suggestions from code review
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-20 09:35:56 +02:00
Juan Font 19165a40d2 Merge branch 'main' into split-dns 2021-10-20 00:19:34 +02:00
Juan Font d1ebcb59f1 Merge branch 'main' into doc-reorg-v1 2021-10-20 00:19:21 +02:00
Juan Font Alonso 31344128a0 Switch json for yaml in README 2021-10-20 00:17:47 +02:00
Juan Font Alonso 86ecc2a234 Switch to YAML config 2021-10-20 00:17:08 +02:00
Juan Font Alonso d1e8ac7ba5 Moved TLS config to another file 2021-10-20 00:07:05 +02:00
Juan Font Alonso efe208fef5 Merge branch 'doc-reorg-v1' of https://github.com/juanfont/headscale into doc-reorg-v1 2021-10-19 23:54:32 +02:00
Juan Font Alonso 7b40e99aec Added notes on SQLite 2021-10-19 23:45:20 +02:00
Juan Font 06706aab9a Update docs/Running.md
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-19 23:41:08 +02:00
Juan Font 0318af5a33 Apply suggestions from code review
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-19 23:22:56 +02:00
Juan Font Alonso 995dcfc6ae Reference doc/ 2021-10-19 21:02:45 +02:00
Juan Font Alonso 2236cc8bf7 Improve wording here and there 2021-10-19 21:01:36 +02:00
Juan Font Alonso 7bb354117b Move README documentation to doc/ 2021-10-19 20:59:33 +02:00
Juan Font Alonso 18b00b5d8d Add support for Split DNS (implements #179) 2021-10-19 20:51:43 +02:00
Kristoffer Dalby dbe193ad17 Fix up leftovers from kradalby PR 2021-10-19 18:25:59 +01:00
Kristoffer Dalby e7424222db Merge branch 'main' into main 2021-10-19 17:47:09 +01:00
Juan Font d2a162e3ee Merge pull request #178 from cure/refactor-sharing-tests
Apply some DRY to the sharing tests.
2021-10-19 18:45:37 +02:00
Kristoffer Dalby da14750396 Merge branch 'main' into main 2021-10-19 15:26:18 +01:00
unreality 8fe72dcb74 Merge pull request #1 from kradalby/namespace-mappings
Implement namespace mappings
2021-10-19 09:33:54 +08:00
Ward Vandewege d35f5fe498 Apply some DRY to the sharing tests. 2021-10-18 17:52:38 -04:00
Kristoffer Dalby 677bd9b657 Implement namespace matching 2021-10-18 19:27:52 +00:00
Kristoffer Dalby a347d276bd Fix broken machine test 2021-10-18 19:26:43 +00:00
Juan Font 9e1253ada1 Merge pull request #177 from cure/cli-unshare-node
Cli unshare node
2021-10-18 12:51:53 +02:00
Juan Font 244e79f575 Merge branch 'main' into cli-unshare-node 2021-10-18 12:34:13 +02:00
Juan Font b4e6a32b4b Merge pull request #176 from cure/fix-sharing-check
Bugfix: the check to see if a node was already shared into a namespace
2021-10-18 12:34:04 +02:00
Juan Font 023cd8f4cd Merge branch 'main' into fix-sharing-check 2021-10-18 12:20:43 +02:00
Juan Font 10d24e64cd Merge pull request #174 from juanfont/fix-magic-dns-base-domain
Fix MagicDNS base domain
2021-10-18 12:16:07 +02:00
Juan Font Alonso 37e191a75d Solved merge 2021-10-17 23:59:44 +02:00
Juan Font Alonso 01a5fe3c51 Added tests, solved some bugs, and code reorg 2021-10-17 23:58:09 +02:00
Ward Vandewege 9e3339b4f1 Add cli support for unsharing a node from a namespace. 2021-10-17 16:29:46 -04:00
Ward Vandewege b06e34f144 Bugfix: the check to see if a node was already shared into a namespace
was incorrect.
2021-10-17 15:53:39 -04:00
Kristoffer Dalby 710616f118 Merge branch 'main' into main 2021-10-17 13:26:37 +01:00
Kristoffer Dalby ddf042cab1 Merge branch 'main' into fix-magic-dns-base-domain 2021-10-17 13:23:21 +01:00
Juan Font Alonso 687e8d12be Do not use the full application for getMapResponseDNSConfig 2021-10-17 12:10:03 +02:00
Juan Font Alonso 01f755ecf9 Send UserProfile info for the peers' namespaces 2021-10-17 12:07:01 +02:00
Juan Font Alonso 8094e6fdef Preload the Namespace from SharedMachines 2021-10-17 11:59:08 +02:00
Juan Font Alonso 061efa1822 Do not include BaseDomain as full route in DNSConfig + code reorg 2021-10-17 11:57:53 +02:00
Juan Font 9a7472218e Merge pull request #172 from cure/rename-namespaces
Rename namespaces
2021-10-17 00:30:36 +02:00
Ward Vandewege 7dcf4a5147 Add support for renaming namespaces. 2021-10-16 11:20:06 -04:00
Ward Vandewege 306a80cf57 Bugfix: when namespace destruction causes a database error, return the
error, not nil.
2021-10-16 11:14:37 -04:00
Raal Goff d0cd5af419 fix incorrect merge 2021-10-16 22:34:11 +08:00
unreality afbfc1d370 Merge branch 'main' into main 2021-10-16 22:31:37 +08:00
Raal Goff 0603e29c46 add login details to RegisterResponse so GUI clients show login display name 2021-10-15 23:09:55 +08:00
Raal Goff 8843188b84 add notes to README.md about OIDC 2021-10-10 22:52:30 +08:00
Raal Goff 74e6c1479e updates from code review 2021-10-10 17:22:42 +08:00
Kristoffer Dalby 2997f4d251 Merge branch 'main' into main 2021-10-08 22:21:41 +01:00
Raal Goff e407d423d4 updates from code review 2021-10-08 17:43:52 +08:00
unreality 35795c79c3 Handle trailing slash on uris
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-08 15:26:31 +08:00
Raal Goff c487591437 use go-oidc instead of verifying and extracting tokens ourselves, rename oidc_endpoint to oidc_issuer to be more inline with spec 2021-10-06 17:19:15 +08:00
Kristoffer Dalby 0393ab524c Merge branch 'main' into main 2021-09-28 11:20:31 +01:00
Kristoffer Dalby cc054d71fe Merge branch 'main' into main 2021-09-26 21:35:26 +01:00
Kristoffer Dalby 8248b71153 Merge branch 'main' into main 2021-09-26 21:15:00 +01:00
Raal Goff b22a9781a2 fix linter errors, error out if jwt does not contain a key id 2021-09-26 21:12:36 +08:00
Raal Goff e7a2501fe8 initial work on OIDC (SSO) integration 2021-09-26 16:53:05 +08:00
280 changed files with 45322 additions and 6945 deletions
+2
View File
@@ -3,6 +3,7 @@
// development
integration_test.go
integration_test/
!integration_test/etc_embedded_derp/tls/server.crt
Dockerfile*
docker-compose*
@@ -15,3 +16,4 @@ README.md
LICENSE
.vscode
*.sock
+1
View File
@@ -0,0 +1 @@
use flake
+10
View File
@@ -0,0 +1,10 @@
* @juanfont @kradalby
*.md @ohdearaugustin
*.yml @ohdearaugustin
*.yaml @ohdearaugustin
Dockerfile* @ohdearaugustin
.goreleaser.yaml @ohdearaugustin
/docs/ @ohdearaugustin
/.github/workflows/ @ohdearaugustin
/.github/renovate.json @ohdearaugustin
+3
View File
@@ -0,0 +1,3 @@
# These are supported funding model platforms
ko_fi: headscale
+30
View File
@@ -0,0 +1,30 @@
---
name: "Bug report"
about: "Create a bug report to help us improve"
title: ""
labels: ["bug"]
assignees: ""
---
<!-- Headscale is a multinational community across the globe. Our common language is English. Please consider raising the bug report in this language. -->
**Bug description**
<!-- A clear and concise description of what the bug is. Describe the expected bahavior
and how it is currently different. If you are unsure if it is a bug, consider discussing
it on our Discord server first. -->
**To Reproduce**
<!-- Steps to reproduce the behavior. -->
**Context info**
<!-- Please add relevant information about your system. For example:
- Version of headscale used
- Version of tailscale client
- OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version
- Kernel version
- The relevant config parameters you used
- Log output
-->
+11
View File
@@ -0,0 +1,11 @@
# Issues must have some content
blank_issues_enabled: false
# Contact links
contact_links:
- name: "headscale usage documentation"
url: "https://github.com/juanfont/headscale/blob/main/docs"
about: "Find documentation about how to configure and run headscale."
- name: "headscale Discord community"
url: "https://discord.gg/xGj2TuqyxY"
about: "Please ask and answer questions about usage of headscale here."
+17
View File
@@ -0,0 +1,17 @@
---
name: "Feature request"
about: "Suggest an idea for headscale"
title: ""
labels: ["enhancement"]
assignees: ""
---
<!-- Headscale is a multinational community across the globe. Our common language is English. Please consider raising the feature request in this language. -->
**Feature request**
<!-- A clear and precise description of what new or changed feature you want. -->
<!-- Please include the reason, why you would need the feature. E.g. what problem
does it solve? Or which workflow is currently frustrating and will be improved by
this? -->
+30
View File
@@ -0,0 +1,30 @@
---
name: "Other issue"
about: "Report a different issue"
title: ""
labels: ["bug"]
assignees: ""
---
<!-- Headscale is a multinational community across the globe. Our common language is English. Please consider raising the issue in this language. -->
<!-- If you have a question, please consider using our Discord for asking questions -->
**Issue description**
<!-- Please add your issue description. -->
**To Reproduce**
<!-- Steps to reproduce the behavior. -->
**Context info**
<!-- Please add relevant information about your system. For example:
- Version of headscale used
- Version of tailscale client
- OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version
- Kernel version
- The relevant config parameters you used
- Log output
-->
+10
View File
@@ -0,0 +1,10 @@
<!-- Please tick if the following things apply. You… -->
- [ ] read the [CONTRIBUTING guidelines](README.md#contributing)
- [ ] raised a GitHub issue or discussed it on the projects chat beforehand
- [ ] added unit tests
- [ ] added integration tests
- [ ] updated documentation if needed
- [ ] updated CHANGELOG.md
<!-- If applicable, please reference the issue using `Fixes #XXX` and add tests to cover your new code. -->
+38
View File
@@ -0,0 +1,38 @@
{
"baseBranches": ["main"],
"username": "renovate-release",
"gitAuthor": "Renovate Bot <bot@renovateapp.com>",
"branchPrefix": "renovateaction/",
"onboarding": false,
"extends": ["config:base", ":rebaseStalePrs"],
"ignorePresets": [":prHourlyLimit2"],
"enabledManagers": ["dockerfile", "gomod", "github-actions","regex" ],
"includeForks": true,
"repositories": ["juanfont/headscale"],
"platform": "github",
"packageRules": [
{
"matchDatasources": ["go"],
"groupName": "Go modules",
"groupSlug": "gomod",
"separateMajorMinor": false
},
{
"matchDatasources": ["docker"],
"groupName": "Dockerfiles",
"groupSlug": "dockerfiles"
}
],
"regexManagers": [
{
"fileMatch": [
".github/workflows/.*.yml$"
],
"matchStrings": [
"\\s*go-version:\\s*\"?(?<currentValue>.*?)\"?\\n"
],
"datasourceTemplate": "golang-version",
"depNameTemplate": "actions/go-version"
}
]
}
+49 -14
View File
@@ -8,29 +8,64 @@ on:
branches:
- main
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
permissions: write-all
steps:
- uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2
- uses: actions/checkout@v3
with:
go-version: "1.16.3"
fetch-depth: 2
- name: Install dependencies
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v16
if: steps.changed-files.outputs.any_changed == 'true'
- name: Run build
id: build
if: steps.changed-files.outputs.any_changed == 'true'
run: |
go version
go install golang.org/x/lint/golint@latest
sudo apt update
sudo apt install -y make
nix build |& tee build-result
BUILD_STATUS="${PIPESTATUS[0]}"
- name: Run lint
run: make build
OLD_HASH=$(cat build-result | grep specified: | awk -F ':' '{print $2}' | sed 's/ //g')
NEW_HASH=$(cat build-result | grep got: | awk -F ':' '{print $2}' | sed 's/ //g')
- uses: actions/upload-artifact@v2
echo "OLD_HASH=$OLD_HASH" >> $GITHUB_OUTPUT
echo "NEW_HASH=$NEW_HASH" >> $GITHUB_OUTPUT
exit $BUILD_STATUS
- name: Nix gosum diverging
uses: actions/github-script@v6
if: failure() && steps.build.outcome == 'failure'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
github.rest.pulls.createReviewComment({
pull_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'Nix build failed with wrong gosum, please update "vendorSha256" (${{ steps.build.outputs.OLD_HASH }}) for the "headscale" package in flake.nix with the new SHA: ${{ steps.build.outputs.NEW_HASH }}'
})
- uses: actions/upload-artifact@v3
if: steps.changed-files.outputs.any_changed == 'true'
with:
name: headscale-linux
path: headscale
path: result/bin/headscale
+35
View File
@@ -0,0 +1,35 @@
name: Contributors
on:
push:
branches:
- main
workflow_dispatch:
jobs:
add-contributors:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Delete upstream contributor branch
# Allow continue on failure to account for when the
# upstream branch is deleted or does not exist.
continue-on-error: true
run: git push origin --delete update-contributors
- name: Create up-to-date contributors branch
run: git checkout -B update-contributors
- name: Push empty contributors branch
run: git push origin update-contributors
- name: Switch back to main
run: git checkout main
- uses: BobAnkh/add-contributors@v0.2.2
with:
CONTRIBUTOR: "## Contributors"
COLUMN_PER_ROW: "6"
ACCESS_TOKEN: ${{secrets.GITHUB_TOKEN}}
IMG_WIDTH: "100"
FONT_SIZE: "14"
PATH: "/README.md"
COMMIT_MESSAGE: "docs(README): update contributors"
AVATAR_SHAPE: "round"
BRANCH: "update-contributors"
PULL_REQUEST: "main"
+45
View File
@@ -0,0 +1,45 @@
name: Build documentation
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
pages: write
id-token: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Install python
uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Setup cache
uses: actions/cache@v2
with:
key: ${{ github.ref }}
path: .cache
- name: Setup dependencies
run: pip install mkdocs-material pillow cairosvg mkdocs-minify-plugin
- name: Build docs
run: mkdocs build --strict
- name: Upload artifact
uses: actions/upload-pages-artifact@v1
with:
path: ./site
deploy:
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v1
+23
View File
@@ -0,0 +1,23 @@
name: GitHub Actions Version Updater
# Controls when the action will run.
on:
schedule:
# Automatically run on every Sunday
- cron: "0 0 * * 0"
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
# [Required] Access token with `workflow` scope.
token: ${{ secrets.WORKFLOW_SECRET }}
- name: Run GitHub Actions Version Updater
uses: saadmk11/github-actions-version-updater@v0.7.1
with:
# [Required] Access token with `workflow` scope.
token: ${{ secrets.WORKFLOW_SECRET }}
+68 -27
View File
@@ -1,39 +1,80 @@
name: CI
---
name: Lint
on: [push, pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
# The "build" workflow
lint:
# The type of runner that the job will run on
golangci-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- name: golangci-lint
if: steps.changed-files.outputs.any_changed == 'true'
uses: golangci/golangci-lint-action@v2
with:
version: v1.51.2
# Only block PRs on new problems.
# If this is not enabled, we will end up having PRs
# blocked because new linters has appared and other
# parts of the code is affected.
only-new-issues: true
prettier-lint:
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Install and run golangci-lint as a separate step, it's much faster this
# way because this action has caching. It'll get run again in `make lint`
# below, but it's still much faster in the end than installing
# golangci-lint manually in the `Run lint` step.
- uses: golangci/golangci-lint-action@v2
with:
args: --timeout 5m
fetch-depth: 2
# Setup Go
- name: Setup Go
uses: actions/setup-go@v2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v14.1
with:
go-version: "1.16.3" # The Go version to download (if necessary) and use.
files: |
*.nix
**/*.md
**/*.yml
**/*.yaml
**/*.ts
**/*.js
**/*.sass
**/*.css
**/*.scss
**/*.html
# Install all the dependencies
- name: Install dependencies
run: |
go version
go install golang.org/x/lint/golint@latest
sudo apt update
sudo apt install -y make
- name: Prettify code
if: steps.changed-files.outputs.any_changed == 'true'
uses: creyD/prettier_action@v4.3
with:
prettier_options: >-
--check **/*.{ts,js,md,yaml,yml,sass,css,scss,html}
only_changed: false
dry: true
- name: Run lint
run: make lint
proto-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: bufbuild/buf-setup-action@v1.7.0
- uses: bufbuild/buf-lint-action@v1
with:
input: "proto"
+11 -64
View File
@@ -1,77 +1,24 @@
---
name: release
name: Release
on:
push:
tags:
- "*" # triggers only if push new tag version
- "*" # triggers only if push new tag version
workflow_dispatch:
jobs:
goreleaser:
runs-on: ubuntu-18.04 # due to CGO we need to user an older version
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
-
name: Set up Go
uses: actions/setup-go@v2
with:
go-version: 1.16
-
name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
distribution: goreleaser
version: latest
args: release --rm-dist
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
docker-release:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v2
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
-
name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
# list of Docker images to use as base name for tags
images: |
${{ secrets.DOCKERHUB_USERNAME }}/headscale
ghcr.io/${{ github.repository_owner }}/headscale
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
-
name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Login to GHCR
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
push: true
context: .
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- uses: cachix/install-nix-action@v16
- name: Run goreleaser
run: nix develop --command -- goreleaser release --clean
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,35 @@
name: Integration Test CLI
on: [pull_request]
jobs:
integration-test-cli:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Set Swap Space
uses: pierotofy/set-swap-space@master
with:
swap-size-gb: 10
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v16
if: steps.changed-files.outputs.any_changed == 'true'
- name: Run CLI integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: nix develop --command -- make test_integration_cli
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLAllowStarDst
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLAllowStarDst$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLAllowUser80Dst
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLAllowUser80Dst$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLAllowUserDst
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLAllowUserDst$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLDenyAllPort80
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLDenyAllPort80$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLDevice1CanAccessDevice2
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLDevice1CanAccessDevice2$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLHostsInNetMapTable
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLHostsInNetMapTable$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLNamedHostsCanReach
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLNamedHostsCanReach$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestACLNamedHostsCanReachBySubnet
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestACLNamedHostsCanReachBySubnet$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestAuthKeyLogoutAndRelogin
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestAuthKeyLogoutAndRelogin$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestAuthWebFlowAuthenticationPingAll
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestAuthWebFlowAuthenticationPingAll$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestAuthWebFlowLogoutAndRelogin
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestAuthWebFlowLogoutAndRelogin$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestCreateTailscale
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestCreateTailscale$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestDERPServerScenario
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestDERPServerScenario$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestEnablingRoutes
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestEnablingRoutes$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestEphemeral
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestEphemeral$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestExpireNode
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestExpireNode$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestHeadscale
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestHeadscale$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestOIDCAuthenticationPingAll
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestOIDCAuthenticationPingAll$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestOIDCExpireNodesBasedOnTokenExpiry
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestOIDCExpireNodesBasedOnTokenExpiry$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestPingAllByHostname
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestPingAllByHostname$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestPingAllByIP
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestPingAllByIP$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestPreAuthKeyCommand
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestPreAuthKeyCommand$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestPreAuthKeyCommandReusableEphemeral
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestPreAuthKeyCommandReusableEphemeral$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestPreAuthKeyCommandWithoutExpiry
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestPreAuthKeyCommandWithoutExpiry$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestResolveMagicDNS
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestResolveMagicDNS$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestSSHIsBlockedInACL
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestSSHIsBlockedInACL$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestSSHMultipleUsersAllToAll
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestSSHMultipleUsersAllToAll$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestSSHNoSSHConfigured
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestSSHNoSSHConfigured$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestSSHOneUserAllToAll
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestSSHOneUserAllToAll$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestSSUserOnlyIsolation
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestSSUserOnlyIsolation$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestTaildrop
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestTaildrop$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestTailscaleNodesJoiningHeadcale
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestTailscaleNodesJoiningHeadcale$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
@@ -0,0 +1,63 @@
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - TestUserCommand
on: [pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^TestUserCommand$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
-23
View File
@@ -1,23 +0,0 @@
name: CI
on: [pull_request]
jobs:
# The "build" workflow
integration-test:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Setup Go
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: "1.16.3"
- name: Run Integration tests
run: go test -tags integration -timeout 30m
+22 -21
View File
@@ -1,33 +1,34 @@
name: CI
name: Tests
on: [push, pull_request]
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
# The "build" workflow
test:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
# Setup Go
- name: Setup Go
uses: actions/setup-go@v2
- uses: actions/checkout@v3
with:
go-version: "1.16.3" # The Go version to download (if necessary) and use.
fetch-depth: 2
# Install all the dependencies
- name: Install dependencies
run: |
go version
sudo apt update
sudo apt install -y make
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v16
if: steps.changed-files.outputs.any_changed == 'true'
- name: Run tests
run: make test
- name: Run build
run: make
if: steps.changed-files.outputs.any_changed == 'true'
run: nix develop --check
+19 -2
View File
@@ -1,3 +1,5 @@
ignored/
# Binaries for programs and plugins
*.exe
*.exe~
@@ -12,10 +14,14 @@
*.out
# Dependency directories (remove the comment below to include it)
# vendor/
vendor/
dist/
/headscale
config.json
config.yaml
derp.yaml
*.hujson
*.key
/db.sqlite
*.sqlite3
@@ -23,4 +29,15 @@ config.json
# Exclude Jetbrains Editors
.idea
test_output/
test_output/
control_logs/
# Nix build output
result
.direnv/
integration_test/etc/config.dump.yaml
# MkDocs
.cache
/site
+74
View File
@@ -0,0 +1,74 @@
---
run:
timeout: 10m
build-tags:
- ts2019
issues:
skip-dirs:
- gen
linters:
enable-all: true
disable:
- exhaustivestruct
- revive
- lll
- interfacer
- scopelint
- maligned
- golint
- gofmt
- gochecknoglobals
- gochecknoinits
- gocognit
- funlen
- exhaustivestruct
- tagliatelle
- godox
- ireturn
- execinquery
- exhaustruct
- nolintlint
- musttag # causes issues with imported libs
# deprecated
- structcheck # replaced by unused
- ifshort # deprecated by the owner
- varcheck # replaced by unused
- nosnakecase # replaced by revive
- deadcode # replaced by unused
# We should strive to enable these:
- wrapcheck
- dupl
- makezero
- maintidx
# Limits the methods of an interface to 10. We have more in integration tests
- interfacebloat
# We might want to enable this, but it might be a lot of work
- cyclop
- nestif
- wsl # might be incompatible with gofumpt
- testpackage
- paralleltest
linters-settings:
varnamelen:
ignore-type-assert-ok: true
ignore-map-index-ok: true
ignore-names:
- err
- db
- id
- ip
- ok
- c
- tt
gocritic:
disabled-checks:
- appendAssign
# TODO(kradalby): Remove this
- ifElseChain
+101 -66
View File
@@ -1,87 +1,122 @@
# This is an example .goreleaser.yml file with some sane defaults.
# Make sure to check the documentation at http://goreleaser.com
---
before:
hooks:
- go mod tidy
- go mod tidy -compat=1.20
- go mod vendor
release:
prerelease: auto
builds:
- id: darwin-amd64
- id: headscale
main: ./cmd/headscale/headscale.go
mod_timestamp: '{{ .CommitTimestamp }}'
goos:
- darwin
goarch:
- amd64
mod_timestamp: "{{ .CommitTimestamp }}"
env:
- PKG_CONFIG_SYSROOT_DIR=/sysroot/macos/amd64
- PKG_CONFIG_PATH=/sysroot/macos/amd64/usr/local/lib/pkgconfig
- CC=o64-clang
- CXX=o64-clang++
- CGO_ENABLED=0
targets:
- darwin_amd64
- darwin_arm64
- freebsd_amd64
- linux_386
- linux_amd64
- linux_arm64
- linux_arm_5
- linux_arm_6
- linux_arm_7
flags:
- -mod=readonly
ldflags:
- -s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=v{{.Version}}
- id: linux-armhf
main: ./cmd/headscale/headscale.go
mod_timestamp: '{{ .CommitTimestamp }}'
goos:
- linux
goarch:
- arm
goarm:
- 7
env:
- CC=arm-linux-gnueabihf-gcc
- CXX=arm-linux-gnueabihf-g++
- CGO_FLAGS=--sysroot=/sysroot/linux/armhf
- CGO_LDFLAGS=--sysroot=/sysroot/linux/armhf
- PKG_CONFIG_SYSROOT_DIR=/sysroot/linux/armhf
- PKG_CONFIG_PATH=/sysroot/linux/armhf/opt/vc/lib/pkgconfig:/sysroot/linux/armhf/usr/lib/arm-linux-gnueabihf/pkgconfig:/sysroot/linux/armhf/usr/lib/pkgconfig:/sysroot/linux/armhf/usr/local/lib/pkgconfig
flags:
- -mod=readonly
ldflags:
- -s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=v{{.Version}}
- id: linux-amd64
env:
- CGO_ENABLED=1
goos:
- linux
goarch:
- amd64
main: ./cmd/headscale/headscale.go
mod_timestamp: '{{ .CommitTimestamp }}'
ldflags:
- -s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=v{{.Version}}
- id: linux-arm64
goos:
- linux
goarch:
- arm64
main: ./cmd/headscale/headscale.go
mod_timestamp: '{{ .CommitTimestamp }}'
ldflags:
- -s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=v{{.Version}}
tags:
- ts2019
archives:
- id: golang-cross
builds:
- darwin-amd64
- linux-armhf
- linux-amd64
- linux-arm64
name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
format: binary
source:
rlcp: true
enabled: true
name_template: "{{ .ProjectName }}_{{ .Version }}"
format: tar.gz
files:
- "vendor/"
nfpms:
# Configure nFPM for .deb and .rpm releases
#
# See https://nfpm.goreleaser.com/configuration/
# and https://goreleaser.com/customization/nfpm/
#
# Useful tools for debugging .debs:
# List file contents: dpkg -c dist/headscale...deb
# Package metadata: dpkg --info dist/headscale....deb
#
- builds:
- headscale
package_name: headscale
priority: optional
vendor: headscale
maintainer: Kristoffer Dalby <kristoffer@dalby.cc>
homepage: https://github.com/juanfont/headscale
license: BSD
bindir: /usr/bin
formats:
- deb
contents:
- src: ./config-example.yaml
dst: /etc/headscale/config.yaml
type: config|noreplace
file_info:
mode: 0644
- src: ./docs/packaging/headscale.systemd.service
dst: /etc/systemd/system/headscale.service
- dst: /var/lib/headscale
type: dir
- dst: /var/run/headscale
type: dir
scripts:
postinstall: ./docs/packaging/postinstall.sh
postremove: ./docs/packaging/postremove.sh
kos:
- id: ghcr
build: headscale
base_image: gcr.io/distroless/base-debian11
repository: ghcr.io/juanfont/headscale
platforms:
- linux/amd64
- linux/386
- linux/arm64
- linux/arm/v7
- linux/arm/v6
- linux/arm/v5
tags:
- latest
- '{{.Tag}}'
- id: dockerhub
build: headscale
base_image: gcr.io/distroless/base-debian11
repository: headscale/headscale
platforms:
- linux/amd64
- linux/386
- linux/arm64
- linux/arm/v7
- linux/arm/v6
- linux/arm/v5
tags:
- latest
- '{{.Tag}}'
checksum:
name_template: 'checksums.txt'
name_template: "checksums.txt"
snapshot:
name_template: "{{ .Tag }}-next"
changelog:
sort: asc
filters:
exclude:
- '^docs:'
- '^test:'
- "^docs:"
- "^test:"
+1
View File
@@ -0,0 +1 @@
.github/workflows/test-integration-v2*
+318
View File
@@ -0,0 +1,318 @@
# CHANGELOG
## 0.23.0 (2023-XX-XX)
### Changes
- Add environment flags to enable pprof (profiling) [#1382](https://github.com/juanfont/headscale/pull/1382)
- Profiles are continously generated in our integration tests.
## 0.22.1 (2023-04-20)
### Changes
- Fix issue where SystemD could not bind to port 80 [#1365](https://github.com/juanfont/headscale/pull/1365)
## 0.22.0 (2023-04-20)
### Changes
- Add `.deb` packages to release process [#1297](https://github.com/juanfont/headscale/pull/1297)
- Update and simplify the documentation to use new `.deb` packages [#1349](https://github.com/juanfont/headscale/pull/1349)
- Add 32-bit Arm platforms to release process [#1297](https://github.com/juanfont/headscale/pull/1297)
- Fix longstanding bug that would prevent "\*" from working properly in ACLs (issue [#699](https://github.com/juanfont/headscale/issues/699)) [#1279](https://github.com/juanfont/headscale/pull/1279)
- Fix issue where IPv6 could not be used in, or while using ACLs (part of [#809](https://github.com/juanfont/headscale/issues/809)) [#1339](https://github.com/juanfont/headscale/pull/1339)
- Target Go 1.20 and Tailscale 1.38 for Headscale [#1323](https://github.com/juanfont/headscale/pull/1323)
## 0.21.0 (2023-03-20)
### Changes
- Adding "configtest" CLI command. [#1230](https://github.com/juanfont/headscale/pull/1230)
- Add documentation on connecting with iOS to `/apple` [#1261](https://github.com/juanfont/headscale/pull/1261)
- Update iOS compatibility and added documentation for iOS [#1264](https://github.com/juanfont/headscale/pull/1264)
- Allow to delete routes [#1244](https://github.com/juanfont/headscale/pull/1244)
## 0.20.0 (2023-02-03)
### Changes
- Fix wrong behaviour in exit nodes [#1159](https://github.com/juanfont/headscale/pull/1159)
- Align behaviour of `dns_config.restricted_nameservers` to tailscale [#1162](https://github.com/juanfont/headscale/pull/1162)
- Make OpenID Connect authenticated client expiry time configurable [#1191](https://github.com/juanfont/headscale/pull/1191)
- defaults to 180 days like Tailscale SaaS
- adds option to use the expiry time from the OpenID token for the node (see config-example.yaml)
- Set ControlTime in Map info sent to nodes [#1195](https://github.com/juanfont/headscale/pull/1195)
- Populate Tags field on Node updates sent [#1195](https://github.com/juanfont/headscale/pull/1195)
## 0.19.0 (2023-01-29)
### BREAKING
- Rename Namespace to User [#1144](https://github.com/juanfont/headscale/pull/1144)
- **BACKUP your database before upgrading**
- Command line flags previously taking `--namespace` or `-n` will now require `--user` or `-u`
## 0.18.0 (2023-01-14)
### Changes
- Reworked routing and added support for subnet router failover [#1024](https://github.com/juanfont/headscale/pull/1024)
- Added an OIDC AllowGroups Configuration options and authorization check [#1041](https://github.com/juanfont/headscale/pull/1041)
- Set `db_ssl` to false by default [#1052](https://github.com/juanfont/headscale/pull/1052)
- Fix duplicate nodes due to incorrect implementation of the protocol [#1058](https://github.com/juanfont/headscale/pull/1058)
- Report if a machine is online in CLI more accurately [#1062](https://github.com/juanfont/headscale/pull/1062)
- Added config option for custom DNS records [#1035](https://github.com/juanfont/headscale/pull/1035)
- Expire nodes based on OIDC token expiry [#1067](https://github.com/juanfont/headscale/pull/1067)
- Remove ephemeral nodes on logout [#1098](https://github.com/juanfont/headscale/pull/1098)
- Performance improvements in ACLs [#1129](https://github.com/juanfont/headscale/pull/1129)
- OIDC client secret can be passed via a file [#1127](https://github.com/juanfont/headscale/pull/1127)
## 0.17.1 (2022-12-05)
### Changes
- Correct typo on macOS standalone profile link [#1028](https://github.com/juanfont/headscale/pull/1028)
- Update platform docs with Fast User Switching [#1016](https://github.com/juanfont/headscale/pull/1016)
## 0.17.0 (2022-11-26)
### BREAKING
- `noise.private_key_path` has been added and is required for the new noise protocol.
- Log level option `log_level` was moved to a distinct `log` config section and renamed to `level` [#768](https://github.com/juanfont/headscale/pull/768)
- Removed Alpine Linux container image [#962](https://github.com/juanfont/headscale/pull/962)
### Important Changes
- Added support for Tailscale TS2021 protocol [#738](https://github.com/juanfont/headscale/pull/738)
- Add experimental support for [SSH ACL](https://tailscale.com/kb/1018/acls/#tailscale-ssh) (see docs for limitations) [#847](https://github.com/juanfont/headscale/pull/847)
- Please note that this support should be considered _partially_ implemented
- SSH ACLs status:
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed**.
- If you decied to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
### Changes
- Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674](https://github.com/juanfont/headscale/issues/674)
- Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778)
- Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780)
- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788)
- Fix subnet routers with Primary Routes [#811](https://github.com/juanfont/headscale/pull/811)
- Added support for JSON logs [#653](https://github.com/juanfont/headscale/issues/653)
- Sanitise the node key passed to registration url [#823](https://github.com/juanfont/headscale/pull/823)
- Add support for generating pre-auth keys with tags [#767](https://github.com/juanfont/headscale/pull/767)
- Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763](https://github.com/juanfont/headscale/pull/763)
- Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)
- Fix prefix length comparison bug in AutoApprovers route evaluation [#862](https://github.com/juanfont/headscale/pull/862)
- Random node DNS suffix only applied if names collide in namespace. [#766](https://github.com/juanfont/headscale/issues/766)
- Remove `ip_prefix` configuration option and warning [#899](https://github.com/juanfont/headscale/pull/899)
- Add `dns_config.override_local_dns` option [#905](https://github.com/juanfont/headscale/pull/905)
- Fix some DNS config issues [#660](https://github.com/juanfont/headscale/issues/660)
- Make it possible to disable TS2019 with build flag [#928](https://github.com/juanfont/headscale/pull/928)
- Fix OIDC registration issues [#960](https://github.com/juanfont/headscale/pull/960) and [#971](https://github.com/juanfont/headscale/pull/971)
- Add support for specifying NextDNS DNS-over-HTTPS resolver [#940](https://github.com/juanfont/headscale/pull/940)
- Make more sslmode available for postgresql connection [#927](https://github.com/juanfont/headscale/pull/927)
## 0.16.4 (2022-08-21)
### Changes
- Add ability to connect to PostgreSQL over TLS/SSL [#745](https://github.com/juanfont/headscale/pull/745)
- Fix CLI registration of expired machines [#754](https://github.com/juanfont/headscale/pull/754)
## 0.16.3 (2022-08-17)
### Changes
- Fix issue with OIDC authentication [#747](https://github.com/juanfont/headscale/pull/747)
## 0.16.2 (2022-08-14)
### Changes
- Fixed bugs in the client registration process after migration to NodeKey [#735](https://github.com/juanfont/headscale/pull/735)
## 0.16.1 (2022-08-12)
### Changes
- Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722)
- Fix missing group expansion in function `excludeCorretlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563)
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725)
- Add ability to connect to PostgreSQL via unix socket [#734](https://github.com/juanfont/headscale/pull/734)
## 0.16.0 (2022-07-25)
**Note:** Take a backup of your database before upgrading.
### BREAKING
- Old ACL syntax is no longer supported ("users" & "ports" -> "src" & "dst"). Please check [the new syntax](https://tailscale.com/kb/1018/acls/).
### Changes
- **Drop** armhf (32-bit ARM) support. [#609](https://github.com/juanfont/headscale/pull/609)
- Headscale fails to serve if the ACL policy file cannot be parsed [#537](https://github.com/juanfont/headscale/pull/537)
- Fix labels cardinality error when registering unknown pre-auth key [#519](https://github.com/juanfont/headscale/pull/519)
- Fix send on closed channel crash in polling [#542](https://github.com/juanfont/headscale/pull/542)
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566](https://github.com/juanfont/headscale/pull/566)
- Add command for moving nodes between namespaces [#362](https://github.com/juanfont/headscale/issues/362)
- Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
- Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525)
- Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356)
- Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360)
- Fix issue where nodes was not updated across namespaces [#560](https://github.com/juanfont/headscale/pull/560)
- Add the ability to rename a nodes name [#560](https://github.com/juanfont/headscale/pull/560)
- Node DNS names are now unique, a random suffix will be added when a node joins
- This change contains database changes, remember to **backup** your database before upgrading
- Add option to enable/disable logtail (Tailscale's logging infrastructure) [#596](https://github.com/juanfont/headscale/pull/596)
- This change disables the logs by default
- Use [Prometheus]'s duration parser, supporting days (`d`), weeks (`w`) and years (`y`) [#598](https://github.com/juanfont/headscale/pull/598)
- Add support for reloading ACLs with SIGHUP [#601](https://github.com/juanfont/headscale/pull/601)
- Use new ACL syntax [#618](https://github.com/juanfont/headscale/pull/618)
- Add -c option to specify config file from command line [#285](https://github.com/juanfont/headscale/issues/285) [#612](https://github.com/juanfont/headscale/pull/601)
- Add configuration option to allow Tailscale clients to use a random WireGuard port. [kb/1181/firewalls](https://tailscale.com/kb/1181/firewalls) [#624](https://github.com/juanfont/headscale/pull/624)
- Improve obtuse UX regarding missing configuration (`ephemeral_node_inactivity_timeout` not set) [#639](https://github.com/juanfont/headscale/pull/639)
- Fix nodes being shown as 'offline' in `tailscale status` [#648](https://github.com/juanfont/headscale/pull/648)
- Improve shutdown behaviour [#651](https://github.com/juanfont/headscale/pull/651)
- Drop Gin as web framework in Headscale [648](https://github.com/juanfont/headscale/pull/648) [677](https://github.com/juanfont/headscale/pull/677)
- Make tailnet node updates check interval configurable [#675](https://github.com/juanfont/headscale/pull/675)
- Fix regression with HTTP API [#684](https://github.com/juanfont/headscale/pull/684)
- nodes ls now print both Hostname and Name(Issue [#647](https://github.com/juanfont/headscale/issues/647) PR [#687](https://github.com/juanfont/headscale/pull/687))
## 0.15.0 (2022-03-20)
**Note:** Take a backup of your database before upgrading.
### BREAKING
- Boundaries between Namespaces has been removed and all nodes can communicate by default [#357](https://github.com/juanfont/headscale/pull/357)
- To limit access between nodes, use [ACLs](./docs/acls.md).
- `/metrics` is now a configurable host:port endpoint: [#344](https://github.com/juanfont/headscale/pull/344). You must update your `config.yaml` file to include:
```yaml
metrics_listen_addr: 127.0.0.1:9090
```
### Features
- Add support for writing ACL files with YAML [#359](https://github.com/juanfont/headscale/pull/359)
- Users can now use emails in ACL's groups [#372](https://github.com/juanfont/headscale/issues/372)
- Add shorthand aliases for commands and subcommands [#376](https://github.com/juanfont/headscale/pull/376)
- Add `/windows` endpoint for Windows configuration instructions + registry file download [#392](https://github.com/juanfont/headscale/pull/392)
- Added embedded DERP (and STUN) server into Headscale [#388](https://github.com/juanfont/headscale/pull/388)
### Changes
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
- Nodes are now only written to database if they are registrated successfully
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371)
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations [#363](https://github.com/juanfont/headscale/issues/363)
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508)
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513](https://github.com/juanfont/headscale/pull/513)
## 0.14.0 (2022-02-24)
**UPCOMING ### BREAKING
From the **next\*\* version (`0.15.0`), all machines will be able to communicate regardless of
if they are in the same namespace. This means that the behaviour currently limited to ACLs
will become default. From version `0.15.0`, all limitation of communications must be done
with ACLs.
This is a part of aligning `headscale`'s behaviour with Tailscale's upstream behaviour.
### BREAKING
- ACLs have been rewritten to align with the bevaviour Tailscale Control Panel provides. **NOTE:** This is only active if you use ACLs
- Namespaces are now treated as Users
- All machines can communicate with all machines by default
- Tags should now work correctly and adding a host to Headscale should now reload the rules.
- The documentation have a [fictional example](docs/acls.md) that should cover some use cases of the ACLs features
### Features
- Add support for configurable mTLS [docs](docs/tls.md#configuring-mutual-tls-authentication-mtls) [#297](https://github.com/juanfont/headscale/pull/297)
### Changes
- Remove dependency on CGO (switch from CGO SQLite to pure Go) [#346](https://github.com/juanfont/headscale/pull/346)
**0.13.0 (2022-02-18):**
### Features
- Add IPv6 support to the prefix assigned to namespaces
- Add API Key support
- Enable remote control of `headscale` via CLI [docs](docs/remote-cli.md)
- Enable HTTP API (beta, subject to change)
- OpenID Connect users will be mapped per namespaces
- Each user will get its own namespace, created if it does not exist
- `oidc.domain_map` option has been removed
- `strip_email_domain` option has been added (see [config-example.yaml](./config-example.yaml))
### Changes
- `ip_prefix` is now superseded by `ip_prefixes` in the configuration [#208](https://github.com/juanfont/headscale/pull/208)
- Upgrade `tailscale` (1.20.4) and other dependencies to latest [#314](https://github.com/juanfont/headscale/pull/314)
- fix swapped machine<->namespace labels in `/metrics` [#312](https://github.com/juanfont/headscale/pull/312)
- remove key-value based update mechanism for namespace changes [#316](https://github.com/juanfont/headscale/pull/316)
**0.12.4 (2022-01-29):**
### Changes
- Make gRPC Unix Socket permissions configurable [#292](https://github.com/juanfont/headscale/pull/292)
- Trim whitespace before reading Private Key from file [#289](https://github.com/juanfont/headscale/pull/289)
- Add new command to generate a private key for `headscale` [#290](https://github.com/juanfont/headscale/pull/290)
- Fixed issue where hosts deleted from control server may be written back to the database, as long as they are connected to the control server [#278](https://github.com/juanfont/headscale/pull/278)
## 0.12.3 (2022-01-13)
### Changes
- Added Alpine container [#270](https://github.com/juanfont/headscale/pull/270)
- Minor updates in dependencies [#271](https://github.com/juanfont/headscale/pull/271)
## 0.12.2 (2022-01-11)
Happy New Year!
### Changes
- Fix Docker release [#258](https://github.com/juanfont/headscale/pull/258)
- Rewrite main docs [#262](https://github.com/juanfont/headscale/pull/262)
- Improve Docker docs [#263](https://github.com/juanfont/headscale/pull/263)
## 0.12.1 (2021-12-24)
(We are skipping 0.12.0 to correct a mishap done weeks ago with the version tagging)
### BREAKING
- Upgrade to Tailscale 1.18 [#229](https://github.com/juanfont/headscale/pull/229)
- This change requires a new format for private key, private keys are now generated automatically:
1. Delete your current key
2. Restart `headscale`, a new key will be generated.
3. Restart all Tailscale clients to fetch the new key
### Changes
- Unify configuration example [#197](https://github.com/juanfont/headscale/pull/197)
- Add stricter linting and formatting [#223](https://github.com/juanfont/headscale/pull/223)
### Features
- Add gRPC and HTTP API (HTTP API is currently disabled) [#204](https://github.com/juanfont/headscale/pull/204)
- Use gRPC between the CLI and the server [#206](https://github.com/juanfont/headscale/pull/206), [#212](https://github.com/juanfont/headscale/pull/212)
- Beta OpenID Connect support [#126](https://github.com/juanfont/headscale/pull/126), [#227](https://github.com/juanfont/headscale/pull/227)
## 0.11.0 (2021-10-25)
### BREAKING
- Make headscale fetch DERP map from URL and file [#196](https://github.com/juanfont/headscale/pull/196)
+134
View File
@@ -0,0 +1,134 @@
# Contributor Covenant Code of Conduct
## Our Pledge
We as members, contributors, and leaders pledge to make participation
in our community a harassment-free experience for everyone, regardless
of age, body size, visible or invisible disability, ethnicity, sex
characteristics, gender identity and expression, level of experience,
education, socio-economic status, nationality, personal appearance,
race, religion, or sexual identity and orientation.
We pledge to act and interact in ways that contribute to an open,
welcoming, diverse, inclusive, and healthy community.
## Our Standards
Examples of behavior that contributes to a positive environment for
our community include:
- Demonstrating empathy and kindness toward other people
- Being respectful of differing opinions, viewpoints, and experiences
- Giving and gracefully accepting constructive feedback
- Accepting responsibility and apologizing to those affected by our
mistakes, and learning from the experience
- Focusing on what is best not just for us as individuals, but for the
overall community
Examples of unacceptable behavior include:
- The use of sexualized language or imagery, and sexual attention or
advances of any kind
- Trolling, insulting or derogatory comments, and personal or
political attacks
- Public or private harassment
- Publishing others' private information, such as a physical or email
address, without their explicit permission
- Other conduct which could reasonably be considered inappropriate in
a professional setting
## Enforcement Responsibilities
Community leaders are responsible for clarifying and enforcing our
standards of acceptable behavior and will take appropriate and fair
corrective action in response to any behavior that they deem
inappropriate, threatening, offensive, or harmful.
Community leaders have the right and responsibility to remove, edit,
or reject comments, commits, code, wiki edits, issues, and other
contributions that are not aligned to this Code of Conduct, and will
communicate reasons for moderation decisions when appropriate.
## Scope
This Code of Conduct applies within all community spaces, and also
applies when an individual is officially representing the community in
public spaces. Examples of representing our community include using an
official e-mail address, posting via an official social media account,
or acting as an appointed representative at an online or offline
event.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior
may be reported to the community leaders responsible for enforcement
at our Discord channel. All complaints
will be reviewed and investigated promptly and fairly.
All community leaders are obligated to respect the privacy and
security of the reporter of any incident.
## Enforcement Guidelines
Community leaders will follow these Community Impact Guidelines in
determining the consequences for any action they deem in violation of
this Code of Conduct:
### 1. Correction
**Community Impact**: Use of inappropriate language or other behavior
deemed unprofessional or unwelcome in the community.
**Consequence**: A private, written warning from community leaders,
providing clarity around the nature of the violation and an
explanation of why the behavior was inappropriate. A public apology
may be requested.
### 2. Warning
**Community Impact**: A violation through a single incident or series
of actions.
**Consequence**: A warning with consequences for continued
behavior. No interaction with the people involved, including
unsolicited interaction with those enforcing the Code of Conduct, for
a specified period of time. This includes avoiding interactions in
community spaces as well as external channels like social
media. Violating these terms may lead to a temporary or permanent ban.
### 3. Temporary Ban
**Community Impact**: A serious violation of community standards,
including sustained inappropriate behavior.
**Consequence**: A temporary ban from any sort of interaction or
public communication with the community for a specified period of
time. No public or private interaction with the people involved,
including unsolicited interaction with those enforcing the Code of
Conduct, is allowed during this period. Violating these terms may lead
to a permanent ban.
### 4. Permanent Ban
**Community Impact**: Demonstrating a pattern of violation of
community standards, including sustained inappropriate behavior,
harassment of an individual, or aggression toward or disparagement of
classes of individuals.
**Consequence**: A permanent ban from any sort of public interaction
within the community.
## Attribution
This Code of Conduct is adapted from the [Contributor
Covenant][homepage], version 2.0, available at
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
Community Impact Guidelines were inspired by [Mozilla's code of
conduct enforcement ladder](https://github.com/mozilla/diversity).
[homepage]: https://www.contributor-covenant.org
For answers to common questions about this code of conduct, see the
FAQ at https://www.contributor-covenant.org/faq. Translations are
available at https://www.contributor-covenant.org/translations.
+13 -6
View File
@@ -1,18 +1,25 @@
FROM golang:1.17.1-bullseye AS build
# This Dockerfile and the images produced are for testing headscale,
# and are in no way endorsed by Headscale's maintainers as an
# official nor supported release or distribution.
FROM docker.io/golang:1.20-bullseye AS build
ARG VERSION=dev
ENV GOPATH /go
WORKDIR /go/src/headscale
COPY go.mod go.sum /go/src/headscale/
WORKDIR /go/src/headscale
RUN go mod download
COPY . /go/src/headscale
COPY . .
RUN go install -a -ldflags="-extldflags=-static" -tags netgo,sqlite_omit_load_extension ./cmd/headscale
RUN CGO_ENABLED=0 GOOS=linux go install -tags ts2019 -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale
RUN strip /go/bin/headscale
RUN test -e /go/bin/headscale
FROM ubuntu:20.04
# Production image
FROM gcr.io/distroless/base-debian11
COPY --from=build /go/bin/headscale /usr/local/bin/headscale
COPY --from=build /go/bin/headscale /bin/headscale
ENV TZ UTC
EXPOSE 8080/tcp
+27
View File
@@ -0,0 +1,27 @@
# This Dockerfile and the images produced are for testing headscale,
# and are in no way endorsed by Headscale's maintainers as an
# official nor supported release or distribution.
FROM docker.io/golang:1.20-bullseye AS build
ARG VERSION=dev
ENV GOPATH /go
WORKDIR /go/src/headscale
COPY go.mod go.sum /go/src/headscale/
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go install -tags ts2019 -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale
RUN test -e /go/bin/headscale
# Debug image
FROM docker.io/golang:1.20.0-bullseye
COPY --from=build /go/bin/headscale /bin/headscale
ENV TZ UTC
# Need to reset the entrypoint or everything will run as a busybox script
ENTRYPOINT []
EXPOSE 8080/tcp
CMD ["headscale"]
+17 -5
View File
@@ -1,11 +1,23 @@
# This Dockerfile and the images produced are for testing headscale,
# and are in no way endorsed by Headscale's maintainers as an
# official nor supported release or distribution.
FROM ubuntu:latest
ARG TAILSCALE_VERSION
ARG TAILSCALE_VERSION=*
ARG TAILSCALE_CHANNEL=stable
RUN apt-get update \
&& apt-get install -y gnupg curl \
&& curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.gpg | apt-key add - \
&& curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.list | tee /etc/apt/sources.list.d/tailscale.list \
&& apt-get install -y gnupg curl ssh \
&& curl -fsSL https://pkgs.tailscale.com/${TAILSCALE_CHANNEL}/ubuntu/focal.gpg | apt-key add - \
&& curl -fsSL https://pkgs.tailscale.com/${TAILSCALE_CHANNEL}/ubuntu/focal.list | tee /etc/apt/sources.list.d/tailscale.list \
&& apt-get update \
&& apt-get install -y tailscale=${TAILSCALE_VERSION} \
&& apt-get install -y ca-certificates tailscale=${TAILSCALE_VERSION} dnsutils \
&& rm -rf /var/lib/apt/lists/*
RUN adduser --shell=/bin/bash ssh-it-user
ADD integration_test/etc_embedded_derp/tls/server.crt /usr/local/share/ca-certificates/
RUN chmod 644 /usr/local/share/ca-certificates/server.crt
RUN update-ca-certificates
+28
View File
@@ -0,0 +1,28 @@
# This Dockerfile and the images produced are for testing headscale,
# and are in no way endorsed by Headscale's maintainers as an
# official nor supported release or distribution.
FROM golang:latest
RUN apt-get update \
&& apt-get install -y ca-certificates dnsutils git iptables ssh \
&& rm -rf /var/lib/apt/lists/*
RUN useradd --shell=/bin/bash --create-home ssh-it-user
RUN git clone https://github.com/tailscale/tailscale.git
WORKDIR /go/tailscale
RUN git checkout main
RUN sh build_dist.sh tailscale.com/cmd/tailscale
RUN sh build_dist.sh tailscale.com/cmd/tailscaled
RUN cp tailscale /usr/local/bin/
RUN cp tailscaled /usr/local/bin/
ADD integration_test/etc_embedded_derp/tls/server.crt /usr/local/share/ca-certificates/
RUN chmod 644 /usr/local/share/ca-certificates/server.crt
RUN update-ca-certificates
+51 -11
View File
@@ -1,27 +1,67 @@
# Calculate version
version = $(shell ./scripts/version-at-commit.sh)
version ?= $(shell git describe --always --tags --dirty)
rwildcard=$(foreach d,$(wildcard $1*),$(call rwildcard,$d/,$2) $(filter $(subst *,%,$2),$d))
# Determine if OS supports pie
GOOS ?= $(shell uname | tr '[:upper:]' '[:lower:]')
ifeq ($(filter $(GOOS), openbsd netbsd soloaris plan9), )
pieflags = -buildmode=pie
else
endif
TAGS = -tags ts2019
# GO_SOURCES = $(wildcard *.go)
# PROTO_SOURCES = $(wildcard **/*.proto)
GO_SOURCES = $(call rwildcard,,*.go)
PROTO_SOURCES = $(call rwildcard,,*.proto)
build:
go build -ldflags "-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$(version)" cmd/headscale/headscale.go
nix build
dev: lint test build
test:
@go test -coverprofile=coverage.out ./...
@go test $(TAGS) -short -coverprofile=coverage.out ./...
test_integration:
go test -tags integration -timeout 30m ./...
test_integration: test_integration_cli test_integration_derp test_integration_v2_general
coverprofile_func:
go tool cover -func=coverage.out
test_integration_cli:
docker network rm $$(docker network ls --filter name=headscale --quiet) || true
docker network create headscale-test || true
docker run -t --rm \
--network headscale-test \
-v ~/.cache/hs-integration-go:/go \
-v $$PWD:$$PWD -w $$PWD \
-v /var/run/docker.sock:/var/run/docker.sock golang:1 \
go run gotest.tools/gotestsum@latest -- $(TAGS) -failfast -timeout 30m -count=1 -run IntegrationCLI ./...
coverprofile_html:
go tool cover -html=coverage.out
test_integration_v2_general:
docker run \
-t --rm \
-v ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
-v $$PWD:$$PWD -w $$PWD/integration \
-v /var/run/docker.sock:/var/run/docker.sock \
golang:1 \
go run gotest.tools/gotestsum@latest -- $(TAGS) -failfast ./... -timeout 120m -parallel 8
lint:
golint
golangci-lint run --timeout 5m
golangci-lint run --fix --timeout 10m
fmt:
prettier --write '**/**.{ts,js,md,yaml,yml,sass,css,scss,html}'
golines --max-len=88 --base-formatter=gofumpt -w $(GO_SOURCES)
clang-format -style="{BasedOnStyle: Google, IndentWidth: 4, AlignConsecutiveDeclarations: true, AlignConsecutiveAssignments: true, ColumnLimit: 0}" -i $(PROTO_SOURCES)
proto-lint:
cd proto/ && go run github.com/bufbuild/buf/cmd/buf lint
compress: build
upx --brute headscale
generate:
rm -rf gen
buf generate proto
+1001 -246
View File
File diff suppressed because it is too large Load Diff
+700 -139
View File
@@ -2,29 +2,71 @@ package headscale
import (
"encoding/json"
"errors"
"fmt"
"io"
"net/netip"
"os"
"path/filepath"
"strconv"
"strings"
"time"
"github.com/rs/zerolog/log"
"github.com/samber/lo"
"github.com/tailscale/hujson"
"inet.af/netaddr"
"go4.org/netipx"
"gopkg.in/yaml.v3"
"tailscale.com/envknob"
"tailscale.com/tailcfg"
)
const errorEmptyPolicy = Error("empty policy")
const errorInvalidAction = Error("invalid action")
const errorInvalidUserSection = Error("invalid user section")
const errorInvalidGroup = Error("invalid group")
const errorInvalidTag = Error("invalid tag")
const errorInvalidNamespace = Error("invalid namespace")
const errorInvalidPortFormat = Error("invalid port format")
const (
errEmptyPolicy = Error("empty policy")
errInvalidAction = Error("invalid action")
errInvalidGroup = Error("invalid group")
errInvalidTag = Error("invalid tag")
errInvalidPortFormat = Error("invalid port format")
errWildcardIsNeeded = Error("wildcard as port is required for the protocol")
)
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules
const (
Base8 = 8
Base10 = 10
BitSize16 = 16
BitSize32 = 32
BitSize64 = 64
portRangeBegin = 0
portRangeEnd = 65535
expectedTokenItems = 2
)
// For some reason golang.org/x/net/internal/iana is an internal package.
const (
protocolICMP = 1 // Internet Control Message
protocolIGMP = 2 // Internet Group Management
protocolIPv4 = 4 // IPv4 encapsulation
protocolTCP = 6 // Transmission Control
protocolEGP = 8 // Exterior Gateway Protocol
protocolIGP = 9 // any private interior gateway (used by Cisco for their IGRP)
protocolUDP = 17 // User Datagram
protocolGRE = 47 // Generic Routing Encapsulation
protocolESP = 50 // Encap Security Payload
protocolAH = 51 // Authentication Header
protocolIPv6ICMP = 58 // ICMP for IPv6
protocolSCTP = 132 // Stream Control Transmission Protocol
ProtocolFC = 133 // Fibre Channel
)
var featureEnableSSH = envknob.RegisterBool("HEADSCALE_EXPERIMENTAL_FEATURE_SSH")
// LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules.
func (h *Headscale) LoadACLPolicy(path string) error {
log.Debug().
Str("func", "LoadACLPolicy").
Str("path", path).
Msg("Loading ACL policy from path")
policyFile, err := os.Open(path)
if err != nil {
return err
@@ -32,103 +74,396 @@ func (h *Headscale) LoadACLPolicy(path string) error {
defer policyFile.Close()
var policy ACLPolicy
b, err := io.ReadAll(policyFile)
policyBytes, err := io.ReadAll(policyFile)
if err != nil {
return err
}
err = hujson.Unmarshal(b, &policy)
if err != nil {
return err
switch filepath.Ext(path) {
case ".yml", ".yaml":
log.Debug().
Str("path", path).
Bytes("file", policyBytes).
Msg("Loading ACLs from YAML")
err := yaml.Unmarshal(policyBytes, &policy)
if err != nil {
return err
}
log.Trace().
Interface("policy", policy).
Msg("Loaded policy from YAML")
default:
ast, err := hujson.Parse(policyBytes)
if err != nil {
return err
}
ast.Standardize()
policyBytes = ast.Pack()
err = json.Unmarshal(policyBytes, &policy)
if err != nil {
return err
}
}
if policy.IsZero() {
return errorEmptyPolicy
return errEmptyPolicy
}
h.aclPolicy = &policy
rules, err := h.generateACLRules()
return h.UpdateACLRules()
}
func (h *Headscale) UpdateACLRules() error {
machines, err := h.ListMachines()
if err != nil {
return err
}
if h.aclPolicy == nil {
return errEmptyPolicy
}
rules, err := generateACLRules(machines, *h.aclPolicy, h.cfg.OIDC.StripEmaildomain)
if err != nil {
return err
}
log.Trace().Interface("ACL", rules).Msg("ACL rules generated")
h.aclRules = rules
// Precompute a map of which sources can reach each destination, this is
// to provide quicker lookup when we calculate the peerlist for the map
// response to nodes.
aclPeerCacheMap := generateACLPeerCacheMap(rules)
h.aclPeerCacheMapRW.Lock()
h.aclPeerCacheMap = aclPeerCacheMap
h.aclPeerCacheMapRW.Unlock()
if featureEnableSSH() {
sshRules, err := h.generateSSHRules()
if err != nil {
return err
}
log.Trace().Interface("SSH", sshRules).Msg("SSH rules generated")
if h.sshPolicy == nil {
h.sshPolicy = &tailcfg.SSHPolicy{}
}
h.sshPolicy.Rules = sshRules
} else if h.aclPolicy != nil && len(h.aclPolicy.SSHs) > 0 {
log.Info().Msg("SSH ACLs has been defined, but HEADSCALE_EXPERIMENTAL_FEATURE_SSH is not enabled, this is a unstable feature, check docs before activating")
}
return nil
}
func (h *Headscale) generateACLRules() (*[]tailcfg.FilterRule, error) {
// generateACLPeerCacheMap takes a list of Tailscale filter rules and generates a map
// of which Sources ("*" and IPs) can access destinations. This is to speed up the
// process of generating MapResponses when deciding which Peers to inform nodes about.
func generateACLPeerCacheMap(rules []tailcfg.FilterRule) map[string][]string {
aclCachePeerMap := make(map[string][]string)
for _, rule := range rules {
for _, srcIP := range rule.SrcIPs {
for _, ip := range expandACLPeerAddr(srcIP) {
if data, ok := aclCachePeerMap[ip]; ok {
for _, dstPort := range rule.DstPorts {
data = append(data, dstPort.IP)
}
aclCachePeerMap[ip] = data
} else {
dstPortsMap := make([]string, 0)
for _, dstPort := range rule.DstPorts {
dstPortsMap = append(dstPortsMap, dstPort.IP)
}
aclCachePeerMap[ip] = dstPortsMap
}
}
}
}
log.Trace().Interface("ACL Cache Map", aclCachePeerMap).Msg("ACL Peer Cache Map generated")
return aclCachePeerMap
}
// expandACLPeerAddr takes a "tailcfg.FilterRule" "IP" and expands it into
// something our cache logic can look up, which is "*" or single IP addresses.
// This is probably quite inefficient, but it is a result of
// "make it work, then make it fast", and a lot of the ACL stuff does not
// work, but people have tried to make it fast.
func expandACLPeerAddr(srcIP string) []string {
if ip, err := netip.ParseAddr(srcIP); err == nil {
return []string{ip.String()}
}
if cidr, err := netip.ParsePrefix(srcIP); err == nil {
addrs := []string{}
ipRange := netipx.RangeOfPrefix(cidr)
from := ipRange.From()
too := ipRange.To()
if from == too {
return []string{from.String()}
}
for from != too && from.Less(too) {
addrs = append(addrs, from.String())
from = from.Next()
}
addrs = append(addrs, too.String()) // Add the last IP address in the range
return addrs
}
// probably "*" or other string based "IP"
return []string{srcIP}
}
func generateACLRules(
machines []Machine,
aclPolicy ACLPolicy,
stripEmaildomain bool,
) ([]tailcfg.FilterRule, error) {
rules := []tailcfg.FilterRule{}
for i, a := range h.aclPolicy.ACLs {
if a.Action != "accept" {
return nil, errorInvalidAction
for index, acl := range aclPolicy.ACLs {
if acl.Action != "accept" {
return nil, errInvalidAction
}
r := tailcfg.FilterRule{}
srcIPs := []string{}
for j, u := range a.Users {
srcs, err := h.generateACLPolicySrcIP(u)
for innerIndex, src := range acl.Sources {
srcs, err := generateACLPolicySrc(machines, aclPolicy, src, stripEmaildomain)
if err != nil {
log.Error().
Msgf("Error parsing ACL %d, User %d", i, j)
Msgf("Error parsing ACL %d, Source %d", index, innerIndex)
return nil, err
}
srcIPs = append(srcIPs, *srcs...)
srcIPs = append(srcIPs, srcs...)
}
protocols, needsWildcard, err := parseProtocol(acl.Protocol)
if err != nil {
log.Error().
Msgf("Error parsing ACL %d. protocol unknown %s", index, acl.Protocol)
return nil, err
}
r.SrcIPs = srcIPs
destPorts := []tailcfg.NetPortRange{}
for j, d := range a.Ports {
dests, err := h.generateACLPolicyDestPorts(d)
for innerIndex, dest := range acl.Destinations {
dests, err := generateACLPolicyDest(
machines,
aclPolicy,
dest,
needsWildcard,
stripEmaildomain,
)
if err != nil {
log.Error().
Msgf("Error parsing ACL %d, Port %d", i, j)
Msgf("Error parsing ACL %d, Destination %d", index, innerIndex)
return nil, err
}
destPorts = append(destPorts, *dests...)
destPorts = append(destPorts, dests...)
}
rules = append(rules, tailcfg.FilterRule{
SrcIPs: srcIPs,
DstPorts: destPorts,
IPProto: protocols,
})
}
return &rules, nil
return rules, nil
}
func (h *Headscale) generateACLPolicySrcIP(u string) (*[]string, error) {
return h.expandAlias(u)
}
func (h *Headscale) generateSSHRules() ([]*tailcfg.SSHRule, error) {
rules := []*tailcfg.SSHRule{}
func (h *Headscale) generateACLPolicyDestPorts(d string) (*[]tailcfg.NetPortRange, error) {
tokens := strings.Split(d, ":")
if len(tokens) < 2 || len(tokens) > 3 {
return nil, errorInvalidPortFormat
if h.aclPolicy == nil {
return nil, errEmptyPolicy
}
machines, err := h.ListMachines()
if err != nil {
return nil, err
}
acceptAction := tailcfg.SSHAction{
Message: "",
Reject: false,
Accept: true,
SessionDuration: 0,
AllowAgentForwarding: false,
HoldAndDelegate: "",
AllowLocalPortForwarding: true,
}
rejectAction := tailcfg.SSHAction{
Message: "",
Reject: true,
Accept: false,
SessionDuration: 0,
AllowAgentForwarding: false,
HoldAndDelegate: "",
AllowLocalPortForwarding: false,
}
for index, sshACL := range h.aclPolicy.SSHs {
action := rejectAction
switch sshACL.Action {
case "accept":
action = acceptAction
case "check":
checkAction, err := sshCheckAction(sshACL.CheckPeriod)
if err != nil {
log.Error().
Msgf("Error parsing SSH %d, check action with unparsable duration '%s'", index, sshACL.CheckPeriod)
} else {
action = *checkAction
}
default:
log.Error().
Msgf("Error parsing SSH %d, unknown action '%s'", index, sshACL.Action)
return nil, err
}
principals := make([]*tailcfg.SSHPrincipal, 0, len(sshACL.Sources))
for innerIndex, rawSrc := range sshACL.Sources {
expandedSrcs, err := expandAlias(
machines,
*h.aclPolicy,
rawSrc,
h.cfg.OIDC.StripEmaildomain,
)
if err != nil {
log.Error().
Msgf("Error parsing SSH %d, Source %d", index, innerIndex)
return nil, err
}
for _, expandedSrc := range expandedSrcs {
principals = append(principals, &tailcfg.SSHPrincipal{
NodeIP: expandedSrc,
})
}
}
userMap := make(map[string]string, len(sshACL.Users))
for _, user := range sshACL.Users {
userMap[user] = "="
}
rules = append(rules, &tailcfg.SSHRule{
RuleExpires: nil,
Principals: principals,
SSHUsers: userMap,
Action: &action,
})
}
return rules, nil
}
func sshCheckAction(duration string) (*tailcfg.SSHAction, error) {
sessionLength, err := time.ParseDuration(duration)
if err != nil {
return nil, err
}
return &tailcfg.SSHAction{
Message: "",
Reject: false,
Accept: true,
SessionDuration: sessionLength,
AllowAgentForwarding: false,
HoldAndDelegate: "",
AllowLocalPortForwarding: true,
}, nil
}
func generateACLPolicySrc(
machines []Machine,
aclPolicy ACLPolicy,
src string,
stripEmaildomain bool,
) ([]string, error) {
return expandAlias(machines, aclPolicy, src, stripEmaildomain)
}
func generateACLPolicyDest(
machines []Machine,
aclPolicy ACLPolicy,
dest string,
needsWildcard bool,
stripEmaildomain bool,
) ([]tailcfg.NetPortRange, error) {
var tokens []string
log.Trace().Str("destination", dest).Msg("generating policy destination")
// Check if there is a IPv4/6:Port combination, IPv6 has more than
// three ":".
tokens = strings.Split(dest, ":")
if len(tokens) < expectedTokenItems || len(tokens) > 3 {
port := tokens[len(tokens)-1]
maybeIPv6Str := strings.TrimSuffix(dest, ":"+port)
log.Trace().Str("maybeIPv6Str", maybeIPv6Str).Msg("")
if maybeIPv6, err := netip.ParseAddr(maybeIPv6Str); err != nil && !maybeIPv6.Is6() {
log.Trace().Err(err).Msg("trying to parse as IPv6")
return nil, fmt.Errorf(
"failed to parse destination, tokens %v: %w",
tokens,
errInvalidPortFormat,
)
} else {
tokens = []string{maybeIPv6Str, port}
}
}
log.Trace().Strs("tokens", tokens).Msg("generating policy destination")
var alias string
// We can have here stuff like:
// git-server:*
// 192.168.1.0/24:22
// fd7a:115c:a1e0::2:22
// fd7a:115c:a1e0::2/128:22
// tag:montreal-webserver:80,443
// tag:api-server:443
// example-host-1:*
if len(tokens) == 2 {
if len(tokens) == expectedTokenItems {
alias = tokens[0]
} else {
alias = fmt.Sprintf("%s:%s", tokens[0], tokens[1])
}
expanded, err := h.expandAlias(alias)
expanded, err := expandAlias(
machines,
aclPolicy,
alias,
stripEmaildomain,
)
if err != nil {
return nil, err
}
ports, err := h.expandPorts(tokens[len(tokens)-1])
ports, err := expandPorts(tokens[len(tokens)-1], needsWildcard)
if err != nil {
return nil, err
}
dests := []tailcfg.NetPortRange{}
for _, d := range *expanded {
for _, d := range expanded {
for _, p := range *ports {
pr := tailcfg.NetPortRange{
IP: d,
@@ -137,120 +472,265 @@ func (h *Headscale) generateACLPolicyDestPorts(d string) (*[]tailcfg.NetPortRang
dests = append(dests, pr)
}
}
return &dests, nil
return dests, nil
}
func (h *Headscale) expandAlias(s string) (*[]string, error) {
if s == "*" {
return &[]string{"*"}, nil
}
// parseProtocol reads the proto field of the ACL and generates a list of
// protocols that will be allowed, following the IANA IP protocol number
// https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
//
// If the ACL proto field is empty, it allows ICMPv4, ICMPv6, TCP, and UDP,
// as per Tailscale behaviour (see tailcfg.FilterRule).
//
// Also returns a boolean indicating if the protocol
// requires all the destinations to use wildcard as port number (only TCP,
// UDP and SCTP support specifying ports).
func parseProtocol(protocol string) ([]int, bool, error) {
switch protocol {
case "":
return nil, false, nil
case "igmp":
return []int{protocolIGMP}, true, nil
case "ipv4", "ip-in-ip":
return []int{protocolIPv4}, true, nil
case "tcp":
return []int{protocolTCP}, false, nil
case "egp":
return []int{protocolEGP}, true, nil
case "igp":
return []int{protocolIGP}, true, nil
case "udp":
return []int{protocolUDP}, false, nil
case "gre":
return []int{protocolGRE}, true, nil
case "esp":
return []int{protocolESP}, true, nil
case "ah":
return []int{protocolAH}, true, nil
case "sctp":
return []int{protocolSCTP}, false, nil
case "icmp":
return []int{protocolICMP, protocolIPv6ICMP}, true, nil
if strings.HasPrefix(s, "group:") {
if _, ok := h.aclPolicy.Groups[s]; !ok {
return nil, errorInvalidGroup
}
ips := []string{}
for _, n := range h.aclPolicy.Groups[s] {
nodes, err := h.ListMachinesInNamespace(n)
if err != nil {
return nil, errorInvalidNamespace
}
for _, node := range *nodes {
ips = append(ips, node.IPAddress)
}
}
return &ips, nil
}
if strings.HasPrefix(s, "tag:") {
if _, ok := h.aclPolicy.TagOwners[s]; !ok {
return nil, errorInvalidTag
}
// This will have HORRIBLE performance.
// We need to change the data model to better store tags
machines := []Machine{}
if err := h.db.Where("registered").Find(&machines).Error; err != nil {
return nil, err
}
ips := []string{}
for _, m := range machines {
hostinfo := tailcfg.Hostinfo{}
if len(m.HostInfo) != 0 {
hi, err := m.HostInfo.MarshalJSON()
if err != nil {
return nil, err
}
err = json.Unmarshal(hi, &hostinfo)
if err != nil {
return nil, err
}
// FIXME: Check TagOwners allows this
for _, t := range hostinfo.RequestTags {
if s[4:] == t {
ips = append(ips, m.IPAddress)
break
}
}
}
}
return &ips, nil
}
n, err := h.GetNamespace(s)
if err == nil {
nodes, err := h.ListMachinesInNamespace(n.Name)
default:
protocolNumber, err := strconv.Atoi(protocol)
if err != nil {
return nil, err
return nil, false, err
}
ips := []string{}
for _, n := range *nodes {
ips = append(ips, n.IPAddress)
}
return &ips, nil
}
needsWildcard := protocolNumber != protocolTCP &&
protocolNumber != protocolUDP &&
protocolNumber != protocolSCTP
if h, ok := h.aclPolicy.Hosts[s]; ok {
return &[]string{h.String()}, nil
return []int{protocolNumber}, needsWildcard, nil
}
ip, err := netaddr.ParseIP(s)
if err == nil {
return &[]string{ip.String()}, nil
}
cidr, err := netaddr.ParseIPPrefix(s)
if err == nil {
return &[]string{cidr.String()}, nil
}
return nil, errorInvalidUserSection
}
func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) {
if s == "*" {
return &[]tailcfg.PortRange{{First: 0, Last: 65535}}, nil
// expandalias has an input of either
// - a user
// - a group
// - a tag
// - a host
// - an ip
// - a cidr
// and transform these in IPAddresses.
func expandAlias(
machines Machines,
aclPolicy ACLPolicy,
alias string,
stripEmailDomain bool,
) ([]string, error) {
ips := []string{}
if alias == "*" {
return []string{"*"}, nil
}
log.Debug().
Str("alias", alias).
Msg("Expanding")
if strings.HasPrefix(alias, "group:") {
users, err := expandGroup(aclPolicy, alias, stripEmailDomain)
if err != nil {
return ips, err
}
for _, n := range users {
nodes := filterMachinesByUser(machines, n)
for _, node := range nodes {
ips = append(ips, node.IPAddresses.ToStringSlice()...)
}
}
return ips, nil
}
if strings.HasPrefix(alias, "tag:") {
// check for forced tags
for _, machine := range machines {
if contains(machine.ForcedTags, alias) {
ips = append(ips, machine.IPAddresses.ToStringSlice()...)
}
}
// find tag owners
owners, err := expandTagOwners(aclPolicy, alias, stripEmailDomain)
if err != nil {
if errors.Is(err, errInvalidTag) {
if len(ips) == 0 {
return ips, fmt.Errorf(
"%w. %v isn't owned by a TagOwner and no forced tags are defined",
errInvalidTag,
alias,
)
}
return ips, nil
} else {
return ips, err
}
}
// filter out machines per tag owner
for _, user := range owners {
machines := filterMachinesByUser(machines, user)
for _, machine := range machines {
hi := machine.GetHostInfo()
if contains(hi.RequestTags, alias) {
ips = append(ips, machine.IPAddresses.ToStringSlice()...)
}
}
}
return ips, nil
}
// if alias is a user
nodes := filterMachinesByUser(machines, alias)
nodes = excludeCorrectlyTaggedNodes(aclPolicy, nodes, alias, stripEmailDomain)
for _, n := range nodes {
ips = append(ips, n.IPAddresses.ToStringSlice()...)
}
if len(ips) > 0 {
return ips, nil
}
// if alias is an host
if h, ok := aclPolicy.Hosts[alias]; ok {
log.Trace().Str("host", h.String()).Msg("expandAlias got hosts entry")
return expandAlias(machines, aclPolicy, h.String(), stripEmailDomain)
}
// if alias is an IP
if ip, err := netip.ParseAddr(alias); err == nil {
log.Trace().Str("ip", ip.String()).Msg("expandAlias got ip")
ips := []string{ip.String()}
matches := machines.FilterByIP(ip)
for _, machine := range matches {
ips = append(ips, machine.IPAddresses.ToStringSlice()...)
}
return lo.Uniq(ips), nil
}
if cidr, err := netip.ParsePrefix(alias); err == nil {
log.Trace().Str("cidr", cidr.String()).Msg("expandAlias got cidr")
val := []string{cidr.String()}
// This is suboptimal and quite expensive, but if we only add the cidr, we will miss all the relevant IPv6
// addresses for the hosts that belong to tailscale. This doesnt really affect stuff like subnet routers.
for _, machine := range machines {
for _, ip := range machine.IPAddresses {
// log.Trace().
// Msgf("checking if machine ip (%s) is part of cidr (%s): %v, is single ip cidr (%v), addr: %s", ip.String(), cidr.String(), cidr.Contains(ip), cidr.IsSingleIP(), cidr.Addr().String())
if cidr.Contains(ip) {
val = append(val, machine.IPAddresses.ToStringSlice()...)
}
}
}
return lo.Uniq(val), nil
}
log.Warn().Msgf("No IPs found with the alias %v", alias)
return ips, nil
}
// excludeCorrectlyTaggedNodes will remove from the list of input nodes the ones
// that are correctly tagged since they should not be listed as being in the user
// we assume in this function that we only have nodes from 1 user.
func excludeCorrectlyTaggedNodes(
aclPolicy ACLPolicy,
nodes []Machine,
user string,
stripEmailDomain bool,
) []Machine {
out := []Machine{}
tags := []string{}
for tag := range aclPolicy.TagOwners {
owners, _ := expandTagOwners(aclPolicy, user, stripEmailDomain)
ns := append(owners, user)
if contains(ns, user) {
tags = append(tags, tag)
}
}
// for each machine if tag is in tags list, don't append it.
for _, machine := range nodes {
hi := machine.GetHostInfo()
found := false
for _, t := range hi.RequestTags {
if contains(tags, t) {
found = true
break
}
}
if len(machine.ForcedTags) > 0 {
found = true
}
if !found {
out = append(out, machine)
}
}
return out
}
func expandPorts(portsStr string, needsWildcard bool) (*[]tailcfg.PortRange, error) {
if portsStr == "*" {
return &[]tailcfg.PortRange{
{First: portRangeBegin, Last: portRangeEnd},
}, nil
}
if needsWildcard {
return nil, errWildcardIsNeeded
}
ports := []tailcfg.PortRange{}
for _, p := range strings.Split(s, ",") {
rang := strings.Split(p, "-")
if len(rang) == 1 {
pi, err := strconv.ParseUint(rang[0], 10, 16)
for _, portStr := range strings.Split(portsStr, ",") {
log.Trace().Msgf("parsing portstring: %s", portStr)
rang := strings.Split(portStr, "-")
switch len(rang) {
case 1:
port, err := strconv.ParseUint(rang[0], Base10, BitSize16)
if err != nil {
return nil, err
}
ports = append(ports, tailcfg.PortRange{
First: uint16(pi),
Last: uint16(pi),
First: uint16(port),
Last: uint16(port),
})
} else if len(rang) == 2 {
start, err := strconv.ParseUint(rang[0], 10, 16)
case expectedTokenItems:
start, err := strconv.ParseUint(rang[0], Base10, BitSize16)
if err != nil {
return nil, err
}
last, err := strconv.ParseUint(rang[1], 10, 16)
last, err := strconv.ParseUint(rang[1], Base10, BitSize16)
if err != nil {
return nil, err
}
@@ -258,9 +738,90 @@ func (h *Headscale) expandPorts(s string) (*[]tailcfg.PortRange, error) {
First: uint16(start),
Last: uint16(last),
})
} else {
return nil, errorInvalidPortFormat
default:
return nil, errInvalidPortFormat
}
}
return &ports, nil
}
func filterMachinesByUser(machines []Machine, user string) []Machine {
out := []Machine{}
for _, machine := range machines {
if machine.User.Name == user {
out = append(out, machine)
}
}
return out
}
// expandTagOwners will return a list of user. An owner can be either a user or a group
// a group cannot be composed of groups.
func expandTagOwners(
aclPolicy ACLPolicy,
tag string,
stripEmailDomain bool,
) ([]string, error) {
var owners []string
ows, ok := aclPolicy.TagOwners[tag]
if !ok {
return []string{}, fmt.Errorf(
"%w. %v isn't owned by a TagOwner. Please add one first. https://tailscale.com/kb/1018/acls/#tag-owners",
errInvalidTag,
tag,
)
}
for _, owner := range ows {
if strings.HasPrefix(owner, "group:") {
gs, err := expandGroup(aclPolicy, owner, stripEmailDomain)
if err != nil {
return []string{}, err
}
owners = append(owners, gs...)
} else {
owners = append(owners, owner)
}
}
return owners, nil
}
// expandGroup will return the list of user inside the group
// after some validation.
func expandGroup(
aclPolicy ACLPolicy,
group string,
stripEmailDomain bool,
) ([]string, error) {
outGroups := []string{}
aclGroups, ok := aclPolicy.Groups[group]
if !ok {
return []string{}, fmt.Errorf(
"group %v isn't registered. %w",
group,
errInvalidGroup,
)
}
for _, group := range aclGroups {
if strings.HasPrefix(group, "group:") {
return []string{}, fmt.Errorf(
"%w. A group cannot be composed of groups. https://tailscale.com/kb/1018/acls/#groups",
errInvalidGroup,
)
}
grp, err := NormalizeToFQDNRules(group, stripEmailDomain)
if err != nil {
return []string{}, fmt.Errorf(
"failed to normalize group %q, err: %w",
group,
errInvalidGroup,
)
}
outGroups = append(outGroups, grp)
}
return outGroups, nil
}
+1670 -81
View File
File diff suppressed because it is too large Load Diff
+108 -33
View File
@@ -1,70 +1,145 @@
package headscale
import (
"encoding/json"
"net/netip"
"strings"
"github.com/tailscale/hujson"
"inet.af/netaddr"
"gopkg.in/yaml.v3"
)
// ACLPolicy represents a Tailscale ACL Policy
// ACLPolicy represents a Tailscale ACL Policy.
type ACLPolicy struct {
Groups Groups `json:"Groups"`
Hosts Hosts `json:"Hosts"`
TagOwners TagOwners `json:"TagOwners"`
ACLs []ACL `json:"ACLs"`
Tests []ACLTest `json:"Tests"`
Groups Groups `json:"groups" yaml:"groups"`
Hosts Hosts `json:"hosts" yaml:"hosts"`
TagOwners TagOwners `json:"tagOwners" yaml:"tagOwners"`
ACLs []ACL `json:"acls" yaml:"acls"`
Tests []ACLTest `json:"tests" yaml:"tests"`
AutoApprovers AutoApprovers `json:"autoApprovers" yaml:"autoApprovers"`
SSHs []SSH `json:"ssh" yaml:"ssh"`
}
// ACL is a basic rule for the ACL Policy
// ACL is a basic rule for the ACL Policy.
type ACL struct {
Action string `json:"Action"`
Users []string `json:"Users"`
Ports []string `json:"Ports"`
Action string `json:"action" yaml:"action"`
Protocol string `json:"proto" yaml:"proto"`
Sources []string `json:"src" yaml:"src"`
Destinations []string `json:"dst" yaml:"dst"`
}
// Groups references a series of alias in the ACL rules
// Groups references a series of alias in the ACL rules.
type Groups map[string][]string
// Hosts are alias for IP addresses or subnets
type Hosts map[string]netaddr.IPPrefix
// Hosts are alias for IP addresses or subnets.
type Hosts map[string]netip.Prefix
// TagOwners specify what users (namespaces?) are allow to use certain tags
// TagOwners specify what users (users?) are allow to use certain tags.
type TagOwners map[string][]string
// ACLTest is not implemented, but should be use to check if a certain rule is allowed
// ACLTest is not implemented, but should be use to check if a certain rule is allowed.
type ACLTest struct {
User string `json:"User"`
Allow []string `json:"Allow"`
Deny []string `json:"Deny,omitempty"`
Source string `json:"src" yaml:"src"`
Accept []string `json:"accept" yaml:"accept"`
Deny []string `json:"deny,omitempty" yaml:"deny,omitempty"`
}
// UnmarshalJSON allows to parse the Hosts directly into netaddr objects
func (h *Hosts) UnmarshalJSON(data []byte) error {
hosts := Hosts{}
hs := make(map[string]string)
err := hujson.Unmarshal(data, &hs)
// AutoApprovers specify which users (users?), groups or tags have their advertised routes
// or exit node status automatically enabled.
type AutoApprovers struct {
Routes map[string][]string `json:"routes" yaml:"routes"`
ExitNode []string `json:"exitNode" yaml:"exitNode"`
}
// SSH controls who can ssh into which machines.
type SSH struct {
Action string `json:"action" yaml:"action"`
Sources []string `json:"src" yaml:"src"`
Destinations []string `json:"dst" yaml:"dst"`
Users []string `json:"users" yaml:"users"`
CheckPeriod string `json:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty"`
}
// UnmarshalJSON allows to parse the Hosts directly into netip objects.
func (hosts *Hosts) UnmarshalJSON(data []byte) error {
newHosts := Hosts{}
hostIPPrefixMap := make(map[string]string)
ast, err := hujson.Parse(data)
if err != nil {
return err
}
for k, v := range hs {
if !strings.Contains(v, "/") {
v = v + "/32"
ast.Standardize()
data = ast.Pack()
err = json.Unmarshal(data, &hostIPPrefixMap)
if err != nil {
return err
}
for host, prefixStr := range hostIPPrefixMap {
if !strings.Contains(prefixStr, "/") {
prefixStr += "/32"
}
prefix, err := netaddr.ParseIPPrefix(v)
prefix, err := netip.ParsePrefix(prefixStr)
if err != nil {
return err
}
hosts[k] = prefix
newHosts[host] = prefix
}
*h = hosts
*hosts = newHosts
return nil
}
// IsZero is perhaps a bit naive here
func (p ACLPolicy) IsZero() bool {
if len(p.Groups) == 0 && len(p.Hosts) == 0 && len(p.ACLs) == 0 {
// UnmarshalYAML allows to parse the Hosts directly into netip objects.
func (hosts *Hosts) UnmarshalYAML(data []byte) error {
newHosts := Hosts{}
hostIPPrefixMap := make(map[string]string)
err := yaml.Unmarshal(data, &hostIPPrefixMap)
if err != nil {
return err
}
for host, prefixStr := range hostIPPrefixMap {
prefix, err := netip.ParsePrefix(prefixStr)
if err != nil {
return err
}
newHosts[host] = prefix
}
*hosts = newHosts
return nil
}
// IsZero is perhaps a bit naive here.
func (policy ACLPolicy) IsZero() bool {
if len(policy.Groups) == 0 && len(policy.Hosts) == 0 && len(policy.ACLs) == 0 {
return true
}
return false
}
// Returns the list of autoApproving users, groups or tags for a given IPPrefix.
func (autoApprovers *AutoApprovers) GetRouteApprovers(
prefix netip.Prefix,
) ([]string, error) {
if prefix.Bits() == 0 {
return autoApprovers.ExitNode, nil // 0.0.0.0/0, ::/0 or equivalent
}
approverAliases := []string{}
for autoApprovedPrefix, autoApproverAliases := range autoApprovers.Routes {
autoApprovedPrefix, err := netip.ParsePrefix(autoApprovedPrefix)
if err != nil {
return nil, err
}
if prefix.Bits() >= autoApprovedPrefix.Bits() &&
autoApprovedPrefix.Contains(prefix.Masked().Addr()) {
approverAliases = append(approverAliases, autoApproverAliases...)
}
}
return approverAliases, nil
}
+126 -379
View File
@@ -1,421 +1,168 @@
package headscale
import (
"encoding/binary"
"bytes"
"encoding/json"
"errors"
"fmt"
"io"
"html/template"
"net/http"
"time"
"github.com/gorilla/mux"
"github.com/rs/zerolog/log"
"github.com/gin-gonic/gin"
"github.com/klauspost/compress/zstd"
"gorm.io/gorm"
"tailscale.com/tailcfg"
"tailscale.com/types/wgkey"
"tailscale.com/types/key"
)
// KeyHandler provides the Headscale pub key
// Listens in /key
func (h *Headscale) KeyHandler(c *gin.Context) {
c.Data(200, "text/plain; charset=utf-8", []byte(h.publicKey.HexString()))
const (
// TODO(juan): remove this once https://github.com/juanfont/headscale/issues/727 is fixed.
registrationHoldoff = time.Second * 5
reservedResponseHeaderSize = 4
RegisterMethodAuthKey = "authkey"
RegisterMethodOIDC = "oidc"
RegisterMethodCLI = "cli"
ErrRegisterMethodCLIDoesNotSupportExpire = Error(
"machines registered with CLI does not support expire",
)
)
func (h *Headscale) HealthHandler(
writer http.ResponseWriter,
req *http.Request,
) {
respond := func(err error) {
writer.Header().Set("Content-Type", "application/health+json; charset=utf-8")
res := struct {
Status string `json:"status"`
}{
Status: "pass",
}
if err != nil {
writer.WriteHeader(http.StatusInternalServerError)
log.Error().Caller().Err(err).Msg("health check failed")
res.Status = "fail"
}
buf, err := json.Marshal(res)
if err != nil {
log.Error().Caller().Err(err).Msg("marshal failed")
}
_, err = writer.Write(buf)
if err != nil {
log.Error().Caller().Err(err).Msg("write failed")
}
}
if err := h.pingDB(req.Context()); err != nil {
respond(err)
return
}
respond(nil)
}
type registerWebAPITemplateConfig struct {
Key string
}
var registerWebAPITemplate = template.Must(
template.New("registerweb").Parse(`
<html>
<head>
<title>Registration - Headscale</title>
</head>
<body>
<h1>headscale</h1>
<h2>Machine registration</h2>
<p>
Run the command below in the headscale server to add this machine to your network:
</p>
<pre><code>headscale nodes register --user USERNAME --key {{.Key}}</code></pre>
</body>
</html>
`))
// RegisterWebAPI shows a simple message in the browser to point to the CLI
// Listens in /register
func (h *Headscale) RegisterWebAPI(c *gin.Context) {
mKeyStr := c.Query("key")
if mKeyStr == "" {
c.String(http.StatusBadRequest, "Wrong params")
return
}
// Listens in /register/:nkey.
//
// This is not part of the Tailscale control API, as we could send whatever URL
// in the RegisterResponse.AuthURL field.
func (h *Headscale) RegisterWebAPI(
writer http.ResponseWriter,
req *http.Request,
) {
vars := mux.Vars(req)
nodeKeyStr, ok := vars["nkey"]
c.Data(http.StatusOK, "text/html; charset=utf-8", []byte(fmt.Sprintf(`
<html>
<body>
<h1>headscale</h1>
<p>
Run the command below in the headscale server to add this machine to your network:
</p>
if !NodePublicKeyRegex.Match([]byte(nodeKeyStr)) {
log.Warn().Str("node_key", nodeKeyStr).Msg("Invalid node key passed to registration url")
<p>
<code>
<b>headscale -n NAMESPACE nodes register %s</b>
</code>
</p>
</body>
</html>
`, mKeyStr)))
}
// RegistrationHandler handles the actual registration process of a machine
// Endpoint /machine/:id
func (h *Headscale) RegistrationHandler(c *gin.Context) {
body, _ := io.ReadAll(c.Request.Body)
mKeyStr := c.Param("id")
mKey, err := wgkey.ParseHex(mKeyStr)
if err != nil {
log.Error().
Str("handler", "Registration").
Err(err).
Msg("Cannot parse machine key")
machineRegistrations.WithLabelValues("unkown", "web", "error", "unknown").Inc()
c.String(http.StatusInternalServerError, "Sad!")
return
}
req := tailcfg.RegisterRequest{}
err = decode(body, &req, &mKey, h.privateKey)
if err != nil {
log.Error().
Str("handler", "Registration").
Err(err).
Msg("Cannot decode message")
machineRegistrations.WithLabelValues("unkown", "web", "error", "unknown").Inc()
c.String(http.StatusInternalServerError, "Very sad!")
return
}
now := time.Now().UTC()
var m Machine
if result := h.db.Preload("Namespace").First(&m, "machine_key = ?", mKey.HexString()); errors.Is(result.Error, gorm.ErrRecordNotFound) {
log.Info().Str("machine", req.Hostinfo.Hostname).Msg("New machine")
m = Machine{
Expiry: &req.Expiry,
MachineKey: mKey.HexString(),
Name: req.Hostinfo.Hostname,
NodeKey: wgkey.Key(req.NodeKey).HexString(),
LastSuccessfulUpdate: &now,
}
if err := h.db.Create(&m).Error; err != nil {
log.Error().
Str("handler", "Registration").
Err(err).
Msg("Could not create row")
machineRegistrations.WithLabelValues("unkown", "web", "error", m.Namespace.Name).Inc()
return
}
}
if !m.Registered && req.Auth.AuthKey != "" {
h.handleAuthKey(c, h.db, mKey, req, m)
return
}
resp := tailcfg.RegisterResponse{}
// We have the updated key!
if m.NodeKey == wgkey.Key(req.NodeKey).HexString() {
if m.Registered {
log.Debug().
Str("handler", "Registration").
Str("machine", m.Name).
Msg("Client is registered and we have the current NodeKey. All clear to /map")
resp.AuthURL = ""
resp.MachineAuthorized = true
resp.User = *m.Namespace.toUser()
respBody, err := encode(resp, &mKey, h.privateKey)
if err != nil {
log.Error().
Str("handler", "Registration").
Err(err).
Msg("Cannot encode message")
machineRegistrations.WithLabelValues("update", "web", "error", m.Namespace.Name).Inc()
c.String(http.StatusInternalServerError, "")
return
}
machineRegistrations.WithLabelValues("update", "web", "success", m.Namespace.Name).Inc()
c.Data(200, "application/json; charset=utf-8", respBody)
return
}
log.Debug().
Str("handler", "Registration").
Str("machine", m.Name).
Msg("Not registered and not NodeKey rotation. Sending a authurl to register")
resp.AuthURL = fmt.Sprintf("%s/register?key=%s",
h.cfg.ServerURL, mKey.HexString())
respBody, err := encode(resp, &mKey, h.privateKey)
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
writer.WriteHeader(http.StatusUnauthorized)
_, err := writer.Write([]byte("Unauthorized"))
if err != nil {
log.Error().
Str("handler", "Registration").
Caller().
Err(err).
Msg("Cannot encode message")
machineRegistrations.WithLabelValues("new", "web", "error", m.Namespace.Name).Inc()
c.String(http.StatusInternalServerError, "")
return
Msg("Failed to write response")
}
machineRegistrations.WithLabelValues("new", "web", "success", m.Namespace.Name).Inc()
c.Data(200, "application/json; charset=utf-8", respBody)
return
}
// The NodeKey we have matches OldNodeKey, which means this is a refresh after an key expiration
if m.NodeKey == wgkey.Key(req.OldNodeKey).HexString() {
log.Debug().
Str("handler", "Registration").
Str("machine", m.Name).
Msg("We have the OldNodeKey in the database. This is a key refresh")
m.NodeKey = wgkey.Key(req.NodeKey).HexString()
h.db.Save(&m)
// We need to make sure we dont open for XSS style injections, if the parameter that
// is passed as a key is not parsable/validated as a NodePublic key, then fail to render
// the template and log an error.
var nodeKey key.NodePublic
err := nodeKey.UnmarshalText(
[]byte(NodePublicKeyEnsurePrefix(nodeKeyStr)),
)
resp.AuthURL = ""
resp.User = *m.Namespace.toUser()
respBody, err := encode(resp, &mKey, h.privateKey)
if !ok || nodeKeyStr == "" || err != nil {
log.Warn().Err(err).Msg("Failed to parse incoming nodekey")
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
writer.WriteHeader(http.StatusBadRequest)
_, err := writer.Write([]byte("Wrong params"))
if err != nil {
log.Error().
Str("handler", "Registration").
Caller().
Err(err).
Msg("Cannot encode message")
c.String(http.StatusInternalServerError, "Extremely sad!")
return
Msg("Failed to write response")
}
c.Data(200, "application/json; charset=utf-8", respBody)
return
}
// We arrive here after a client is restarted without finalizing the authentication flow or
// when headscale is stopped in the middle of the auth process.
if m.Registered {
log.Debug().
Str("handler", "Registration").
Str("machine", m.Name).
Msg("The node is sending us a new NodeKey, but machine is registered. All clear for /map")
resp.AuthURL = ""
resp.MachineAuthorized = true
resp.User = *m.Namespace.toUser()
respBody, err := encode(resp, &mKey, h.privateKey)
var content bytes.Buffer
if err := registerWebAPITemplate.Execute(&content, registerWebAPITemplateConfig{
Key: nodeKeyStr,
}); err != nil {
log.Error().
Str("func", "RegisterWebAPI").
Err(err).
Msg("Could not render register web API template")
writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
writer.WriteHeader(http.StatusInternalServerError)
_, err = writer.Write([]byte("Could not render register web API template"))
if err != nil {
log.Error().
Str("handler", "Registration").
Caller().
Err(err).
Msg("Cannot encode message")
c.String(http.StatusInternalServerError, "")
return
Msg("Failed to write response")
}
c.Data(200, "application/json; charset=utf-8", respBody)
return
}
log.Debug().
Str("handler", "Registration").
Str("machine", m.Name).
Msg("The node is sending us a new NodeKey, sending auth url")
resp.AuthURL = fmt.Sprintf("%s/register?key=%s",
h.cfg.ServerURL, mKey.HexString())
respBody, err := encode(resp, &mKey, h.privateKey)
writer.Header().Set("Content-Type", "text/html; charset=utf-8")
writer.WriteHeader(http.StatusOK)
_, err = writer.Write(content.Bytes())
if err != nil {
log.Error().
Str("handler", "Registration").
Caller().
Err(err).
Msg("Cannot encode message")
c.String(http.StatusInternalServerError, "")
return
Msg("Failed to write response")
}
c.Data(200, "application/json; charset=utf-8", respBody)
}
func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m *Machine) ([]byte, error) {
log.Trace().
Str("func", "getMapResponse").
Str("machine", req.Hostinfo.Hostname).
Msg("Creating Map response")
node, err := m.toNode(h.cfg.BaseDomain, h.cfg.DNSConfig, true)
if err != nil {
log.Error().
Str("func", "getMapResponse").
Err(err).
Msg("Cannot convert to node")
return nil, err
}
peers, err := h.getPeers(m)
if err != nil {
log.Error().
Str("func", "getMapResponse").
Err(err).
Msg("Cannot fetch peers")
return nil, err
}
profile := tailcfg.UserProfile{
ID: tailcfg.UserID(m.NamespaceID),
LoginName: m.Namespace.Name,
DisplayName: m.Namespace.Name,
}
nodePeers, err := peers.toNodes(h.cfg.BaseDomain, h.cfg.DNSConfig, true)
if err != nil {
log.Error().
Str("func", "getMapResponse").
Err(err).
Msg("Failed to convert peers to Tailscale nodes")
return nil, err
}
var dnsConfig *tailcfg.DNSConfig
if h.cfg.DNSConfig != nil && h.cfg.DNSConfig.Proxied { // if MagicDNS is enabled
// Only inject the Search Domain of the current namespace - shared nodes should use their full FQDN
dnsConfig = h.cfg.DNSConfig.Clone()
dnsConfig.Domains = append(dnsConfig.Domains, fmt.Sprintf("%s.%s", m.Namespace.Name, h.cfg.BaseDomain))
} else {
dnsConfig = h.cfg.DNSConfig
}
resp := tailcfg.MapResponse{
KeepAlive: false,
Node: node,
Peers: nodePeers,
DNSConfig: dnsConfig,
Domain: h.cfg.BaseDomain,
PacketFilter: *h.aclRules,
DERPMap: h.cfg.DerpMap,
// TODO(juanfont): We should send the profiles of all the peers (this own namespace + those from the shared peers)
UserProfiles: []tailcfg.UserProfile{profile},
}
log.Trace().
Str("func", "getMapResponse").
Str("machine", req.Hostinfo.Hostname).
// Interface("payload", resp).
Msgf("Generated map response: %s", tailMapResponseToString(resp))
var respBody []byte
if req.Compress == "zstd" {
src, _ := json.Marshal(resp)
encoder, _ := zstd.NewWriter(nil)
srcCompressed := encoder.EncodeAll(src, nil)
respBody, err = encodeMsg(srcCompressed, &mKey, h.privateKey)
if err != nil {
return nil, err
}
} else {
respBody, err = encode(resp, &mKey, h.privateKey)
if err != nil {
return nil, err
}
}
// declare the incoming size on the first 4 bytes
data := make([]byte, 4)
binary.LittleEndian.PutUint32(data, uint32(len(respBody)))
data = append(data, respBody...)
return data, nil
}
func (h *Headscale) getMapKeepAliveResponse(mKey wgkey.Key, req tailcfg.MapRequest, m *Machine) ([]byte, error) {
resp := tailcfg.MapResponse{
KeepAlive: true,
}
var respBody []byte
var err error
if req.Compress == "zstd" {
src, _ := json.Marshal(resp)
encoder, _ := zstd.NewWriter(nil)
srcCompressed := encoder.EncodeAll(src, nil)
respBody, err = encodeMsg(srcCompressed, &mKey, h.privateKey)
if err != nil {
return nil, err
}
} else {
respBody, err = encode(resp, &mKey, h.privateKey)
if err != nil {
return nil, err
}
}
data := make([]byte, 4)
binary.LittleEndian.PutUint32(data, uint32(len(respBody)))
data = append(data, respBody...)
return data, nil
}
func (h *Headscale) handleAuthKey(c *gin.Context, db *gorm.DB, idKey wgkey.Key, req tailcfg.RegisterRequest, m Machine) {
log.Debug().
Str("func", "handleAuthKey").
Str("machine", req.Hostinfo.Hostname).
Msgf("Processing auth key for %s", req.Hostinfo.Hostname)
resp := tailcfg.RegisterResponse{}
pak, err := h.checkKeyValidity(req.Auth.AuthKey)
if err != nil {
log.Error().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Err(err).
Msg("Failed authentication via AuthKey")
resp.MachineAuthorized = false
respBody, err := encode(resp, &idKey, h.privateKey)
if err != nil {
log.Error().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Err(err).
Msg("Cannot encode message")
c.String(http.StatusInternalServerError, "")
machineRegistrations.WithLabelValues("new", "authkey", "error", m.Namespace.Name).Inc()
return
}
c.Data(401, "application/json; charset=utf-8", respBody)
log.Error().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Msg("Failed authentication via AuthKey")
machineRegistrations.WithLabelValues("new", "authkey", "error", m.Namespace.Name).Inc()
return
}
log.Debug().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Msg("Authentication key was valid, proceeding to acquire an IP address")
ip, err := h.getAvailableIP()
if err != nil {
log.Error().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Msg("Failed to find an available IP")
machineRegistrations.WithLabelValues("new", "authkey", "error", m.Namespace.Name).Inc()
return
}
log.Info().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Str("ip", ip.String()).
Msgf("Assigning %s to %s", ip, m.Name)
m.AuthKeyID = uint(pak.ID)
m.IPAddress = ip.String()
m.NamespaceID = pak.NamespaceID
m.NodeKey = wgkey.Key(req.NodeKey).HexString() // we update it just in case
m.Registered = true
m.RegisterMethod = "authKey"
db.Save(&m)
pak.Used = true
db.Save(&pak)
resp.MachineAuthorized = true
resp.User = *pak.Namespace.toUser()
respBody, err := encode(resp, &idKey, h.privateKey)
if err != nil {
log.Error().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Err(err).
Msg("Cannot encode message")
machineRegistrations.WithLabelValues("new", "authkey", "error", m.Namespace.Name).Inc()
c.String(http.StatusInternalServerError, "Extremely sad!")
return
}
machineRegistrations.WithLabelValues("new", "authkey", "success", m.Namespace.Name).Inc()
c.Data(200, "application/json; charset=utf-8", respBody)
log.Info().
Str("func", "handleAuthKey").
Str("machine", m.Name).
Str("ip", ip.String()).
Msg("Successfully authenticated via AuthKey")
}
+113
View File
@@ -0,0 +1,113 @@
package headscale
import (
"time"
"github.com/rs/zerolog/log"
"tailscale.com/tailcfg"
)
func (h *Headscale) generateMapResponse(
mapRequest tailcfg.MapRequest,
machine *Machine,
) (*tailcfg.MapResponse, error) {
log.Trace().
Str("func", "generateMapResponse").
Str("machine", mapRequest.Hostinfo.Hostname).
Msg("Creating Map response")
node, err := h.toNode(*machine, h.cfg.BaseDomain, h.cfg.DNSConfig)
if err != nil {
log.Error().
Caller().
Str("func", "generateMapResponse").
Err(err).
Msg("Cannot convert to node")
return nil, err
}
peers, err := h.getValidPeers(machine)
if err != nil {
log.Error().
Caller().
Str("func", "generateMapResponse").
Err(err).
Msg("Cannot fetch peers")
return nil, err
}
profiles := h.getMapResponseUserProfiles(*machine, peers)
nodePeers, err := h.toNodes(peers, h.cfg.BaseDomain, h.cfg.DNSConfig)
if err != nil {
log.Error().
Caller().
Str("func", "generateMapResponse").
Err(err).
Msg("Failed to convert peers to Tailscale nodes")
return nil, err
}
dnsConfig := getMapResponseDNSConfig(
h.cfg.DNSConfig,
h.cfg.BaseDomain,
*machine,
peers,
)
now := time.Now()
resp := tailcfg.MapResponse{
KeepAlive: false,
Node: node,
// TODO: Only send if updated
DERPMap: h.DERPMap,
// TODO: Only send if updated
Peers: nodePeers,
// TODO(kradalby): Implement:
// https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L1351-L1374
// PeersChanged
// PeersRemoved
// PeersChangedPatch
// PeerSeenChange
// OnlineChange
// TODO: Only send if updated
DNSConfig: dnsConfig,
// TODO: Only send if updated
Domain: h.cfg.BaseDomain,
// Do not instruct clients to collect services, we do not
// support or do anything with them
CollectServices: "false",
// TODO: Only send if updated
PacketFilter: h.aclRules,
UserProfiles: profiles,
// TODO: Only send if updated
SSHPolicy: h.sshPolicy,
ControlTime: &now,
Debug: &tailcfg.Debug{
DisableLogTail: !h.cfg.LogTail.Enabled,
RandomizeClientPort: h.cfg.RandomizeClientPort,
},
}
log.Trace().
Str("func", "generateMapResponse").
Str("machine", mapRequest.Hostinfo.Hostname).
// Interface("payload", resp).
Msgf("Generated map response: %s", tailMapResponseToString(resp))
return &resp, nil
}
+157
View File
@@ -0,0 +1,157 @@
package headscale
import (
"fmt"
"strings"
"time"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"golang.org/x/crypto/bcrypt"
"google.golang.org/protobuf/types/known/timestamppb"
)
const (
apiPrefixLength = 7
apiKeyLength = 32
ErrAPIKeyFailedToParse = Error("Failed to parse ApiKey")
)
// APIKey describes the datamodel for API keys used to remotely authenticate with
// headscale.
type APIKey struct {
ID uint64 `gorm:"primary_key"`
Prefix string `gorm:"uniqueIndex"`
Hash []byte
CreatedAt *time.Time
Expiration *time.Time
LastSeen *time.Time
}
// CreateAPIKey creates a new ApiKey in a user, and returns it.
func (h *Headscale) CreateAPIKey(
expiration *time.Time,
) (string, *APIKey, error) {
prefix, err := GenerateRandomStringURLSafe(apiPrefixLength)
if err != nil {
return "", nil, err
}
toBeHashed, err := GenerateRandomStringURLSafe(apiKeyLength)
if err != nil {
return "", nil, err
}
// Key to return to user, this will only be visible _once_
keyStr := prefix + "." + toBeHashed
hash, err := bcrypt.GenerateFromPassword([]byte(toBeHashed), bcrypt.DefaultCost)
if err != nil {
return "", nil, err
}
key := APIKey{
Prefix: prefix,
Hash: hash,
Expiration: expiration,
}
if err := h.db.Save(&key).Error; err != nil {
return "", nil, fmt.Errorf("failed to save API key to database: %w", err)
}
return keyStr, &key, nil
}
// ListAPIKeys returns the list of ApiKeys for a user.
func (h *Headscale) ListAPIKeys() ([]APIKey, error) {
keys := []APIKey{}
if err := h.db.Find(&keys).Error; err != nil {
return nil, err
}
return keys, nil
}
// GetAPIKey returns a ApiKey for a given key.
func (h *Headscale) GetAPIKey(prefix string) (*APIKey, error) {
key := APIKey{}
if result := h.db.First(&key, "prefix = ?", prefix); result.Error != nil {
return nil, result.Error
}
return &key, nil
}
// GetAPIKeyByID returns a ApiKey for a given id.
func (h *Headscale) GetAPIKeyByID(id uint64) (*APIKey, error) {
key := APIKey{}
if result := h.db.Find(&APIKey{ID: id}).First(&key); result.Error != nil {
return nil, result.Error
}
return &key, nil
}
// DestroyAPIKey destroys a ApiKey. Returns error if the ApiKey
// does not exist.
func (h *Headscale) DestroyAPIKey(key APIKey) error {
if result := h.db.Unscoped().Delete(key); result.Error != nil {
return result.Error
}
return nil
}
// ExpireAPIKey marks a ApiKey as expired.
func (h *Headscale) ExpireAPIKey(key *APIKey) error {
if err := h.db.Model(&key).Update("Expiration", time.Now()).Error; err != nil {
return err
}
return nil
}
func (h *Headscale) ValidateAPIKey(keyStr string) (bool, error) {
prefix, hash, found := strings.Cut(keyStr, ".")
if !found {
return false, ErrAPIKeyFailedToParse
}
key, err := h.GetAPIKey(prefix)
if err != nil {
return false, fmt.Errorf("failed to validate api key: %w", err)
}
if key.Expiration.Before(time.Now()) {
return false, nil
}
if err := bcrypt.CompareHashAndPassword(key.Hash, []byte(hash)); err != nil {
return false, err
}
return true, nil
}
func (key *APIKey) toProto() *v1.ApiKey {
protoKey := v1.ApiKey{
Id: key.ID,
Prefix: key.Prefix,
}
if key.Expiration != nil {
protoKey.Expiration = timestamppb.New(*key.Expiration)
}
if key.CreatedAt != nil {
protoKey.CreatedAt = timestamppb.New(*key.CreatedAt)
}
if key.LastSeen != nil {
protoKey.LastSeen = timestamppb.New(*key.LastSeen)
}
return &protoKey
}
+89
View File
@@ -0,0 +1,89 @@
package headscale
import (
"time"
"gopkg.in/check.v1"
)
func (*Suite) TestCreateAPIKey(c *check.C) {
apiKeyStr, apiKey, err := app.CreateAPIKey(nil)
c.Assert(err, check.IsNil)
c.Assert(apiKey, check.NotNil)
// Did we get a valid key?
c.Assert(apiKey.Prefix, check.NotNil)
c.Assert(apiKey.Hash, check.NotNil)
c.Assert(apiKeyStr, check.Not(check.Equals), "")
_, err = app.ListAPIKeys()
c.Assert(err, check.IsNil)
keys, err := app.ListAPIKeys()
c.Assert(err, check.IsNil)
c.Assert(len(keys), check.Equals, 1)
}
func (*Suite) TestAPIKeyDoesNotExist(c *check.C) {
key, err := app.GetAPIKey("does-not-exist")
c.Assert(err, check.NotNil)
c.Assert(key, check.IsNil)
}
func (*Suite) TestValidateAPIKeyOk(c *check.C) {
nowPlus2 := time.Now().Add(2 * time.Hour)
apiKeyStr, apiKey, err := app.CreateAPIKey(&nowPlus2)
c.Assert(err, check.IsNil)
c.Assert(apiKey, check.NotNil)
valid, err := app.ValidateAPIKey(apiKeyStr)
c.Assert(err, check.IsNil)
c.Assert(valid, check.Equals, true)
}
func (*Suite) TestValidateAPIKeyNotOk(c *check.C) {
nowMinus2 := time.Now().Add(time.Duration(-2) * time.Hour)
apiKeyStr, apiKey, err := app.CreateAPIKey(&nowMinus2)
c.Assert(err, check.IsNil)
c.Assert(apiKey, check.NotNil)
valid, err := app.ValidateAPIKey(apiKeyStr)
c.Assert(err, check.IsNil)
c.Assert(valid, check.Equals, false)
now := time.Now()
apiKeyStrNow, apiKey, err := app.CreateAPIKey(&now)
c.Assert(err, check.IsNil)
c.Assert(apiKey, check.NotNil)
validNow, err := app.ValidateAPIKey(apiKeyStrNow)
c.Assert(err, check.IsNil)
c.Assert(validNow, check.Equals, false)
validSilly, err := app.ValidateAPIKey("nota.validkey")
c.Assert(err, check.NotNil)
c.Assert(validSilly, check.Equals, false)
validWithErr, err := app.ValidateAPIKey("produceerrorkey")
c.Assert(err, check.NotNil)
c.Assert(validWithErr, check.Equals, false)
}
func (*Suite) TestExpireAPIKey(c *check.C) {
nowPlus2 := time.Now().Add(2 * time.Hour)
apiKeyStr, apiKey, err := app.CreateAPIKey(&nowPlus2)
c.Assert(err, check.IsNil)
c.Assert(apiKey, check.NotNil)
valid, err := app.ValidateAPIKey(apiKeyStr)
c.Assert(err, check.IsNil)
c.Assert(valid, check.Equals, true)
err = app.ExpireAPIKey(apiKey)
c.Assert(err, check.IsNil)
c.Assert(apiKey.Expiration, check.NotNil)
notValid, err := app.ValidateAPIKey(apiKeyStr)
c.Assert(err, check.IsNil)
c.Assert(notValid, check.Equals, false)
}
+877 -147
View File
File diff suppressed because it is too large Load Diff
+14 -11
View File
@@ -1,12 +1,11 @@
package headscale
import (
"io/ioutil"
"net/netip"
"os"
"testing"
"gopkg.in/check.v1"
"inet.af/netaddr"
)
func Test(t *testing.T) {
@@ -17,8 +16,10 @@ var _ = check.Suite(&Suite{})
type Suite struct{}
var tmpDir string
var h Headscale
var (
tmpDir string
app Headscale
)
func (s *Suite) SetUpTest(c *check.C) {
s.ResetDB(c)
@@ -33,26 +34,28 @@ func (s *Suite) ResetDB(c *check.C) {
os.RemoveAll(tmpDir)
}
var err error
tmpDir, err = ioutil.TempDir("", "autoygg-client-test")
tmpDir, err = os.MkdirTemp("", "autoygg-client-test")
if err != nil {
c.Fatal(err)
}
cfg := Config{
IPPrefix: netaddr.MustParseIPPrefix("10.27.0.0/23"),
IPPrefixes: []netip.Prefix{
netip.MustParsePrefix("10.27.0.0/23"),
},
}
h = Headscale{
cfg: cfg,
app = Headscale{
cfg: &cfg,
dbType: "sqlite3",
dbString: tmpDir + "/headscale_test.db",
}
err = h.initDB()
err = app.initDB()
if err != nil {
c.Fatal(err)
}
db, err := h.openDB()
db, err := app.openDB()
if err != nil {
c.Fatal(err)
}
h.db = db
app.db = db
}
-226
View File
@@ -1,226 +0,0 @@
package headscale
import (
"bytes"
"net/http"
"text/template"
"github.com/rs/zerolog/log"
"github.com/gin-gonic/gin"
"github.com/gofrs/uuid"
)
// AppleMobileConfig shows a simple message in the browser to point to the CLI
// Listens in /register
func (h *Headscale) AppleMobileConfig(c *gin.Context) {
t := template.Must(template.New("apple").Parse(`
<html>
<body>
<h1>Apple configuration profiles</h1>
<p>
This page provides <a href="https://support.apple.com/guide/mdm/mdm-overview-mdmbf9e668/web">configuration profiles</a> for the official Tailscale clients for <a href="https://apps.apple.com/us/app/tailscale/id1470499037?ls=1">iOS</a> and <a href="https://apps.apple.com/ca/app/tailscale/id1475387142?mt=12">macOS</a>.
</p>
<p>
The profiles will configure Tailscale.app to use {{.Url}} as its control server.
</p>
<h3>Caution</h3>
<p>You should always inspect the profile before installing it:</p>
<!--
<p><code>curl {{.Url}}/apple/ios</code></p>
-->
<p><code>curl {{.Url}}/apple/macos</code></p>
<h2>Profiles</h2>
<!--
<h3>iOS</h3>
<p>
<a href="/apple/ios" download="headscale_ios.mobileconfig">iOS profile</a>
</p>
-->
<h3>macOS</h3>
<p>Headscale can be set to the default server by installing a Headscale configuration profile:</p>
<p>
<a href="/apple/macos" download="headscale_macos.mobileconfig">macOS profile</a>
</p>
<ol>
<li>Download the profile, then open it. When it has been opened, there should be a notification that a profile can be installed</li>
<li>Open System Preferences and go to "Profiles"</li>
<li>Find and install the Headscale profile</li>
<li>Restart Tailscale.app and log in</li>
</ol>
<p>Or</p>
<p>Use your terminal to configure the default setting for Tailscale by issuing:</p>
<code>defaults write io.tailscale.ipn.macos ControlURL {{.Url}}</code>
<p>Restart Tailscale.app and log in.</p>
</body>
</html>`))
config := map[string]interface{}{
"Url": h.cfg.ServerURL,
}
var payload bytes.Buffer
if err := t.Execute(&payload, config); err != nil {
log.Error().
Str("handler", "AppleMobileConfig").
Err(err).
Msg("Could not render Apple index template")
c.Data(http.StatusInternalServerError, "text/html; charset=utf-8", []byte("Could not render Apple index template"))
return
}
c.Data(http.StatusOK, "text/html; charset=utf-8", payload.Bytes())
}
func (h *Headscale) ApplePlatformConfig(c *gin.Context) {
platform := c.Param("platform")
id, err := uuid.NewV4()
if err != nil {
log.Error().
Str("handler", "ApplePlatformConfig").
Err(err).
Msg("Failed not create UUID")
c.Data(http.StatusInternalServerError, "text/html; charset=utf-8", []byte("Failed to create UUID"))
return
}
contentId, err := uuid.NewV4()
if err != nil {
log.Error().
Str("handler", "ApplePlatformConfig").
Err(err).
Msg("Failed not create UUID")
c.Data(http.StatusInternalServerError, "text/html; charset=utf-8", []byte("Failed to create UUID"))
return
}
platformConfig := AppleMobilePlatformConfig{
UUID: contentId,
Url: h.cfg.ServerURL,
}
var payload bytes.Buffer
switch platform {
case "macos":
if err := macosTemplate.Execute(&payload, platformConfig); err != nil {
log.Error().
Str("handler", "ApplePlatformConfig").
Err(err).
Msg("Could not render Apple macOS template")
c.Data(http.StatusInternalServerError, "text/html; charset=utf-8", []byte("Could not render Apple macOS template"))
return
}
case "ios":
if err := iosTemplate.Execute(&payload, platformConfig); err != nil {
log.Error().
Str("handler", "ApplePlatformConfig").
Err(err).
Msg("Could not render Apple iOS template")
c.Data(http.StatusInternalServerError, "text/html; charset=utf-8", []byte("Could not render Apple iOS template"))
return
}
default:
c.Data(http.StatusOK, "text/html; charset=utf-8", []byte("Invalid platform, only ios and macos is supported"))
return
}
config := AppleMobileConfig{
UUID: id,
Url: h.cfg.ServerURL,
Payload: payload.String(),
}
var content bytes.Buffer
if err := commonTemplate.Execute(&content, config); err != nil {
log.Error().
Str("handler", "ApplePlatformConfig").
Err(err).
Msg("Could not render Apple platform template")
c.Data(http.StatusInternalServerError, "text/html; charset=utf-8", []byte("Could not render Apple platform template"))
return
}
c.Data(http.StatusOK, "application/x-apple-aspen-config; charset=utf-8", content.Bytes())
}
type AppleMobileConfig struct {
UUID uuid.UUID
Url string
Payload string
}
type AppleMobilePlatformConfig struct {
UUID uuid.UUID
Url string
}
var commonTemplate = template.Must(template.New("mobileconfig").Parse(`<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadUUID</key>
<string>{{.UUID}}</string>
<key>PayloadDisplayName</key>
<string>Headscale</string>
<key>PayloadDescription</key>
<string>Configure Tailscale login server to: {{.Url}}</string>
<key>PayloadIdentifier</key>
<string>com.github.juanfont.headscale</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadContent</key>
<array>
{{.Payload}}
</array>
</dict>
</plist>`))
var iosTemplate = template.Must(template.New("iosTemplate").Parse(`
<dict>
<key>PayloadType</key>
<string>io.tailscale.ipn.ios</string>
<key>PayloadUUID</key>
<string>{{.UUID}}</string>
<key>PayloadIdentifier</key>
<string>com.github.juanfont.headscale</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>ControlURL</key>
<string>{{.Url}}</string>
</dict>
`))
var macosTemplate = template.Must(template.New("macosTemplate").Parse(`
<dict>
<key>PayloadType</key>
<string>io.tailscale.ipn.macos</string>
<key>PayloadUUID</key>
<string>{{.UUID}}</string>
<key>PayloadIdentifier</key>
<string>com.github.juanfont.headscale</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadEnabled</key>
<true/>
<key>ControlURL</key>
<string>{{.Url}}</string>
</dict>
`))
+21
View File
@@ -0,0 +1,21 @@
version: v1
plugins:
- name: go
out: gen/go
opt:
- paths=source_relative
- name: go-grpc
out: gen/go
opt:
- paths=source_relative
- name: grpc-gateway
out: gen/go
opt:
- paths=source_relative
- generate_unbound_methods=true
# - name: gorm
# out: gen/go
# opt:
# - paths=source_relative,enums=string,gateway=true
- name: openapiv2
out: gen/openapiv2
-40
View File
@@ -1,40 +0,0 @@
package headscale
import (
"errors"
"gorm.io/gorm"
"tailscale.com/types/wgkey"
)
// RegisterMachine is executed from the CLI to register a new Machine using its MachineKey
func (h *Headscale) RegisterMachine(key string, namespace string) (*Machine, error) {
ns, err := h.GetNamespace(namespace)
if err != nil {
return nil, err
}
mKey, err := wgkey.ParseHex(key)
if err != nil {
return nil, err
}
m := Machine{}
if result := h.db.First(&m, "machine_key = ?", mKey.HexString()); errors.Is(result.Error, gorm.ErrRecordNotFound) {
return nil, errors.New("Machine not found")
}
if m.isAlreadyRegistered() {
return nil, errors.New("Machine already registered")
}
ip, err := h.getAvailableIP()
if err != nil {
return nil, err
}
m.IPAddress = ip.String()
m.NamespaceID = ns.ID
m.Registered = true
m.RegisterMethod = "cli"
h.db.Save(&m)
return &m, nil
}
-31
View File
@@ -1,31 +0,0 @@
package headscale
import (
"gopkg.in/check.v1"
)
func (s *Suite) TestRegisterMachine(c *check.C) {
n, err := h.CreateNamespace("test")
c.Assert(err, check.IsNil)
m := Machine{
ID: 0,
MachineKey: "8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e",
NodeKey: "bar",
DiscoKey: "faa",
Name: "testmachine",
NamespaceID: n.ID,
IPAddress: "10.0.0.1",
}
h.db.Save(&m)
_, err = h.GetMachine("test", "testmachine")
c.Assert(err, check.IsNil)
m2, err := h.RegisterMachine("8ce002a935f8c394e55e78fbbb410576575ff8ec5cfa2e627e4b807f1be15b0e", n.Name)
c.Assert(err, check.IsNil)
c.Assert(m2.Registered, check.Equals, true)
_, err = m2.GetHostInfo()
c.Assert(err, check.IsNil)
}
+169
View File
@@ -0,0 +1,169 @@
package main
//go:generate go run ./main.go
import (
"bytes"
"fmt"
"log"
"os"
"os/exec"
"path"
"path/filepath"
"strings"
"text/template"
)
var (
githubWorkflowPath = "../../.github/workflows/"
jobFileNameTemplate = `test-integration-v2-%s.yaml`
jobTemplate = template.Must(
template.New("jobTemplate").
Parse(`# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
name: Integration Test v2 - {{.Name}}
on: [pull_request]
concurrency:
group: {{ "${{ github.workflow }}-$${{ github.head_ref || github.run_id }}" }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 2
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v34
with:
files: |
*.nix
go.*
**/*.go
integration_test/
config-example.yaml
- uses: cachix/install-nix-action@v18
if: {{ "${{ env.ACT }}" }} || steps.changed-files.outputs.any_changed == 'true'
- name: Run general integration tests
if: steps.changed-files.outputs.any_changed == 'true'
run: |
nix develop --command -- docker run \
--tty --rm \
--volume ~/.cache/hs-integration-go:/go \
--name headscale-test-suite \
--volume $PWD:$PWD -w $PWD/integration \
--volume /var/run/docker.sock:/var/run/docker.sock \
--volume $PWD/control_logs:/tmp/control \
golang:1 \
go test ./... \
-tags ts2019 \
-failfast \
-timeout 120m \
-parallel 1 \
-run "^{{.Name}}$"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: logs
path: "control_logs/*.log"
- uses: actions/upload-artifact@v3
if: always() && steps.changed-files.outputs.any_changed == 'true'
with:
name: pprof
path: "control_logs/*.pprof.tar"
`),
)
)
const workflowFilePerm = 0o600
func removeTests() {
glob := fmt.Sprintf(jobFileNameTemplate, "*")
files, err := filepath.Glob(filepath.Join(githubWorkflowPath, glob))
if err != nil {
log.Fatalf("failed to find test files")
}
for _, file := range files {
err := os.Remove(file)
if err != nil {
log.Printf("failed to remove: %s", err)
}
}
}
func findTests() []string {
rgBin, err := exec.LookPath("rg")
if err != nil {
log.Fatalf("failed to find rg (ripgrep) binary")
}
args := []string{
"--regexp", "func (Test.+)\\(.*",
"../../integration/",
"--replace", "$1",
"--sort", "path",
"--no-line-number",
"--no-filename",
"--no-heading",
}
log.Printf("executing: %s %s", rgBin, strings.Join(args, " "))
ripgrep := exec.Command(
rgBin,
args...,
)
result, err := ripgrep.CombinedOutput()
if err != nil {
log.Printf("out: %s", result)
log.Fatalf("failed to run ripgrep: %s", err)
}
tests := strings.Split(string(result), "\n")
tests = tests[:len(tests)-1]
return tests
}
func main() {
type testConfig struct {
Name string
}
tests := findTests()
removeTests()
for _, test := range tests {
log.Printf("generating workflow for %s", test)
var content bytes.Buffer
if err := jobTemplate.Execute(&content, testConfig{
Name: test,
}); err != nil {
log.Fatalf("failed to render template: %s", err)
}
testPath := path.Join(githubWorkflowPath, fmt.Sprintf(jobFileNameTemplate, test))
err := os.WriteFile(testPath, content.Bytes(), workflowFilePerm)
if err != nil {
log.Fatalf("failed to write github job: %s", err)
}
}
}
+201
View File
@@ -0,0 +1,201 @@
package cli
import (
"fmt"
"strconv"
"time"
"github.com/juanfont/headscale"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/prometheus/common/model"
"github.com/pterm/pterm"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
"google.golang.org/protobuf/types/known/timestamppb"
)
const (
// 90 days.
DefaultAPIKeyExpiry = "90d"
)
func init() {
rootCmd.AddCommand(apiKeysCmd)
apiKeysCmd.AddCommand(listAPIKeys)
createAPIKeyCmd.Flags().
StringP("expiration", "e", DefaultAPIKeyExpiry, "Human-readable expiration of the key (e.g. 30m, 24h)")
apiKeysCmd.AddCommand(createAPIKeyCmd)
expireAPIKeyCmd.Flags().StringP("prefix", "p", "", "ApiKey prefix")
err := expireAPIKeyCmd.MarkFlagRequired("prefix")
if err != nil {
log.Fatal().Err(err).Msg("")
}
apiKeysCmd.AddCommand(expireAPIKeyCmd)
}
var apiKeysCmd = &cobra.Command{
Use: "apikeys",
Short: "Handle the Api keys in Headscale",
Aliases: []string{"apikey", "api"},
}
var listAPIKeys = &cobra.Command{
Use: "list",
Short: "List the Api keys for headscale",
Aliases: []string{"ls", "show"},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.ListApiKeysRequest{}
response, err := client.ListApiKeys(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting the list of keys: %s", err),
output,
)
return
}
if output != "" {
SuccessOutput(response.ApiKeys, "", output)
return
}
tableData := pterm.TableData{
{"ID", "Prefix", "Expiration", "Created"},
}
for _, key := range response.ApiKeys {
expiration := "-"
if key.GetExpiration() != nil {
expiration = ColourTime(key.Expiration.AsTime())
}
tableData = append(tableData, []string{
strconv.FormatUint(key.GetId(), headscale.Base10),
key.GetPrefix(),
expiration,
key.GetCreatedAt().AsTime().Format(HeadscaleDateTimeFormat),
})
}
err = pterm.DefaultTable.WithHasHeader().WithData(tableData).Render()
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Failed to render pterm table: %s", err),
output,
)
return
}
},
}
var createAPIKeyCmd = &cobra.Command{
Use: "create",
Short: "Creates a new Api key",
Long: `
Creates a new Api key, the Api key is only visible on creation
and cannot be retrieved again.
If you loose a key, create a new one and revoke (expire) the old one.`,
Aliases: []string{"c", "new"},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
log.Trace().
Msg("Preparing to create ApiKey")
request := &v1.CreateApiKeyRequest{}
durationStr, _ := cmd.Flags().GetString("expiration")
duration, err := model.ParseDuration(durationStr)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Could not parse duration: %s\n", err),
output,
)
return
}
expiration := time.Now().UTC().Add(time.Duration(duration))
log.Trace().
Dur("expiration", time.Duration(duration)).
Msg("expiration has been set")
request.Expiration = timestamppb.New(expiration)
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
response, err := client.CreateApiKey(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot create Api Key: %s\n", err),
output,
)
return
}
SuccessOutput(response.ApiKey, response.ApiKey, output)
},
}
var expireAPIKeyCmd = &cobra.Command{
Use: "expire",
Short: "Expire an ApiKey",
Aliases: []string{"revoke", "exp", "e"},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
prefix, err := cmd.Flags().GetString("prefix")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting prefix from CLI flag: %s", err),
output,
)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.ExpireApiKeyRequest{
Prefix: prefix,
}
response, err := client.ExpireApiKey(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot expire Api Key: %s\n", err),
output,
)
return
}
SuccessOutput(response, "Key expired", output)
},
}
+22
View File
@@ -0,0 +1,22 @@
package cli
import (
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
)
func init() {
rootCmd.AddCommand(configTestCmd)
}
var configTestCmd = &cobra.Command{
Use: "configtest",
Short: "Test the configuration.",
Long: "Run a test of the configuration and exit.",
Run: func(cmd *cobra.Command, args []string) {
_, err := getHeadscaleApp()
if err != nil {
log.Fatal().Caller().Err(err).Msg("Error initializing")
}
},
}
+138
View File
@@ -0,0 +1,138 @@
package cli
import (
"fmt"
"github.com/juanfont/headscale"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
"google.golang.org/grpc/status"
)
const (
errPreAuthKeyMalformed = Error("key is malformed. expected 64 hex characters with `nodekey` prefix")
)
// Error is used to compare errors as per https://dave.cheney.net/2016/04/07/constant-errors
type Error string
func (e Error) Error() string { return string(e) }
func init() {
rootCmd.AddCommand(debugCmd)
createNodeCmd.Flags().StringP("name", "", "", "Name")
err := createNodeCmd.MarkFlagRequired("name")
if err != nil {
log.Fatal().Err(err).Msg("")
}
createNodeCmd.Flags().StringP("user", "u", "", "User")
createNodeCmd.Flags().StringP("namespace", "n", "", "User")
createNodeNamespaceFlag := createNodeCmd.Flags().Lookup("namespace")
createNodeNamespaceFlag.Deprecated = deprecateNamespaceMessage
createNodeNamespaceFlag.Hidden = true
err = createNodeCmd.MarkFlagRequired("user")
if err != nil {
log.Fatal().Err(err).Msg("")
}
createNodeCmd.Flags().StringP("key", "k", "", "Key")
err = createNodeCmd.MarkFlagRequired("key")
if err != nil {
log.Fatal().Err(err).Msg("")
}
createNodeCmd.Flags().
StringSliceP("route", "r", []string{}, "List (or repeated flags) of routes to advertise")
debugCmd.AddCommand(createNodeCmd)
}
var debugCmd = &cobra.Command{
Use: "debug",
Short: "debug and testing commands",
Long: "debug contains extra commands used for debugging and testing headscale",
}
var createNodeCmd = &cobra.Command{
Use: "create-node",
Short: "Create a node (machine) that can be registered with `nodes register <>` command",
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
user, err := cmd.Flags().GetString("user")
if err != nil {
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
name, err := cmd.Flags().GetString("name")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting node from flag: %s", err),
output,
)
return
}
machineKey, err := cmd.Flags().GetString("key")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting key from flag: %s", err),
output,
)
return
}
if !headscale.NodePublicKeyRegex.Match([]byte(machineKey)) {
err = errPreAuthKeyMalformed
ErrorOutput(
err,
fmt.Sprintf("Error: %s", err),
output,
)
return
}
routes, err := cmd.Flags().GetStringSlice("route")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting routes from flag: %s", err),
output,
)
return
}
request := &v1.DebugCreateMachineRequest{
Key: machineKey,
Name: name,
User: user,
Routes: routes,
}
response, err := client.DebugCreateMachine(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot create machine: %s", status.Convert(err).Message()),
output,
)
return
}
SuccessOutput(response.Machine, "Machine created", output)
},
}
+28
View File
@@ -0,0 +1,28 @@
package cli
import (
"fmt"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
func init() {
rootCmd.AddCommand(dumpConfigCmd)
}
var dumpConfigCmd = &cobra.Command{
Use: "dumpConfig",
Short: "dump current config to /etc/headscale/config.dump.yaml, integration test only",
Hidden: true,
Args: func(cmd *cobra.Command, args []string) error {
return nil
},
Run: func(cmd *cobra.Command, args []string) {
err := viper.WriteConfigAs("/etc/headscale/config.dump.yaml")
if err != nil {
//nolint
fmt.Println("Failed to dump config")
}
},
}
+42
View File
@@ -0,0 +1,42 @@
package cli
import (
"fmt"
"github.com/spf13/cobra"
"tailscale.com/types/key"
)
func init() {
rootCmd.AddCommand(generateCmd)
generateCmd.AddCommand(generatePrivateKeyCmd)
}
var generateCmd = &cobra.Command{
Use: "generate",
Short: "Generate commands",
Aliases: []string{"gen"},
}
var generatePrivateKeyCmd = &cobra.Command{
Use: "private-key",
Short: "Generate a private key for the headscale server",
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
machineKey := key.NewMachine()
machineKeyStr, err := machineKey.MarshalText()
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting machine key from flag: %s", err),
output,
)
}
SuccessOutput(map[string]string{
"private_key": string(machineKeyStr),
},
string(machineKeyStr), output)
},
}
+115
View File
@@ -0,0 +1,115 @@
package cli
import (
"fmt"
"net"
"os"
"strconv"
"time"
"github.com/oauth2-proxy/mockoidc"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
)
const (
errMockOidcClientIDNotDefined = Error("MOCKOIDC_CLIENT_ID not defined")
errMockOidcClientSecretNotDefined = Error("MOCKOIDC_CLIENT_SECRET not defined")
errMockOidcPortNotDefined = Error("MOCKOIDC_PORT not defined")
refreshTTL = 60 * time.Minute
)
var accessTTL = 2 * time.Minute
func init() {
rootCmd.AddCommand(mockOidcCmd)
}
var mockOidcCmd = &cobra.Command{
Use: "mockoidc",
Short: "Runs a mock OIDC server for testing",
Long: "This internal command runs a OpenID Connect for testing purposes",
Run: func(cmd *cobra.Command, args []string) {
err := mockOIDC()
if err != nil {
log.Error().Err(err).Msgf("Error running mock OIDC server")
os.Exit(1)
}
},
}
func mockOIDC() error {
clientID := os.Getenv("MOCKOIDC_CLIENT_ID")
if clientID == "" {
return errMockOidcClientIDNotDefined
}
clientSecret := os.Getenv("MOCKOIDC_CLIENT_SECRET")
if clientSecret == "" {
return errMockOidcClientSecretNotDefined
}
addrStr := os.Getenv("MOCKOIDC_ADDR")
if addrStr == "" {
return errMockOidcPortNotDefined
}
portStr := os.Getenv("MOCKOIDC_PORT")
if portStr == "" {
return errMockOidcPortNotDefined
}
accessTTLOverride := os.Getenv("MOCKOIDC_ACCESS_TTL")
if accessTTLOverride != "" {
newTTL, err := time.ParseDuration(accessTTLOverride)
if err != nil {
return err
}
accessTTL = newTTL
}
log.Info().Msgf("Access token TTL: %s", accessTTL)
port, err := strconv.Atoi(portStr)
if err != nil {
return err
}
mock, err := getMockOIDC(clientID, clientSecret)
if err != nil {
return err
}
listener, err := net.Listen("tcp", fmt.Sprintf("%s:%d", addrStr, port))
if err != nil {
return err
}
err = mock.Start(listener, nil)
if err != nil {
return err
}
log.Info().Msgf("Mock OIDC server listening on %s", listener.Addr().String())
log.Info().Msgf("Issuer: %s", mock.Issuer())
c := make(chan struct{})
<-c
return nil
}
func getMockOIDC(clientID string, clientSecret string) (*mockoidc.MockOIDC, error) {
keypair, err := mockoidc.NewKeypair(nil)
if err != nil {
return nil, err
}
mock := mockoidc.MockOIDC{
ClientID: clientID,
ClientSecret: clientSecret,
AccessTTL: accessTTL,
RefreshTTL: refreshTTL,
CodeChallengeMethodsSupported: []string{"plain", "S256"},
Keypair: keypair,
SessionStore: mockoidc.NewSessionStore(),
UserQueue: &mockoidc.UserQueue{},
ErrorQueue: &mockoidc.ErrorQueue{},
}
return &mock, nil
}
-109
View File
@@ -1,109 +0,0 @@
package cli
import (
"fmt"
"log"
"strconv"
"strings"
"github.com/pterm/pterm"
"github.com/spf13/cobra"
)
func init() {
rootCmd.AddCommand(namespaceCmd)
namespaceCmd.AddCommand(createNamespaceCmd)
namespaceCmd.AddCommand(listNamespacesCmd)
namespaceCmd.AddCommand(destroyNamespaceCmd)
}
var namespaceCmd = &cobra.Command{
Use: "namespaces",
Short: "Manage the namespaces of Headscale",
}
var createNamespaceCmd = &cobra.Command{
Use: "create NAME",
Short: "Creates a new namespace",
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("Missing parameters")
}
return nil
},
Run: func(cmd *cobra.Command, args []string) {
o, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
namespace, err := h.CreateNamespace(args[0])
if strings.HasPrefix(o, "json") {
JsonOutput(namespace, err, o)
return
}
if err != nil {
fmt.Printf("Error creating namespace: %s\n", err)
return
}
fmt.Printf("Namespace created\n")
},
}
var destroyNamespaceCmd = &cobra.Command{
Use: "destroy NAME",
Short: "Destroys a namespace",
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("Missing parameters")
}
return nil
},
Run: func(cmd *cobra.Command, args []string) {
o, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
err = h.DestroyNamespace(args[0])
if strings.HasPrefix(o, "json") {
JsonOutput(map[string]string{"Result": "Namespace destroyed"}, err, o)
return
}
if err != nil {
fmt.Printf("Error destroying namespace: %s\n", err)
return
}
fmt.Printf("Namespace destroyed\n")
},
}
var listNamespacesCmd = &cobra.Command{
Use: "list",
Short: "List all the namespaces",
Run: func(cmd *cobra.Command, args []string) {
o, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
namespaces, err := h.ListNamespaces()
if strings.HasPrefix(o, "json") {
JsonOutput(namespaces, err, o)
return
}
if err != nil {
fmt.Println(err)
return
}
d := pterm.TableData{{"ID", "Name", "Created"}}
for _, n := range *namespaces {
d = append(d, []string{strconv.FormatUint(uint64(n.ID), 10), n.Name, n.CreatedAt.Format("2006-01-02 15:04:05")})
}
err = pterm.DefaultTable.WithHasHeader().WithData(d).Render()
if err != nil {
log.Fatal(err)
}
},
}
+559 -147
View File
@@ -3,151 +3,369 @@ package cli
import (
"fmt"
"log"
"net/netip"
"strconv"
"strings"
"time"
survey "github.com/AlecAivazis/survey/v2"
"github.com/juanfont/headscale"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/pterm/pterm"
"github.com/spf13/cobra"
"tailscale.com/tailcfg"
"tailscale.com/types/wgkey"
"google.golang.org/grpc/status"
"tailscale.com/types/key"
)
func init() {
rootCmd.AddCommand(nodeCmd)
nodeCmd.PersistentFlags().StringP("namespace", "n", "", "Namespace")
err := nodeCmd.MarkPersistentFlagRequired("namespace")
listNodesCmd.Flags().StringP("user", "u", "", "Filter by user")
listNodesCmd.Flags().BoolP("tags", "t", false, "Show tags")
listNodesCmd.Flags().StringP("namespace", "n", "", "User")
listNodesNamespaceFlag := listNodesCmd.Flags().Lookup("namespace")
listNodesNamespaceFlag.Deprecated = deprecateNamespaceMessage
listNodesNamespaceFlag.Hidden = true
nodeCmd.AddCommand(listNodesCmd)
registerNodeCmd.Flags().StringP("user", "u", "", "User")
registerNodeCmd.Flags().StringP("namespace", "n", "", "User")
registerNodeNamespaceFlag := registerNodeCmd.Flags().Lookup("namespace")
registerNodeNamespaceFlag.Deprecated = deprecateNamespaceMessage
registerNodeNamespaceFlag.Hidden = true
err := registerNodeCmd.MarkFlagRequired("user")
if err != nil {
log.Fatalf(err.Error())
}
registerNodeCmd.Flags().StringP("key", "k", "", "Key")
err = registerNodeCmd.MarkFlagRequired("key")
if err != nil {
log.Fatalf(err.Error())
}
nodeCmd.AddCommand(listNodesCmd)
nodeCmd.AddCommand(registerNodeCmd)
expireNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = expireNodeCmd.MarkFlagRequired("identifier")
if err != nil {
log.Fatalf(err.Error())
}
nodeCmd.AddCommand(expireNodeCmd)
renameNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = renameNodeCmd.MarkFlagRequired("identifier")
if err != nil {
log.Fatalf(err.Error())
}
nodeCmd.AddCommand(renameNodeCmd)
deleteNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = deleteNodeCmd.MarkFlagRequired("identifier")
if err != nil {
log.Fatalf(err.Error())
}
nodeCmd.AddCommand(deleteNodeCmd)
nodeCmd.AddCommand(shareMachineCmd)
moveNodeCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = moveNodeCmd.MarkFlagRequired("identifier")
if err != nil {
log.Fatalf(err.Error())
}
moveNodeCmd.Flags().StringP("user", "u", "", "New user")
moveNodeCmd.Flags().StringP("namespace", "n", "", "User")
moveNodeNamespaceFlag := moveNodeCmd.Flags().Lookup("namespace")
moveNodeNamespaceFlag.Deprecated = deprecateNamespaceMessage
moveNodeNamespaceFlag.Hidden = true
err = moveNodeCmd.MarkFlagRequired("user")
if err != nil {
log.Fatalf(err.Error())
}
nodeCmd.AddCommand(moveNodeCmd)
tagCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
err = tagCmd.MarkFlagRequired("identifier")
if err != nil {
log.Fatalf(err.Error())
}
tagCmd.Flags().
StringSliceP("tags", "t", []string{}, "List of tags to add to the node")
nodeCmd.AddCommand(tagCmd)
}
var nodeCmd = &cobra.Command{
Use: "nodes",
Short: "Manage the nodes of Headscale",
Use: "nodes",
Short: "Manage the nodes of Headscale",
Aliases: []string{"node", "machine", "machines"},
}
var registerNodeCmd = &cobra.Command{
Use: "register machineID",
Use: "register",
Short: "Registers a machine to your network",
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("missing parameters")
}
return nil
},
Run: func(cmd *cobra.Command, args []string) {
n, err := cmd.Flags().GetString("namespace")
output, _ := cmd.Flags().GetString("output")
user, err := cmd.Flags().GetString("user")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
o, _ := cmd.Flags().GetString("output")
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
h, err := getHeadscaleApp()
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
m, err := h.RegisterMachine(args[0], n)
if strings.HasPrefix(o, "json") {
JsonOutput(m, err, o)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
machineKey, err := cmd.Flags().GetString("key")
if err != nil {
fmt.Printf("Cannot register machine: %s\n", err)
ErrorOutput(
err,
fmt.Sprintf("Error getting node key from flag: %s", err),
output,
)
return
}
fmt.Printf("Machine registered\n")
request := &v1.RegisterMachineRequest{
Key: machineKey,
User: user,
}
response, err := client.RegisterMachine(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Cannot register machine: %s\n",
status.Convert(err).Message(),
),
output,
)
return
}
SuccessOutput(
response.Machine,
fmt.Sprintf("Machine %s registered", response.Machine.GivenName), output)
},
}
var listNodesCmd = &cobra.Command{
Use: "list",
Short: "List the nodes in a given namespace",
Use: "list",
Short: "List nodes",
Aliases: []string{"ls", "show"},
Run: func(cmd *cobra.Command, args []string) {
n, err := cmd.Flags().GetString("namespace")
output, _ := cmd.Flags().GetString("output")
user, err := cmd.Flags().GetString("user")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
o, _ := cmd.Flags().GetString("output")
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
h, err := getHeadscaleApp()
return
}
showTags, err := cmd.Flags().GetBool("tags")
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
ErrorOutput(err, fmt.Sprintf("Error getting tags flag: %s", err), output)
namespace, err := h.GetNamespace(n)
if err != nil {
log.Fatalf("Error fetching namespace: %s", err)
}
machines, err := h.ListMachinesInNamespace(n)
if err != nil {
log.Fatalf("Error fetching machines: %s", err)
}
sharedMachines, err := h.ListSharedMachinesInNamespace(n)
if err != nil {
log.Fatalf("Error fetching shared machines: %s", err)
}
allMachines := append(*machines, *sharedMachines...)
if strings.HasPrefix(o, "json") {
JsonOutput(allMachines, err, o)
return
}
if err != nil {
log.Fatalf("Error getting nodes: %s", err)
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.ListMachinesRequest{
User: user,
}
d, err := nodesToPtables(*namespace, allMachines)
response, err := client.ListMachines(ctx, request)
if err != nil {
log.Fatalf("Error converting to table: %s", err)
ErrorOutput(
err,
fmt.Sprintf("Cannot get nodes: %s", status.Convert(err).Message()),
output,
)
return
}
err = pterm.DefaultTable.WithHasHeader().WithData(d).Render()
if output != "" {
SuccessOutput(response.Machines, "", output)
return
}
tableData, err := nodesToPtables(user, showTags, response.Machines)
if err != nil {
log.Fatal(err)
ErrorOutput(err, fmt.Sprintf("Error converting to table: %s", err), output)
return
}
err = pterm.DefaultTable.WithHasHeader().WithData(tableData).Render()
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Failed to render pterm table: %s", err),
output,
)
return
}
},
}
var deleteNodeCmd = &cobra.Command{
Use: "delete ID",
Short: "Delete a node",
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("missing parameters")
}
return nil
},
var expireNodeCmd = &cobra.Command{
Use: "expire",
Short: "Expire (log out) a machine in your network",
Long: "Expiring a node will keep the node in the database and force it to reauthenticate.",
Aliases: []string{"logout", "exp", "e"},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
identifier, err := cmd.Flags().GetUint64("identifier")
if err != nil {
log.Fatalf("Error initializing: %s", err)
ErrorOutput(
err,
fmt.Sprintf("Error converting ID to integer: %s", err),
output,
)
return
}
id, err := strconv.Atoi(args[0])
if err != nil {
log.Fatalf("Error converting ID to integer: %s", err)
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.ExpireMachineRequest{
MachineId: identifier,
}
m, err := h.GetMachineByID(uint64(id))
response, err := client.ExpireMachine(ctx, request)
if err != nil {
log.Fatalf("Error getting node: %s", err)
ErrorOutput(
err,
fmt.Sprintf(
"Cannot expire machine: %s\n",
status.Convert(err).Message(),
),
output,
)
return
}
SuccessOutput(response.Machine, "Machine expired", output)
},
}
var renameNodeCmd = &cobra.Command{
Use: "rename NEW_NAME",
Short: "Renames a machine in your network",
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
identifier, err := cmd.Flags().GetUint64("identifier")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error converting ID to integer: %s", err),
output,
)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
newName := ""
if len(args) > 0 {
newName = args[0]
}
request := &v1.RenameMachineRequest{
MachineId: identifier,
NewName: newName,
}
response, err := client.RenameMachine(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Cannot rename machine: %s\n",
status.Convert(err).Message(),
),
output,
)
return
}
SuccessOutput(response.Machine, "Machine renamed", output)
},
}
var deleteNodeCmd = &cobra.Command{
Use: "delete",
Short: "Delete a node",
Aliases: []string{"del"},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
identifier, err := cmd.Flags().GetUint64("identifier")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error converting ID to integer: %s", err),
output,
)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
getRequest := &v1.GetMachineRequest{
MachineId: identifier,
}
getResponse, err := client.GetMachine(ctx, getRequest)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Error getting node node: %s",
status.Convert(err).Message(),
),
output,
)
return
}
deleteRequest := &v1.DeleteMachineRequest{
MachineId: identifier,
}
confirm := false
force, _ := cmd.Flags().GetBool("force")
if !force {
prompt := &survey.Confirm{
Message: fmt.Sprintf("Do you want to remove the node %s?", m.Name),
Message: fmt.Sprintf(
"Do you want to remove the node %s?",
getResponse.GetMachine().Name,
),
}
err = survey.AskOne(prompt, &confirm)
if err != nil {
@@ -156,113 +374,307 @@ var deleteNodeCmd = &cobra.Command{
}
if confirm || force {
err = h.DeleteMachine(m)
if strings.HasPrefix(output, "json") {
JsonOutput(map[string]string{"Result": "Node deleted"}, err, output)
response, err := client.DeleteMachine(ctx, deleteRequest)
if output != "" {
SuccessOutput(response, "", output)
return
}
if err != nil {
log.Fatalf("Error deleting node: %s", err)
}
fmt.Printf("Node deleted\n")
} else {
if strings.HasPrefix(output, "json") {
JsonOutput(map[string]string{"Result": "Node not deleted"}, err, output)
ErrorOutput(
err,
fmt.Sprintf(
"Error deleting node: %s",
status.Convert(err).Message(),
),
output,
)
return
}
fmt.Printf("Node not deleted\n")
SuccessOutput(
map[string]string{"Result": "Node deleted"},
"Node deleted",
output,
)
} else {
SuccessOutput(map[string]string{"Result": "Node not deleted"}, "Node not deleted", output)
}
},
}
var shareMachineCmd = &cobra.Command{
Use: "share ID namespace",
Short: "Shares a node from the current namespace to the specified one",
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 2 {
return fmt.Errorf("missing parameters")
}
return nil
},
var moveNodeCmd = &cobra.Command{
Use: "move",
Short: "Move node to another user",
Aliases: []string{"mv"},
Run: func(cmd *cobra.Command, args []string) {
namespace, err := cmd.Flags().GetString("namespace")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
output, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
identifier, err := cmd.Flags().GetUint64("identifier")
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
ErrorOutput(
err,
fmt.Sprintf("Error converting ID to integer: %s", err),
output,
)
_, err = h.GetNamespace(namespace)
if err != nil {
log.Fatalf("Error fetching origin namespace: %s", err)
}
destinationNamespace, err := h.GetNamespace(args[1])
if err != nil {
log.Fatalf("Error fetching destination namespace: %s", err)
}
id, err := strconv.Atoi(args[0])
if err != nil {
log.Fatalf("Error converting ID to integer: %s", err)
}
machine, err := h.GetMachineByID(uint64(id))
if err != nil {
log.Fatalf("Error getting node: %s", err)
}
err = h.AddSharedMachineToNamespace(machine, destinationNamespace)
if strings.HasPrefix(output, "json") {
JsonOutput(map[string]string{"Result": "Node shared"}, err, output)
return
}
if err != nil {
fmt.Printf("Error sharing node: %s\n", err)
return
}
fmt.Println("Node shared!")
user, err := cmd.Flags().GetString("user")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting user: %s", err),
output,
)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
getRequest := &v1.GetMachineRequest{
MachineId: identifier,
}
_, err = client.GetMachine(ctx, getRequest)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Error getting node: %s",
status.Convert(err).Message(),
),
output,
)
return
}
moveRequest := &v1.MoveMachineRequest{
MachineId: identifier,
User: user,
}
moveResponse, err := client.MoveMachine(ctx, moveRequest)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Error moving node: %s",
status.Convert(err).Message(),
),
output,
)
return
}
SuccessOutput(moveResponse.Machine, "Node moved to another user", output)
},
}
func nodesToPtables(currentNamespace headscale.Namespace, machines []headscale.Machine) (pterm.TableData, error) {
d := pterm.TableData{{"ID", "Name", "NodeKey", "Namespace", "IP address", "Ephemeral", "Last seen", "Online"}}
func nodesToPtables(
currentUser string,
showTags bool,
machines []*v1.Machine,
) (pterm.TableData, error) {
tableHeader := []string{
"ID",
"Hostname",
"Name",
"MachineKey",
"NodeKey",
"User",
"IP addresses",
"Ephemeral",
"Last seen",
"Expiration",
"Online",
"Expired",
}
if showTags {
tableHeader = append(tableHeader, []string{
"ForcedTags",
"InvalidTags",
"ValidTags",
}...)
}
tableData := pterm.TableData{tableHeader}
for _, machine := range machines {
var ephemeral bool
if machine.AuthKey != nil && machine.AuthKey.Ephemeral {
if machine.PreAuthKey != nil && machine.PreAuthKey.Ephemeral {
ephemeral = true
}
var lastSeen time.Time
var lastSeenTime string
if machine.LastSeen != nil {
lastSeen = *machine.LastSeen
lastSeen = machine.LastSeen.AsTime()
lastSeenTime = lastSeen.Format("2006-01-02 15:04:05")
}
nKey, err := wgkey.ParseHex(machine.NodeKey)
var expiry time.Time
var expiryTime string
if machine.Expiry != nil {
expiry = machine.Expiry.AsTime()
expiryTime = expiry.Format("2006-01-02 15:04:05")
} else {
expiryTime = "N/A"
}
var machineKey key.MachinePublic
err := machineKey.UnmarshalText(
[]byte(headscale.MachinePublicKeyEnsurePrefix(machine.MachineKey)),
)
if err != nil {
machineKey = key.MachinePublic{}
}
var nodeKey key.NodePublic
err = nodeKey.UnmarshalText(
[]byte(headscale.NodePublicKeyEnsurePrefix(machine.NodeKey)),
)
if err != nil {
return nil, err
}
nodeKey := tailcfg.NodeKey(nKey)
var online string
if lastSeen.After(time.Now().Add(-5 * time.Minute)) { // TODO: Find a better way to reliably show if online
online = pterm.LightGreen("true")
if machine.Online {
online = pterm.LightGreen("online")
} else {
online = pterm.LightRed("false")
online = pterm.LightRed("offline")
}
var namespace string
if currentNamespace.ID == machine.NamespaceID {
namespace = pterm.LightMagenta(machine.Namespace.Name)
var expired string
if expiry.IsZero() || expiry.After(time.Now()) {
expired = pterm.LightGreen("no")
} else {
namespace = pterm.LightYellow(machine.Namespace.Name)
expired = pterm.LightRed("yes")
}
d = append(d, []string{strconv.FormatUint(machine.ID, 10), machine.Name, nodeKey.ShortString(), namespace, machine.IPAddress, strconv.FormatBool(ephemeral), lastSeenTime, online})
var forcedTags string
for _, tag := range machine.ForcedTags {
forcedTags += "," + tag
}
forcedTags = strings.TrimLeft(forcedTags, ",")
var invalidTags string
for _, tag := range machine.InvalidTags {
if !contains(machine.ForcedTags, tag) {
invalidTags += "," + pterm.LightRed(tag)
}
}
invalidTags = strings.TrimLeft(invalidTags, ",")
var validTags string
for _, tag := range machine.ValidTags {
if !contains(machine.ForcedTags, tag) {
validTags += "," + pterm.LightGreen(tag)
}
}
validTags = strings.TrimLeft(validTags, ",")
var user string
if currentUser == "" || (currentUser == machine.User.Name) {
user = pterm.LightMagenta(machine.User.Name)
} else {
// Shared into this user
user = pterm.LightYellow(machine.User.Name)
}
var IPV4Address string
var IPV6Address string
for _, addr := range machine.IpAddresses {
if netip.MustParseAddr(addr).Is4() {
IPV4Address = addr
} else {
IPV6Address = addr
}
}
nodeData := []string{
strconv.FormatUint(machine.Id, headscale.Base10),
machine.Name,
machine.GetGivenName(),
machineKey.ShortString(),
nodeKey.ShortString(),
user,
strings.Join([]string{IPV4Address, IPV6Address}, ", "),
strconv.FormatBool(ephemeral),
lastSeenTime,
expiryTime,
online,
expired,
}
if showTags {
nodeData = append(nodeData, []string{forcedTags, invalidTags, validTags}...)
}
tableData = append(
tableData,
nodeData,
)
}
return d, nil
return tableData, nil
}
var tagCmd = &cobra.Command{
Use: "tag",
Short: "Manage the tags of a node",
Aliases: []string{"tags", "t"},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
// retrieve flags from CLI
identifier, err := cmd.Flags().GetUint64("identifier")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error converting ID to integer: %s", err),
output,
)
return
}
tagsToSet, err := cmd.Flags().GetStringSlice("tags")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error retrieving list of tags to add to machine, %v", err),
output,
)
return
}
// Sending tags to machine
request := &v1.SetTagsRequest{
MachineId: identifier,
Tags: tagsToSet,
}
resp, err := client.SetTags(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error while sending tags to headscale: %s", err),
output,
)
return
}
if resp != nil {
SuccessOutput(
resp.GetMachine(),
"Machine updated",
output,
)
}
},
}
+178 -89
View File
@@ -2,173 +2,262 @@ package cli
import (
"fmt"
"log"
"strconv"
"strings"
"time"
"github.com/hako/durafmt"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/prometheus/common/model"
"github.com/pterm/pterm"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
"google.golang.org/protobuf/types/known/timestamppb"
)
const (
DefaultPreAuthKeyExpiry = "1h"
)
func init() {
rootCmd.AddCommand(preauthkeysCmd)
preauthkeysCmd.PersistentFlags().StringP("namespace", "n", "", "Namespace")
err := preauthkeysCmd.MarkPersistentFlagRequired("namespace")
preauthkeysCmd.PersistentFlags().StringP("user", "u", "", "User")
preauthkeysCmd.PersistentFlags().StringP("namespace", "n", "", "User")
pakNamespaceFlag := preauthkeysCmd.PersistentFlags().Lookup("namespace")
pakNamespaceFlag.Deprecated = deprecateNamespaceMessage
pakNamespaceFlag.Hidden = true
err := preauthkeysCmd.MarkPersistentFlagRequired("user")
if err != nil {
log.Fatalf(err.Error())
log.Fatal().Err(err).Msg("")
}
preauthkeysCmd.AddCommand(listPreAuthKeys)
preauthkeysCmd.AddCommand(createPreAuthKeyCmd)
preauthkeysCmd.AddCommand(expirePreAuthKeyCmd)
createPreAuthKeyCmd.PersistentFlags().Bool("reusable", false, "Make the preauthkey reusable")
createPreAuthKeyCmd.PersistentFlags().Bool("ephemeral", false, "Preauthkey for ephemeral nodes")
createPreAuthKeyCmd.Flags().StringP("expiration", "e", "", "Human-readable expiration of the key (30m, 24h, 365d...)")
createPreAuthKeyCmd.PersistentFlags().
Bool("reusable", false, "Make the preauthkey reusable")
createPreAuthKeyCmd.PersistentFlags().
Bool("ephemeral", false, "Preauthkey for ephemeral nodes")
createPreAuthKeyCmd.Flags().
StringP("expiration", "e", DefaultPreAuthKeyExpiry, "Human-readable expiration of the key (e.g. 30m, 24h)")
createPreAuthKeyCmd.Flags().
StringSlice("tags", []string{}, "Tags to automatically assign to node")
}
var preauthkeysCmd = &cobra.Command{
Use: "preauthkeys",
Short: "Handle the preauthkeys in Headscale",
Use: "preauthkeys",
Short: "Handle the preauthkeys in Headscale",
Aliases: []string{"preauthkey", "authkey", "pre"},
}
var listPreAuthKeys = &cobra.Command{
Use: "list",
Short: "List the preauthkeys for this namespace",
Use: "list",
Short: "List the preauthkeys for this user",
Aliases: []string{"ls", "show"},
Run: func(cmd *cobra.Command, args []string) {
n, err := cmd.Flags().GetString("namespace")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
o, _ := cmd.Flags().GetString("output")
output, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
user, err := cmd.Flags().GetString("user")
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
keys, err := h.GetPreAuthKeys(n)
if strings.HasPrefix(o, "json") {
JsonOutput(keys, err, o)
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.ListPreAuthKeysRequest{
User: user,
}
response, err := client.ListPreAuthKeys(ctx, request)
if err != nil {
fmt.Printf("Error getting the list of keys: %s\n", err)
ErrorOutput(
err,
fmt.Sprintf("Error getting the list of keys: %s", err),
output,
)
return
}
d := pterm.TableData{{"ID", "Key", "Reusable", "Ephemeral", "Used", "Expiration", "Created"}}
for _, k := range *keys {
if output != "" {
SuccessOutput(response.PreAuthKeys, "", output)
return
}
tableData := pterm.TableData{
{
"ID",
"Key",
"Reusable",
"Ephemeral",
"Used",
"Expiration",
"Created",
"Tags",
},
}
for _, key := range response.PreAuthKeys {
expiration := "-"
if k.Expiration != nil {
expiration = k.Expiration.Format("2006-01-02 15:04:05")
if key.GetExpiration() != nil {
expiration = ColourTime(key.Expiration.AsTime())
}
var reusable string
if k.Ephemeral {
if key.GetEphemeral() {
reusable = "N/A"
} else {
reusable = fmt.Sprintf("%v", k.Reusable)
reusable = fmt.Sprintf("%v", key.GetReusable())
}
d = append(d, []string{
strconv.FormatUint(k.ID, 10),
k.Key,
aclTags := ""
for _, tag := range key.AclTags {
aclTags += "," + tag
}
aclTags = strings.TrimLeft(aclTags, ",")
tableData = append(tableData, []string{
key.GetId(),
key.GetKey(),
reusable,
strconv.FormatBool(k.Ephemeral),
fmt.Sprintf("%v", k.Used),
strconv.FormatBool(key.GetEphemeral()),
strconv.FormatBool(key.GetUsed()),
expiration,
k.CreatedAt.Format("2006-01-02 15:04:05"),
key.GetCreatedAt().AsTime().Format("2006-01-02 15:04:05"),
aclTags,
})
}
err = pterm.DefaultTable.WithHasHeader().WithData(d).Render()
err = pterm.DefaultTable.WithHasHeader().WithData(tableData).Render()
if err != nil {
log.Fatal(err)
ErrorOutput(
err,
fmt.Sprintf("Failed to render pterm table: %s", err),
output,
)
return
}
},
}
var createPreAuthKeyCmd = &cobra.Command{
Use: "create",
Short: "Creates a new preauthkey in the specified namespace",
Use: "create",
Short: "Creates a new preauthkey in the specified user",
Aliases: []string{"c", "new"},
Run: func(cmd *cobra.Command, args []string) {
n, err := cmd.Flags().GetString("namespace")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
o, _ := cmd.Flags().GetString("output")
output, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
user, err := cmd.Flags().GetString("user")
if err != nil {
log.Fatalf("Error initializing: %s", err)
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
return
}
reusable, _ := cmd.Flags().GetBool("reusable")
ephemeral, _ := cmd.Flags().GetBool("ephemeral")
tags, _ := cmd.Flags().GetStringSlice("tags")
e, _ := cmd.Flags().GetString("expiration")
var expiration *time.Time
if e != "" {
duration, err := durafmt.ParseStringShort(e)
if err != nil {
log.Fatalf("Error parsing expiration: %s", err)
}
exp := time.Now().UTC().Add(duration.Duration())
expiration = &exp
log.Trace().
Bool("reusable", reusable).
Bool("ephemeral", ephemeral).
Str("user", user).
Msg("Preparing to create preauthkey")
request := &v1.CreatePreAuthKeyRequest{
User: user,
Reusable: reusable,
Ephemeral: ephemeral,
AclTags: tags,
}
k, err := h.CreatePreAuthKey(n, reusable, ephemeral, expiration)
if strings.HasPrefix(o, "json") {
JsonOutput(k, err, o)
return
}
durationStr, _ := cmd.Flags().GetString("expiration")
duration, err := model.ParseDuration(durationStr)
if err != nil {
fmt.Println(err)
ErrorOutput(
err,
fmt.Sprintf("Could not parse duration: %s\n", err),
output,
)
return
}
fmt.Printf("%s\n", k.Key)
expiration := time.Now().UTC().Add(time.Duration(duration))
log.Trace().
Dur("expiration", time.Duration(duration)).
Msg("expiration has been set")
request.Expiration = timestamppb.New(expiration)
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
response, err := client.CreatePreAuthKey(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot create Pre Auth Key: %s\n", err),
output,
)
return
}
SuccessOutput(response.PreAuthKey, response.PreAuthKey.Key, output)
},
}
var expirePreAuthKeyCmd = &cobra.Command{
Use: "expire KEY",
Short: "Expire a preauthkey",
Use: "expire KEY",
Short: "Expire a preauthkey",
Aliases: []string{"revoke", "exp", "e"},
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("missing parameters")
return errMissingParameter
}
return nil
},
Run: func(cmd *cobra.Command, args []string) {
n, err := cmd.Flags().GetString("namespace")
output, _ := cmd.Flags().GetString("output")
user, err := cmd.Flags().GetString("user")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
o, _ := cmd.Flags().GetString("output")
ErrorOutput(err, fmt.Sprintf("Error getting user: %s", err), output)
h, err := getHeadscaleApp()
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
k, err := h.GetPreAuthKey(n, args[0])
if err != nil {
if strings.HasPrefix(o, "json") {
JsonOutput(k, err, o)
return
}
log.Fatalf("Error getting the key: %s", err)
}
err = h.MarkExpirePreAuthKey(k)
if strings.HasPrefix(o, "json") {
JsonOutput(k, err, o)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.ExpirePreAuthKeyRequest{
User: user,
Key: args[0],
}
response, err := client.ExpirePreAuthKey(ctx, request)
if err != nil {
fmt.Println(err)
ErrorOutput(
err,
fmt.Sprintf("Cannot expire Pre Auth Key: %s\n", err),
output,
)
return
}
fmt.Println("Expired")
SuccessOutput(response, "Key expired", output)
},
}
+19
View File
@@ -0,0 +1,19 @@
package cli
import (
"time"
"github.com/pterm/pterm"
)
func ColourTime(date time.Time) string {
dateStr := date.Format("2006-01-02 15:04:05")
if date.After(time.Now()) {
dateStr = pterm.LightGreen(dateStr)
} else {
dateStr = pterm.LightRed(dateStr)
}
return dateStr
}
+78 -2
View File
@@ -3,13 +3,89 @@ package cli
import (
"fmt"
"os"
"runtime"
"github.com/juanfont/headscale"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
"github.com/tcnksm/go-latest"
)
const (
deprecateNamespaceMessage = "use --user"
)
var cfgFile string = ""
func init() {
rootCmd.PersistentFlags().StringP("output", "o", "", "Output format. Empty for human-readable, 'json' or 'json-line'")
rootCmd.PersistentFlags().Bool("force", false, "Disable prompts and forces the execution")
if len(os.Args) > 1 &&
(os.Args[1] == "version" || os.Args[1] == "mockoidc" || os.Args[1] == "completion") {
return
}
cobra.OnInitialize(initConfig)
rootCmd.PersistentFlags().
StringVarP(&cfgFile, "config", "c", "", "config file (default is /etc/headscale/config.yaml)")
rootCmd.PersistentFlags().
StringP("output", "o", "", "Output format. Empty for human-readable, 'json', 'json-line' or 'yaml'")
rootCmd.PersistentFlags().
Bool("force", false, "Disable prompts and forces the execution")
}
func initConfig() {
if cfgFile == "" {
cfgFile = os.Getenv("HEADSCALE_CONFIG")
}
if cfgFile != "" {
err := headscale.LoadConfig(cfgFile, true)
if err != nil {
log.Fatal().Caller().Err(err).Msgf("Error loading config file %s", cfgFile)
}
} else {
err := headscale.LoadConfig("", false)
if err != nil {
log.Fatal().Caller().Err(err).Msgf("Error loading config")
}
}
cfg, err := headscale.GetHeadscaleConfig()
if err != nil {
log.Fatal().Caller().Err(err)
}
machineOutput := HasMachineOutputFlag()
zerolog.SetGlobalLevel(cfg.Log.Level)
// If the user has requested a "machine" readable format,
// then disable login so the output remains valid.
if machineOutput {
zerolog.SetGlobalLevel(zerolog.Disabled)
}
if cfg.Log.Format == headscale.JSONLogFormat {
log.Logger = log.Output(os.Stdout)
}
if !cfg.DisableUpdateCheck && !machineOutput {
if (runtime.GOOS == "linux" || runtime.GOOS == "darwin") &&
Version != "dev" {
githubTag := &latest.GithubTag{
Owner: "juanfont",
Repository: "headscale",
}
res, err := latest.Check(githubTag, Version)
if err == nil && res.Outdated {
//nolint
fmt.Printf(
"An updated version of Headscale has been found (%s vs. your current %s). Check it out https://github.com/juanfont/headscale/releases\n",
res.Current,
Version,
)
}
}
}
}
var rootCmd = &cobra.Command{
+248 -97
View File
@@ -3,145 +3,296 @@ package cli
import (
"fmt"
"log"
"strings"
"net/netip"
"strconv"
"github.com/juanfont/headscale"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/pterm/pterm"
"github.com/spf13/cobra"
"google.golang.org/grpc/status"
)
const (
Base10 = 10
)
func init() {
rootCmd.AddCommand(routesCmd)
routesCmd.PersistentFlags().StringP("namespace", "n", "", "Namespace")
err := routesCmd.MarkPersistentFlagRequired("namespace")
listRoutesCmd.Flags().Uint64P("identifier", "i", 0, "Node identifier (ID)")
routesCmd.AddCommand(listRoutesCmd)
enableRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)")
err := enableRouteCmd.MarkFlagRequired("route")
if err != nil {
log.Fatalf(err.Error())
}
enableRouteCmd.Flags().BoolP("all", "a", false, "Enable all routes advertised by the node")
routesCmd.AddCommand(listRoutesCmd)
routesCmd.AddCommand(enableRouteCmd)
disableRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)")
err = disableRouteCmd.MarkFlagRequired("route")
if err != nil {
log.Fatalf(err.Error())
}
routesCmd.AddCommand(disableRouteCmd)
deleteRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)")
err = deleteRouteCmd.MarkFlagRequired("route")
if err != nil {
log.Fatalf(err.Error())
}
routesCmd.AddCommand(deleteRouteCmd)
}
var routesCmd = &cobra.Command{
Use: "routes",
Short: "Manage the routes of Headscale",
Use: "routes",
Short: "Manage the routes of Headscale",
Aliases: []string{"r", "route"},
}
var listRoutesCmd = &cobra.Command{
Use: "list NODE",
Short: "List the routes exposed by this node",
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return fmt.Errorf("Missing parameters")
}
return nil
},
Use: "list",
Short: "List all routes",
Aliases: []string{"ls", "show"},
Run: func(cmd *cobra.Command, args []string) {
n, err := cmd.Flags().GetString("namespace")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
o, _ := cmd.Flags().GetString("output")
output, _ := cmd.Flags().GetString("output")
h, err := getHeadscaleApp()
machineID, err := cmd.Flags().GetUint64("identifier")
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
ErrorOutput(
err,
fmt.Sprintf("Error getting machine id from flag: %s", err),
output,
)
availableRoutes, err := h.GetAdvertisedNodeRoutes(n, args[0])
if err != nil {
fmt.Println(err)
return
}
if strings.HasPrefix(o, "json") {
// TODO: Add enable/disabled information to this interface
JsonOutput(availableRoutes, err, o)
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
var routes []*v1.Route
if machineID == 0 {
response, err := client.GetRoutes(ctx, &v1.GetRoutesRequest{})
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot get nodes: %s", status.Convert(err).Message()),
output,
)
return
}
if output != "" {
SuccessOutput(response.Routes, "", output)
return
}
routes = response.Routes
} else {
response, err := client.GetMachineRoutes(ctx, &v1.GetMachineRoutesRequest{
MachineId: machineID,
})
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot get routes for machine %d: %s", machineID, status.Convert(err).Message()),
output,
)
return
}
if output != "" {
SuccessOutput(response.Routes, "", output)
return
}
routes = response.Routes
}
tableData := routesToPtables(routes)
if err != nil {
ErrorOutput(err, fmt.Sprintf("Error converting to table: %s", err), output)
return
}
d := h.RoutesToPtables(n, args[0], *availableRoutes)
err = pterm.DefaultTable.WithHasHeader().WithData(d).Render()
err = pterm.DefaultTable.WithHasHeader().WithData(tableData).Render()
if err != nil {
log.Fatal(err)
ErrorOutput(
err,
fmt.Sprintf("Failed to render pterm table: %s", err),
output,
)
return
}
},
}
var enableRouteCmd = &cobra.Command{
Use: "enable node-name route",
Short: "Allows exposing a route declared by this node to the rest of the nodes",
Args: func(cmd *cobra.Command, args []string) error {
all, err := cmd.Flags().GetBool("all")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
}
if all {
if len(args) < 1 {
return fmt.Errorf("Missing parameters")
}
return nil
} else {
if len(args) < 2 {
return fmt.Errorf("Missing parameters")
}
return nil
}
},
Use: "enable",
Short: "Set a route as enabled",
Long: `This command will make as enabled a given route.`,
Run: func(cmd *cobra.Command, args []string) {
n, err := cmd.Flags().GetString("namespace")
output, _ := cmd.Flags().GetString("output")
routeID, err := cmd.Flags().GetUint64("route")
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
ErrorOutput(
err,
fmt.Sprintf("Error getting machine id from flag: %s", err),
output,
)
return
}
o, _ := cmd.Flags().GetString("output")
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
all, err := cmd.Flags().GetBool("all")
response, err := client.EnableRoute(ctx, &v1.EnableRouteRequest{
RouteId: routeID,
})
if err != nil {
log.Fatalf("Error getting namespace: %s", err)
ErrorOutput(
err,
fmt.Sprintf("Cannot enable route %d: %s", routeID, status.Convert(err).Message()),
output,
)
return
}
h, err := getHeadscaleApp()
if err != nil {
log.Fatalf("Error initializing: %s", err)
}
if output != "" {
SuccessOutput(response, "", output)
if all {
availableRoutes, err := h.GetAdvertisedNodeRoutes(n, args[0])
if err != nil {
fmt.Println(err)
return
}
for _, availableRoute := range *availableRoutes {
err = h.EnableNodeRoute(n, args[0], availableRoute.String())
if err != nil {
fmt.Println(err)
return
}
if strings.HasPrefix(o, "json") {
JsonOutput(availableRoute, err, o)
} else {
fmt.Printf("Enabled route %s\n", availableRoute)
}
}
} else {
err = h.EnableNodeRoute(n, args[0], args[1])
if strings.HasPrefix(o, "json") {
JsonOutput(args[1], err, o)
return
}
if err != nil {
fmt.Println(err)
return
}
fmt.Printf("Enabled route %s\n", args[1])
return
}
},
}
var disableRouteCmd = &cobra.Command{
Use: "disable",
Short: "Set as disabled a given route",
Long: `This command will make as disabled a given route.`,
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
routeID, err := cmd.Flags().GetUint64("route")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting machine id from flag: %s", err),
output,
)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
response, err := client.DisableRoute(ctx, &v1.DisableRouteRequest{
RouteId: routeID,
})
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot disable route %d: %s", routeID, status.Convert(err).Message()),
output,
)
return
}
if output != "" {
SuccessOutput(response, "", output)
return
}
},
}
var deleteRouteCmd = &cobra.Command{
Use: "delete",
Short: "Delete a given route",
Long: `This command will delete a given route.`,
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
routeID, err := cmd.Flags().GetUint64("route")
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error getting machine id from flag: %s", err),
output,
)
return
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
response, err := client.DeleteRoute(ctx, &v1.DeleteRouteRequest{
RouteId: routeID,
})
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot delete route %d: %s", routeID, status.Convert(err).Message()),
output,
)
return
}
if output != "" {
SuccessOutput(response, "", output)
return
}
},
}
// routesToPtables converts the list of routes to a nice table.
func routesToPtables(routes []*v1.Route) pterm.TableData {
tableData := pterm.TableData{{"ID", "Machine", "Prefix", "Advertised", "Enabled", "Primary"}}
for _, route := range routes {
var isPrimaryStr string
prefix, err := netip.ParsePrefix(route.Prefix)
if err != nil {
log.Printf("Error parsing prefix %s: %s", route.Prefix, err)
continue
}
if prefix == headscale.ExitRouteV4 || prefix == headscale.ExitRouteV6 {
isPrimaryStr = "-"
} else {
isPrimaryStr = strconv.FormatBool(route.IsPrimary)
}
tableData = append(tableData,
[]string{
strconv.FormatUint(route.Id, Base10),
route.Machine.GivenName,
route.Prefix,
strconv.FormatBool(route.Advertised),
strconv.FormatBool(route.Enabled),
isPrimaryStr,
})
}
return tableData
}
+5 -6
View File
@@ -1,8 +1,7 @@
package cli
import (
"log"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
)
@@ -17,14 +16,14 @@ var serveCmd = &cobra.Command{
return nil
},
Run: func(cmd *cobra.Command, args []string) {
h, err := getHeadscaleApp()
app, err := getHeadscaleApp()
if err != nil {
log.Fatalf("Error initializing: %s", err)
log.Fatal().Caller().Err(err).Msg("Error initializing")
}
err = h.Serve()
err = app.Serve()
if err != nil {
log.Fatalf("Error initializing: %s", err)
log.Fatal().Caller().Err(err).Msg("Error starting server")
}
},
}
+243
View File
@@ -0,0 +1,243 @@
package cli
import (
"fmt"
survey "github.com/AlecAivazis/survey/v2"
"github.com/juanfont/headscale"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/pterm/pterm"
"github.com/rs/zerolog/log"
"github.com/spf13/cobra"
"google.golang.org/grpc/status"
)
func init() {
rootCmd.AddCommand(userCmd)
userCmd.AddCommand(createUserCmd)
userCmd.AddCommand(listUsersCmd)
userCmd.AddCommand(destroyUserCmd)
userCmd.AddCommand(renameUserCmd)
}
const (
errMissingParameter = headscale.Error("missing parameters")
)
var userCmd = &cobra.Command{
Use: "users",
Short: "Manage the users of Headscale",
Aliases: []string{"user", "namespace", "namespaces", "ns"},
}
var createUserCmd = &cobra.Command{
Use: "create NAME",
Short: "Creates a new user",
Aliases: []string{"c", "new"},
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return errMissingParameter
}
return nil
},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
userName := args[0]
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
log.Trace().Interface("client", client).Msg("Obtained gRPC client")
request := &v1.CreateUserRequest{Name: userName}
log.Trace().Interface("request", request).Msg("Sending CreateUser request")
response, err := client.CreateUser(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Cannot create user: %s",
status.Convert(err).Message(),
),
output,
)
return
}
SuccessOutput(response.User, "User created", output)
},
}
var destroyUserCmd = &cobra.Command{
Use: "destroy NAME",
Short: "Destroys a user",
Aliases: []string{"delete"},
Args: func(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
return errMissingParameter
}
return nil
},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
userName := args[0]
request := &v1.GetUserRequest{
Name: userName,
}
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
_, err := client.GetUser(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Error: %s", status.Convert(err).Message()),
output,
)
return
}
confirm := false
force, _ := cmd.Flags().GetBool("force")
if !force {
prompt := &survey.Confirm{
Message: fmt.Sprintf(
"Do you want to remove the user '%s' and any associated preauthkeys?",
userName,
),
}
err := survey.AskOne(prompt, &confirm)
if err != nil {
return
}
}
if confirm || force {
request := &v1.DeleteUserRequest{Name: userName}
response, err := client.DeleteUser(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Cannot destroy user: %s",
status.Convert(err).Message(),
),
output,
)
return
}
SuccessOutput(response, "User destroyed", output)
} else {
SuccessOutput(map[string]string{"Result": "User not destroyed"}, "User not destroyed", output)
}
},
}
var listUsersCmd = &cobra.Command{
Use: "list",
Short: "List all the users",
Aliases: []string{"ls", "show"},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.ListUsersRequest{}
response, err := client.ListUsers(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Cannot get users: %s", status.Convert(err).Message()),
output,
)
return
}
if output != "" {
SuccessOutput(response.Users, "", output)
return
}
tableData := pterm.TableData{{"ID", "Name", "Created"}}
for _, user := range response.GetUsers() {
tableData = append(
tableData,
[]string{
user.GetId(),
user.GetName(),
user.GetCreatedAt().AsTime().Format("2006-01-02 15:04:05"),
},
)
}
err = pterm.DefaultTable.WithHasHeader().WithData(tableData).Render()
if err != nil {
ErrorOutput(
err,
fmt.Sprintf("Failed to render pterm table: %s", err),
output,
)
return
}
},
}
var renameUserCmd = &cobra.Command{
Use: "rename OLD_NAME NEW_NAME",
Short: "Renames a user",
Aliases: []string{"mv"},
Args: func(cmd *cobra.Command, args []string) error {
expectedArguments := 2
if len(args) < expectedArguments {
return errMissingParameter
}
return nil
},
Run: func(cmd *cobra.Command, args []string) {
output, _ := cmd.Flags().GetString("output")
ctx, client, conn, cancel := getHeadscaleCLIClient()
defer cancel()
defer conn.Close()
request := &v1.RenameUserRequest{
OldName: args[0],
NewName: args[1],
}
response, err := client.RenameUser(ctx, request)
if err != nil {
ErrorOutput(
err,
fmt.Sprintf(
"Cannot rename user: %s",
status.Convert(err).Message(),
),
output,
)
return
}
SuccessOutput(response.User, "User renamed", output)
},
}
+167 -221
View File
@@ -1,273 +1,219 @@
package cli
import (
"context"
"crypto/tls"
"encoding/json"
"errors"
"fmt"
"io"
"os"
"path/filepath"
"strings"
"time"
"reflect"
"github.com/juanfont/headscale"
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
"github.com/rs/zerolog/log"
"github.com/spf13/viper"
"gopkg.in/yaml.v2"
"inet.af/netaddr"
"tailscale.com/tailcfg"
"tailscale.com/types/dnstype"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/credentials/insecure"
"gopkg.in/yaml.v3"
)
type ErrorOutput struct {
Error string
}
func LoadConfig(path string) error {
viper.SetConfigName("config")
if path == "" {
viper.AddConfigPath("/etc/headscale/")
viper.AddConfigPath("$HOME/.headscale")
viper.AddConfigPath(".")
} else {
// For testing
viper.AddConfigPath(path)
}
viper.AutomaticEnv()
viper.SetDefault("tls_letsencrypt_cache_dir", "/var/www/.cache")
viper.SetDefault("tls_letsencrypt_challenge_type", "HTTP-01")
viper.SetDefault("ip_prefix", "100.64.0.0/10")
viper.SetDefault("log_level", "info")
viper.SetDefault("dns_config", nil)
err := viper.ReadInConfig()
if err != nil {
return fmt.Errorf("Fatal error reading config file: %s \n", err)
}
// Collect any validation errors and return them all at once
var errorText string
if (viper.GetString("tls_letsencrypt_hostname") != "") && ((viper.GetString("tls_cert_path") != "") || (viper.GetString("tls_key_path") != "")) {
errorText += "Fatal config error: set either tls_letsencrypt_hostname or tls_cert_path/tls_key_path, not both\n"
}
if (viper.GetString("tls_letsencrypt_hostname") != "") && (viper.GetString("tls_letsencrypt_challenge_type") == "TLS-ALPN-01") && (!strings.HasSuffix(viper.GetString("listen_addr"), ":443")) {
// this is only a warning because there could be something sitting in front of headscale that redirects the traffic (e.g. an iptables rule)
log.Warn().
Msg("Warning: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, headscale must be reachable on port 443, i.e. listen_addr should probably end in :443")
}
if (viper.GetString("tls_letsencrypt_challenge_type") != "HTTP-01") && (viper.GetString("tls_letsencrypt_challenge_type") != "TLS-ALPN-01") {
errorText += "Fatal config error: the only supported values for tls_letsencrypt_challenge_type are HTTP-01 and TLS-ALPN-01\n"
}
if !strings.HasPrefix(viper.GetString("server_url"), "http://") && !strings.HasPrefix(viper.GetString("server_url"), "https://") {
errorText += "Fatal config error: server_url must start with https:// or http://\n"
}
if errorText != "" {
return errors.New(strings.TrimSuffix(errorText, "\n"))
} else {
return nil
}
}
func GetDNSConfig() (*tailcfg.DNSConfig, string) {
if viper.IsSet("dns_config") {
dnsConfig := &tailcfg.DNSConfig{}
if viper.IsSet("dns_config.nameservers") {
nameserversStr := viper.GetStringSlice("dns_config.nameservers")
nameservers := make([]netaddr.IP, len(nameserversStr))
resolvers := make([]dnstype.Resolver, len(nameserversStr))
for index, nameserverStr := range nameserversStr {
nameserver, err := netaddr.ParseIP(nameserverStr)
if err != nil {
log.Error().
Str("func", "getDNSConfig").
Err(err).
Msgf("Could not parse nameserver IP: %s", nameserverStr)
}
nameservers[index] = nameserver
resolvers[index] = dnstype.Resolver{
Addr: nameserver.String(),
}
}
dnsConfig.Nameservers = nameservers
dnsConfig.Resolvers = resolvers
}
if viper.IsSet("dns_config.domains") {
dnsConfig.Domains = viper.GetStringSlice("dns_config.domains")
}
if viper.IsSet("dns_config.magic_dns") {
magicDNS := viper.GetBool("dns_config.magic_dns")
if len(dnsConfig.Nameservers) > 0 {
dnsConfig.Proxied = magicDNS
} else if magicDNS {
log.Warn().
Msg("Warning: dns_config.magic_dns is set, but no nameservers are configured. Ignoring magic_dns.")
}
}
var baseDomain string
if viper.IsSet("dns_config.base_domain") {
baseDomain = viper.GetString("dns_config.base_domain")
} else {
baseDomain = "headscale.net" // does not really matter when MagicDNS is not enabled
}
return dnsConfig, baseDomain
}
return nil, ""
}
func absPath(path string) string {
// If a relative path is provided, prefix it with the the directory where
// the config file was found.
if (path != "") && !strings.HasPrefix(path, string(os.PathSeparator)) {
dir, _ := filepath.Split(viper.ConfigFileUsed())
if dir != "" {
path = filepath.Join(dir, path)
}
}
return path
}
const (
HeadscaleDateTimeFormat = "2006-01-02 15:04:05"
SocketWritePermissions = 0o666
)
func getHeadscaleApp() (*headscale.Headscale, error) {
derpPath := absPath(viper.GetString("derp_map_path"))
derpMap, err := loadDerpMap(derpPath)
cfg, err := headscale.GetHeadscaleConfig()
if err != nil {
log.Error().
Str("path", derpPath).
Err(err).
Msg("Could not load DERP servers map file")
return nil, fmt.Errorf(
"failed to load configuration while creating headscale instance: %w",
err,
)
}
// Minimum inactivity time out is keepalive timeout (60s) plus a few seconds
// to avoid races
minInactivityTimeout, _ := time.ParseDuration("65s")
if viper.GetDuration("ephemeral_node_inactivity_timeout") <= minInactivityTimeout {
err = fmt.Errorf("ephemeral_node_inactivity_timeout (%s) is set too low, must be more than %s\n", viper.GetString("ephemeral_node_inactivity_timeout"), minInactivityTimeout)
return nil, err
}
dnsConfig, baseDomain := GetDNSConfig()
cfg := headscale.Config{
ServerURL: viper.GetString("server_url"),
Addr: viper.GetString("listen_addr"),
PrivateKeyPath: absPath(viper.GetString("private_key_path")),
DerpMap: derpMap,
IPPrefix: netaddr.MustParseIPPrefix(viper.GetString("ip_prefix")),
BaseDomain: baseDomain,
EphemeralNodeInactivityTimeout: viper.GetDuration("ephemeral_node_inactivity_timeout"),
DBtype: viper.GetString("db_type"),
DBpath: absPath(viper.GetString("db_path")),
DBhost: viper.GetString("db_host"),
DBport: viper.GetInt("db_port"),
DBname: viper.GetString("db_name"),
DBuser: viper.GetString("db_user"),
DBpass: viper.GetString("db_pass"),
TLSLetsEncryptHostname: viper.GetString("tls_letsencrypt_hostname"),
TLSLetsEncryptListen: viper.GetString("tls_letsencrypt_listen"),
TLSLetsEncryptCacheDir: absPath(viper.GetString("tls_letsencrypt_cache_dir")),
TLSLetsEncryptChallengeType: viper.GetString("tls_letsencrypt_challenge_type"),
TLSCertPath: absPath(viper.GetString("tls_cert_path")),
TLSKeyPath: absPath(viper.GetString("tls_key_path")),
DNSConfig: dnsConfig,
ACMEEmail: viper.GetString("acme_email"),
ACMEURL: viper.GetString("acme_url"),
}
h, err := headscale.NewHeadscale(cfg)
app, err := headscale.NewHeadscale(cfg)
if err != nil {
return nil, err
}
// We are doing this here, as in the future could be cool to have it also hot-reload
if viper.GetString("acl_policy_path") != "" {
aclPath := absPath(viper.GetString("acl_policy_path"))
err = h.LoadACLPolicy(aclPath)
if cfg.ACL.PolicyPath != "" {
aclPath := headscale.AbsolutePathFromConfigPath(cfg.ACL.PolicyPath)
err = app.LoadACLPolicy(aclPath)
if err != nil {
log.Error().
log.Fatal().
Str("path", aclPath).
Err(err).
Msg("Could not load the ACL policy")
}
}
return h, nil
return app, nil
}
func loadDerpMap(path string) (*tailcfg.DERPMap, error) {
derpFile, err := os.Open(path)
func getHeadscaleCLIClient() (context.Context, v1.HeadscaleServiceClient, *grpc.ClientConn, context.CancelFunc) {
cfg, err := headscale.GetHeadscaleConfig()
if err != nil {
return nil, err
log.Fatal().
Err(err).
Caller().
Msgf("Failed to load configuration")
os.Exit(-1) // we get here if logging is suppressed (i.e., json output)
}
defer derpFile.Close()
var derpMap tailcfg.DERPMap
b, err := io.ReadAll(derpFile)
log.Debug().
Dur("timeout", cfg.CLI.Timeout).
Msgf("Setting timeout")
ctx, cancel := context.WithTimeout(context.Background(), cfg.CLI.Timeout)
grpcOptions := []grpc.DialOption{
grpc.WithBlock(),
}
address := cfg.CLI.Address
// If the address is not set, we assume that we are on the server hosting headscale.
if address == "" {
log.Debug().
Str("socket", cfg.UnixSocket).
Msgf("HEADSCALE_CLI_ADDRESS environment is not set, connecting to unix socket.")
address = cfg.UnixSocket
// Try to give the user better feedback if we cannot write to the headscale
// socket.
socket, err := os.OpenFile(cfg.UnixSocket, os.O_WRONLY, SocketWritePermissions) //nolint
if err != nil {
if os.IsPermission(err) {
log.Fatal().
Err(err).
Str("socket", cfg.UnixSocket).
Msgf("Unable to read/write to headscale socket, do you have the correct permissions?")
}
}
socket.Close()
grpcOptions = append(
grpcOptions,
grpc.WithTransportCredentials(insecure.NewCredentials()),
grpc.WithContextDialer(headscale.GrpcSocketDialer),
)
} else {
// If we are not connecting to a local server, require an API key for authentication
apiKey := cfg.CLI.APIKey
if apiKey == "" {
log.Fatal().Caller().Msgf("HEADSCALE_CLI_API_KEY environment variable needs to be set.")
}
grpcOptions = append(grpcOptions,
grpc.WithPerRPCCredentials(tokenAuth{
token: apiKey,
}),
)
if cfg.CLI.Insecure {
tlsConfig := &tls.Config{
// turn of gosec as we are intentionally setting
// insecure.
//nolint:gosec
InsecureSkipVerify: true,
}
grpcOptions = append(grpcOptions,
grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)),
)
} else {
grpcOptions = append(grpcOptions,
grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")),
)
}
}
log.Trace().Caller().Str("address", address).Msg("Connecting via gRPC")
conn, err := grpc.DialContext(ctx, address, grpcOptions...)
if err != nil {
return nil, err
log.Fatal().Caller().Err(err).Msgf("Could not connect: %v", err)
os.Exit(-1) // we get here if logging is suppressed (i.e., json output)
}
err = yaml.Unmarshal(b, &derpMap)
return &derpMap, err
client := v1.NewHeadscaleServiceClient(conn)
return ctx, client, conn, cancel
}
func JsonOutput(result interface{}, errResult error, outputFormat string) {
var j []byte
func SuccessOutput(result interface{}, override string, outputFormat string) {
var jsonBytes []byte
var err error
switch outputFormat {
case "json":
if errResult != nil {
j, err = json.MarshalIndent(ErrorOutput{errResult.Error()}, "", "\t")
if err != nil {
log.Fatal().Err(err)
}
} else {
j, err = json.MarshalIndent(result, "", "\t")
if err != nil {
log.Fatal().Err(err)
}
jsonBytes, err = json.MarshalIndent(result, "", "\t")
if err != nil {
log.Fatal().Err(err)
}
case "json-line":
if errResult != nil {
j, err = json.Marshal(ErrorOutput{errResult.Error()})
if err != nil {
log.Fatal().Err(err)
}
} else {
j, err = json.Marshal(result)
if err != nil {
log.Fatal().Err(err)
}
jsonBytes, err = json.Marshal(result)
if err != nil {
log.Fatal().Err(err)
}
case "yaml":
jsonBytes, err = yaml.Marshal(result)
if err != nil {
log.Fatal().Err(err)
}
default:
//nolint
fmt.Println(override)
return
}
fmt.Println(string(j))
//nolint
fmt.Println(string(jsonBytes))
}
func HasJsonOutputFlag() bool {
func ErrorOutput(errResult error, override string, outputFormat string) {
type errOutput struct {
Error string `json:"error"`
}
SuccessOutput(errOutput{errResult.Error()}, override, outputFormat)
}
func HasMachineOutputFlag() bool {
for _, arg := range os.Args {
if arg == "json" || arg == "json-line" {
if arg == "json" || arg == "json-line" || arg == "yaml" {
return true
}
}
return false
}
type tokenAuth struct {
token string
}
// Return value is mapped to request headers.
func (t tokenAuth) GetRequestMetadata(
ctx context.Context,
in ...string,
) (map[string]string, error) {
return map[string]string{
"authorization": "Bearer " + t.token,
}, nil
}
func (tokenAuth) RequireTransportSecurity() bool {
return true
}
func contains[T string](ts []T, t T) bool {
for _, v := range ts {
if reflect.DeepEqual(v, t) {
return true
}
}
return false
}
+2 -9
View File
@@ -1,9 +1,6 @@
package cli
import (
"fmt"
"strings"
"github.com/spf13/cobra"
)
@@ -18,11 +15,7 @@ var versionCmd = &cobra.Command{
Short: "Print the version.",
Long: "The version of headscale.",
Run: func(cmd *cobra.Command, args []string) {
o, _ := cmd.Flags().GetString("output")
if strings.HasPrefix(o, "json") {
JsonOutput(map[string]string{"version": Version}, nil, o)
return
}
fmt.Println(Version)
output, _ := cmd.Flags().GetString("output")
SuccessOutput(map[string]string{"version": Version}, Version, output)
},
}
+16 -40
View File
@@ -1,20 +1,30 @@
package main
import (
"fmt"
"os"
"runtime"
"time"
"github.com/efekarakus/termcolor"
"github.com/juanfont/headscale/cmd/headscale/cli"
"github.com/pkg/profile"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/spf13/viper"
"github.com/tcnksm/go-latest"
)
func main() {
if _, enableProfile := os.LookupEnv("HEADSCALE_PROFILING_ENABLED"); enableProfile {
if profilePath, ok := os.LookupEnv("HEADSCALE_PROFILING_PATH"); ok {
err := os.MkdirAll(profilePath, os.ModePerm)
if err != nil {
log.Fatal().Err(err).Msg("failed to create profiling directory")
}
defer profile.Start(profile.ProfilePath(profilePath)).Stop()
} else {
defer profile.Start().Stop()
}
}
var colors bool
switch l := termcolor.SupportLevel(os.Stderr); l {
case termcolor.Level16M:
@@ -23,6 +33,8 @@ func main() {
colors = true
case termcolor.LevelBasic:
colors = true
case termcolor.LevelNone:
colors = false
default:
// no color, return text as is.
colors = false
@@ -41,41 +53,5 @@ func main() {
NoColor: !colors,
})
err := cli.LoadConfig("")
if err != nil {
log.Fatal().Err(err)
}
logLevel := viper.GetString("log_level")
switch logLevel {
case "trace":
zerolog.SetGlobalLevel(zerolog.TraceLevel)
case "debug":
zerolog.SetGlobalLevel(zerolog.DebugLevel)
case "info":
zerolog.SetGlobalLevel(zerolog.InfoLevel)
case "warn":
zerolog.SetGlobalLevel(zerolog.WarnLevel)
case "error":
zerolog.SetGlobalLevel(zerolog.ErrorLevel)
default:
zerolog.SetGlobalLevel(zerolog.DebugLevel)
}
jsonOutput := cli.HasJsonOutputFlag()
if !viper.GetBool("disable_check_updates") && !jsonOutput {
if (runtime.GOOS == "linux" || runtime.GOOS == "darwin") && cli.Version != "dev" {
githubTag := &latest.GithubTag{
Owner: "juanfont",
Repository: "headscale",
}
res, err := latest.Check(githubTag, cli.Version)
if err == nil && res.Outdated {
fmt.Printf("An updated version of Headscale has been found (%s vs. your current %s). Check it out https://github.com/juanfont/headscale/releases\n",
res.Current, cli.Version)
}
}
}
cli.Execute()
}
+105 -62
View File
@@ -1,14 +1,13 @@
package main
import (
"fmt"
"io/ioutil"
"io/fs"
"os"
"path/filepath"
"strings"
"testing"
"github.com/juanfont/headscale/cmd/headscale/cli"
"github.com/juanfont/headscale"
"github.com/spf13/viper"
"gopkg.in/check.v1"
)
@@ -25,11 +24,10 @@ func (s *Suite) SetUpSuite(c *check.C) {
}
func (s *Suite) TearDownSuite(c *check.C) {
}
func (*Suite) TestPostgresConfigLoading(c *check.C) {
tmpDir, err := ioutil.TempDir("", "headscale")
func (*Suite) TestConfigFileLoading(c *check.C) {
tmpDir, err := os.MkdirTemp("", "headscale")
if err != nil {
c.Fatal(err)
}
@@ -40,63 +38,41 @@ func (*Suite) TestPostgresConfigLoading(c *check.C) {
c.Fatal(err)
}
cfgFile := filepath.Join(tmpDir, "config.yaml")
// Symlink the example config file
err = os.Symlink(filepath.Clean(path+"/../../config.json.postgres.example"), filepath.Join(tmpDir, "config.json"))
err = os.Symlink(
filepath.Clean(path+"/../../config-example.yaml"),
cfgFile,
)
if err != nil {
c.Fatal(err)
}
// Load example config, it should load without validation errors
err = cli.LoadConfig(tmpDir)
err = headscale.LoadConfig(cfgFile, true)
c.Assert(err, check.IsNil)
// Test that config file was interpreted correctly
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080")
c.Assert(viper.GetString("derp_map_path"), check.Equals, "derp.yaml")
c.Assert(viper.GetString("db_type"), check.Equals, "postgres")
c.Assert(viper.GetString("db_port"), check.Equals, "5432")
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
}
func (*Suite) TestSqliteConfigLoading(c *check.C) {
tmpDir, err := ioutil.TempDir("", "headscale")
if err != nil {
c.Fatal(err)
}
defer os.RemoveAll(tmpDir)
path, err := os.Getwd()
if err != nil {
c.Fatal(err)
}
// Symlink the example config file
err = os.Symlink(filepath.Clean(path+"/../../config.json.sqlite.example"), filepath.Join(tmpDir, "config.json"))
if err != nil {
c.Fatal(err)
}
// Load example config, it should load without validation errors
err = cli.LoadConfig(tmpDir)
c.Assert(err, check.IsNil)
// Test that config file was interpreted correctly
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080")
c.Assert(viper.GetString("derp_map_path"), check.Equals, "derp.yaml")
c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3")
c.Assert(viper.GetString("db_path"), check.Equals, "db.sqlite")
c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
c.Assert(
headscale.GetFileMode("unix_socket_permission"),
check.Equals,
fs.FileMode(0o770),
)
c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false)
}
func (*Suite) TestDNSConfigLoading(c *check.C) {
tmpDir, err := ioutil.TempDir("", "headscale")
func (*Suite) TestConfigLoading(c *check.C) {
tmpDir, err := os.MkdirTemp("", "headscale")
if err != nil {
c.Fatal(err)
}
@@ -108,16 +84,63 @@ func (*Suite) TestDNSConfigLoading(c *check.C) {
}
// Symlink the example config file
err = os.Symlink(filepath.Clean(path+"/../../config.json.sqlite.example"), filepath.Join(tmpDir, "config.json"))
err = os.Symlink(
filepath.Clean(path+"/../../config-example.yaml"),
filepath.Join(tmpDir, "config.yaml"),
)
if err != nil {
c.Fatal(err)
}
// Load example config, it should load without validation errors
err = cli.LoadConfig(tmpDir)
err = headscale.LoadConfig(tmpDir, false)
c.Assert(err, check.IsNil)
dnsConfig, baseDomain := cli.GetDNSConfig()
// Test that config file was interpreted correctly
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3")
c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
c.Assert(
headscale.GetFileMode("unix_socket_permission"),
check.Equals,
fs.FileMode(0o770),
)
c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false)
c.Assert(viper.GetBool("randomize_client_port"), check.Equals, false)
}
func (*Suite) TestDNSConfigLoading(c *check.C) {
tmpDir, err := os.MkdirTemp("", "headscale")
if err != nil {
c.Fatal(err)
}
defer os.RemoveAll(tmpDir)
path, err := os.Getwd()
if err != nil {
c.Fatal(err)
}
// Symlink the example config file
err = os.Symlink(
filepath.Clean(path+"/../../config-example.yaml"),
filepath.Join(tmpDir, "config.yaml"),
)
if err != nil {
c.Fatal(err)
}
// Load example config, it should load without validation errors
err = headscale.LoadConfig(tmpDir, false)
c.Assert(err, check.IsNil)
dnsConfig, baseDomain := headscale.GetDNSConfig()
c.Assert(dnsConfig.Nameservers[0].String(), check.Equals, "1.1.1.1")
c.Assert(dnsConfig.Resolvers[0].Addr, check.Equals, "1.1.1.1")
@@ -128,36 +151,56 @@ func (*Suite) TestDNSConfigLoading(c *check.C) {
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
// Populate a custom config file
configFile := filepath.Join(tmpDir, "config.yaml")
err := ioutil.WriteFile(configFile, configYaml, 0644)
err := os.WriteFile(configFile, configYaml, 0o600)
if err != nil {
c.Fatalf("Couldn't write file %s", configFile)
}
}
func (*Suite) TestTLSConfigValidation(c *check.C) {
tmpDir, err := ioutil.TempDir("", "headscale")
tmpDir, err := os.MkdirTemp("", "headscale")
if err != nil {
c.Fatal(err)
}
//defer os.RemoveAll(tmpDir)
fmt.Println(tmpDir)
configYaml := []byte("---\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"\"\ntls_cert_path: \"abc.pem\"")
// defer os.RemoveAll(tmpDir)
configYaml := []byte(`---
tls_letsencrypt_hostname: example.com
tls_letsencrypt_challenge_type: ""
tls_cert_path: abc.pem
noise:
private_key_path: noise_private.key`)
writeConfig(c, tmpDir, configYaml)
// Check configuration validation errors (1)
err = cli.LoadConfig(tmpDir)
err = headscale.LoadConfig(tmpDir, false)
c.Assert(err, check.NotNil)
// check.Matches can not handle multiline strings
tmp := strings.ReplaceAll(err.Error(), "\n", "***")
c.Assert(tmp, check.Matches, ".*Fatal config error: set either tls_letsencrypt_hostname or tls_cert_path/tls_key_path, not both.*")
c.Assert(tmp, check.Matches, ".*Fatal config error: the only supported values for tls_letsencrypt_challenge_type are.*")
c.Assert(tmp, check.Matches, ".*Fatal config error: server_url must start with https:// or http://.*")
fmt.Println(tmp)
c.Assert(
tmp,
check.Matches,
".*Fatal config error: set either tls_letsencrypt_hostname or tls_cert_path/tls_key_path, not both.*",
)
c.Assert(
tmp,
check.Matches,
".*Fatal config error: the only supported values for tls_letsencrypt_challenge_type are.*",
)
c.Assert(
tmp,
check.Matches,
".*Fatal config error: server_url must start with https:// or http://.*",
)
// Check configuration validation errors (2)
configYaml = []byte("---\nserver_url: \"http://127.0.0.1:8080\"\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"TLS-ALPN-01\"")
configYaml = []byte(`---
noise:
private_key_path: noise_private.key
server_url: http://127.0.0.1:8080
tls_letsencrypt_hostname: example.com
tls_letsencrypt_challenge_type: TLS-ALPN-01
`)
writeConfig(c, tmpDir, configYaml)
err = cli.LoadConfig(tmpDir)
err = headscale.LoadConfig(tmpDir, false)
c.Assert(err, check.IsNil)
}
+325
View File
@@ -0,0 +1,325 @@
---
# headscale will look for a configuration file named `config.yaml` (or `config.json`) in the following order:
#
# - `/etc/headscale`
# - `~/.headscale`
# - current working directory
# The url clients will connect to.
# Typically this will be a domain like:
#
# https://myheadscale.example.com:443
#
server_url: http://127.0.0.1:8080
# Address to listen to / bind to on the server
#
# For production:
# listen_addr: 0.0.0.0:8080
listen_addr: 127.0.0.1:8080
# Address to listen to /metrics, you may want
# to keep this endpoint private to your internal
# network
#
metrics_listen_addr: 127.0.0.1:9090
# Address to listen for gRPC.
# gRPC is used for controlling a headscale server
# remotely with the CLI
# Note: Remote access _only_ works if you have
# valid certificates.
#
# For production:
# grpc_listen_addr: 0.0.0.0:50443
grpc_listen_addr: 127.0.0.1:50443
# Allow the gRPC admin interface to run in INSECURE
# mode. This is not recommended as the traffic will
# be unencrypted. Only enable if you know what you
# are doing.
grpc_allow_insecure: false
# Private key used to encrypt the traffic between headscale
# and Tailscale clients.
# The private key file will be autogenerated if it's missing.
#
private_key_path: /var/lib/headscale/private.key
# The Noise section includes specific configuration for the
# TS2021 Noise protocol
noise:
# The Noise private key is used to encrypt the
# traffic between headscale and Tailscale clients when
# using the new Noise-based protocol. It must be different
# from the legacy private key.
private_key_path: /var/lib/headscale/noise_private.key
# List of IP prefixes to allocate tailaddresses from.
# Each prefix consists of either an IPv4 or IPv6 address,
# and the associated prefix length, delimited by a slash.
# While this looks like it can take arbitrary values, it
# needs to be within IP ranges supported by the Tailscale
# client.
# IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71
# IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
ip_prefixes:
- fd7a:115c:a1e0::/48
- 100.64.0.0/10
# DERP is a relay system that Tailscale uses when a direct
# connection cannot be established.
# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp
#
# headscale needs a list of DERP servers that can be presented
# to the clients.
derp:
server:
# If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
# The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
enabled: false
# Region ID to use for the embedded DERP server.
# The local DERP prevails if the region ID collides with other region ID coming from
# the regular DERP config.
region_id: 999
# Region code and name are displayed in the Tailscale UI to identify a DERP region
region_code: "headscale"
region_name: "Headscale Embedded DERP"
# Listens over UDP at the configured address for STUN connections - to help with NAT traversal.
# When the embedded DERP server is enabled stun_listen_addr MUST be defined.
#
# For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
stun_listen_addr: "0.0.0.0:3478"
# List of externally available DERP maps encoded in JSON
urls:
- https://controlplane.tailscale.com/derpmap/default
# Locally available DERP map files encoded in YAML
#
# This option is mostly interesting for people hosting
# their own DERP servers:
# https://tailscale.com/kb/1118/custom-derp-servers/
#
# paths:
# - /etc/headscale/derp-example.yaml
paths: []
# If enabled, a worker will be set up to periodically
# refresh the given sources and update the derpmap
# will be set up.
auto_update_enabled: true
# How often should we check for DERP updates?
update_frequency: 24h
# Disables the automatic check for headscale updates on startup
disable_check_updates: false
# Time before an inactive ephemeral node is deleted?
ephemeral_node_inactivity_timeout: 30m
# Period to check for node updates within the tailnet. A value too low will severely affect
# CPU consumption of Headscale. A value too high (over 60s) will cause problems
# for the nodes, as they won't get updates or keep alive messages frequently enough.
# In case of doubts, do not touch the default 10s.
node_update_check_interval: 10s
# SQLite config
db_type: sqlite3
# For production:
db_path: /var/lib/headscale/db.sqlite
# # Postgres config
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
# db_type: postgres
# db_host: localhost
# db_port: 5432
# db_name: headscale
# db_user: foo
# db_pass: bar
# If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need
# in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
# db_ssl: false
### TLS configuration
#
## Let's encrypt / ACME
#
# headscale supports automatically requesting and setting up
# TLS for a domain with Let's Encrypt.
#
# URL to ACME directory
acme_url: https://acme-v02.api.letsencrypt.org/directory
# Email to register with ACME provider
acme_email: ""
# Domain name to request a TLS certificate for:
tls_letsencrypt_hostname: ""
# Path to store certificates and metadata needed by
# letsencrypt
# For production:
tls_letsencrypt_cache_dir: /var/lib/headscale/cache
# Type of ACME challenge to use, currently supported types:
# HTTP-01 or TLS-ALPN-01
# See [docs/tls.md](docs/tls.md) for more information
tls_letsencrypt_challenge_type: HTTP-01
# When HTTP-01 challenge is chosen, letsencrypt must set up a
# verification endpoint, and it will be listening on:
# :http = port 80
tls_letsencrypt_listen: ":http"
## Use already defined certificates:
tls_cert_path: ""
tls_key_path: ""
log:
# Output formatting for logs: text or json
format: text
level: info
# Path to a file containg ACL policies.
# ACLs can be defined as YAML or HUJSON.
# https://tailscale.com/kb/1018/acls/
acl_policy_path: ""
## DNS
#
# headscale supports Tailscale's DNS configuration and MagicDNS.
# Please have a look to their KB to better understand the concepts:
#
# - https://tailscale.com/kb/1054/dns/
# - https://tailscale.com/kb/1081/magicdns/
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
#
dns_config:
# Whether to prefer using Headscale provided DNS or use local.
override_local_dns: true
# List of DNS servers to expose to clients.
nameservers:
- 1.1.1.1
# NextDNS (see https://tailscale.com/kb/1218/nextdns/).
# "abc123" is example NextDNS ID, replace with yours.
#
# With metadata sharing:
# nameservers:
# - https://dns.nextdns.io/abc123
#
# Without metadata sharing:
# nameservers:
# - 2a07:a8c0::ab:c123
# - 2a07:a8c1::ab:c123
# Split DNS (see https://tailscale.com/kb/1054/dns/),
# list of search domains and the DNS to query for each one.
#
# restricted_nameservers:
# foo.bar.com:
# - 1.1.1.1
# darp.headscale.net:
# - 1.1.1.1
# - 8.8.8.8
# Search domains to inject.
domains: []
# Extra DNS records
# so far only A-records are supported (on the tailscale side)
# See https://github.com/juanfont/headscale/blob/main/docs/dns-records.md#Limitations
# extra_records:
# - name: "grafana.myvpn.example.com"
# type: "A"
# value: "100.64.0.3"
#
# # you can also put it in one line
# - { name: "prometheus.myvpn.example.com", type: "A", value: "100.64.0.3" }
# Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
# Only works if there is at least a nameserver defined.
magic_dns: true
# Defines the base domain to create the hostnames for MagicDNS.
# `base_domain` must be a FQDNs, without the trailing dot.
# The FQDN of the hosts will be
# `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
base_domain: example.com
# Unix socket used for the CLI to connect without authentication
# Note: for production you will want to set this to something like:
unix_socket: /var/run/headscale/headscale.sock
unix_socket_permission: "0770"
#
# headscale supports experimental OpenID connect support,
# it is still being tested and might have some bugs, please
# help us test it.
# OpenID Connect
# oidc:
# only_start_if_oidc_is_available: true
# issuer: "https://your-oidc.issuer.com/path"
# client_id: "your-oidc-client-id"
# client_secret: "your-oidc-client-secret"
# # Alternatively, set `client_secret_path` to read the secret from the file.
# # It resolves environment variables, making integration to systemd's
# # `LoadCredential` straightforward:
# client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
# # client_secret and client_secret_path are mutually exclusive.
#
# # The amount of time from a node is authenticated with OpenID until it
# # expires and needs to reauthenticate.
# # Setting the value to "0" will mean no expiry.
# expiry: 180d
#
# # Use the expiry from the token received from OpenID when the user logged
# # in, this will typically lead to frequent need to reauthenticate and should
# # only been enabled if you know what you are doing.
# # Note: enabling this will cause `oidc.expiry` to be ignored.
# use_expiry_from_token: false
#
# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
#
# scope: ["openid", "profile", "email", "custom"]
# extra_params:
# domain_hint: example.com
#
# # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
# # authentication request will be rejected.
#
# allowed_domains:
# - example.com
# # Note: Groups from keycloak have a leading '/'
# allowed_groups:
# - /headscale
# allowed_users:
# - alice@example.com
#
# # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
# # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
# # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
# user: `first-name.last-name.example.com`
#
# strip_email_domain: true
# Logtail configuration
# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel
# to instruct tailscale nodes to log their activity to a remote server.
logtail:
# Enable logtail for this headscales clients.
# As there is currently no support for overriding the log server in headscale, this is
# disabled by default. Enabling this will make your clients send logs to Tailscale Inc.
enabled: false
# Enabling this option makes devices prefer a random port for WireGuard traffic over the
# default static port 41641. This option is intended as a workaround for some buggy
# firewall devices. See https://tailscale.com/kb/1181/firewalls/ for more information.
randomize_client_port: false
+650
View File
@@ -0,0 +1,650 @@
package headscale
import (
"errors"
"fmt"
"io/fs"
"net/netip"
"net/url"
"os"
"strings"
"time"
"github.com/coreos/go-oidc/v3/oidc"
"github.com/prometheus/common/model"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/spf13/viper"
"go4.org/netipx"
"tailscale.com/tailcfg"
"tailscale.com/types/dnstype"
)
const (
tlsALPN01ChallengeType = "TLS-ALPN-01"
http01ChallengeType = "HTTP-01"
JSONLogFormat = "json"
TextLogFormat = "text"
defaultOIDCExpiryTime = 180 * 24 * time.Hour // 180 Days
maxDuration time.Duration = 1<<63 - 1
)
var errOidcMutuallyExclusive = errors.New(
"oidc_client_secret and oidc_client_secret_path are mutually exclusive",
)
// Config contains the initial Headscale configuration.
type Config struct {
ServerURL string
Addr string
MetricsAddr string
GRPCAddr string
GRPCAllowInsecure bool
EphemeralNodeInactivityTimeout time.Duration
NodeUpdateCheckInterval time.Duration
IPPrefixes []netip.Prefix
PrivateKeyPath string
NoisePrivateKeyPath string
BaseDomain string
Log LogConfig
DisableUpdateCheck bool
DERP DERPConfig
DBtype string
DBpath string
DBhost string
DBport int
DBname string
DBuser string
DBpass string
DBssl string
TLS TLSConfig
ACMEURL string
ACMEEmail string
DNSConfig *tailcfg.DNSConfig
UnixSocket string
UnixSocketPermission fs.FileMode
OIDC OIDCConfig
LogTail LogTailConfig
RandomizeClientPort bool
CLI CLIConfig
ACL ACLConfig
}
type TLSConfig struct {
CertPath string
KeyPath string
LetsEncrypt LetsEncryptConfig
}
type LetsEncryptConfig struct {
Listen string
Hostname string
CacheDir string
ChallengeType string
}
type OIDCConfig struct {
OnlyStartIfOIDCIsAvailable bool
Issuer string
ClientID string
ClientSecret string
Scope []string
ExtraParams map[string]string
AllowedDomains []string
AllowedUsers []string
AllowedGroups []string
StripEmaildomain bool
Expiry time.Duration
UseExpiryFromToken bool
}
type DERPConfig struct {
ServerEnabled bool
ServerRegionID int
ServerRegionCode string
ServerRegionName string
STUNAddr string
URLs []url.URL
Paths []string
AutoUpdate bool
UpdateFrequency time.Duration
}
type LogTailConfig struct {
Enabled bool
}
type CLIConfig struct {
Address string
APIKey string
Timeout time.Duration
Insecure bool
}
type ACLConfig struct {
PolicyPath string
}
type LogConfig struct {
Format string
Level zerolog.Level
}
func LoadConfig(path string, isFile bool) error {
if isFile {
viper.SetConfigFile(path)
} else {
viper.SetConfigName("config")
if path == "" {
viper.AddConfigPath("/etc/headscale/")
viper.AddConfigPath("$HOME/.headscale")
viper.AddConfigPath(".")
} else {
// For testing
viper.AddConfigPath(path)
}
}
viper.SetEnvPrefix("headscale")
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
viper.AutomaticEnv()
viper.SetDefault("tls_letsencrypt_cache_dir", "/var/www/.cache")
viper.SetDefault("tls_letsencrypt_challenge_type", http01ChallengeType)
viper.SetDefault("log.level", "info")
viper.SetDefault("log.format", TextLogFormat)
viper.SetDefault("dns_config", nil)
viper.SetDefault("dns_config.override_local_dns", true)
viper.SetDefault("derp.server.enabled", false)
viper.SetDefault("derp.server.stun.enabled", true)
viper.SetDefault("unix_socket", "/var/run/headscale.sock")
viper.SetDefault("unix_socket_permission", "0o770")
viper.SetDefault("grpc_listen_addr", ":50443")
viper.SetDefault("grpc_allow_insecure", false)
viper.SetDefault("cli.timeout", "5s")
viper.SetDefault("cli.insecure", false)
viper.SetDefault("db_ssl", false)
viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
viper.SetDefault("oidc.strip_email_domain", true)
viper.SetDefault("oidc.only_start_if_oidc_is_available", true)
viper.SetDefault("oidc.expiry", "180d")
viper.SetDefault("oidc.use_expiry_from_token", false)
viper.SetDefault("logtail.enabled", false)
viper.SetDefault("randomize_client_port", false)
viper.SetDefault("ephemeral_node_inactivity_timeout", "120s")
viper.SetDefault("node_update_check_interval", "10s")
if IsCLIConfigured() {
return nil
}
if err := viper.ReadInConfig(); err != nil {
log.Warn().Err(err).Msg("Failed to read configuration from disk")
return fmt.Errorf("fatal error reading config file: %w", err)
}
// Collect any validation errors and return them all at once
var errorText string
if (viper.GetString("tls_letsencrypt_hostname") != "") &&
((viper.GetString("tls_cert_path") != "") || (viper.GetString("tls_key_path") != "")) {
errorText += "Fatal config error: set either tls_letsencrypt_hostname or tls_cert_path/tls_key_path, not both\n"
}
if !viper.IsSet("noise") || viper.GetString("noise.private_key_path") == "" {
errorText += "Fatal config error: headscale now requires a new `noise.private_key_path` field in the config file for the Tailscale v2 protocol\n"
}
if (viper.GetString("tls_letsencrypt_hostname") != "") &&
(viper.GetString("tls_letsencrypt_challenge_type") == tlsALPN01ChallengeType) &&
(!strings.HasSuffix(viper.GetString("listen_addr"), ":443")) {
// this is only a warning because there could be something sitting in front of headscale that redirects the traffic (e.g. an iptables rule)
log.Warn().
Msg("Warning: when using tls_letsencrypt_hostname with TLS-ALPN-01 as challenge type, headscale must be reachable on port 443, i.e. listen_addr should probably end in :443")
}
if (viper.GetString("tls_letsencrypt_challenge_type") != http01ChallengeType) &&
(viper.GetString("tls_letsencrypt_challenge_type") != tlsALPN01ChallengeType) {
errorText += "Fatal config error: the only supported values for tls_letsencrypt_challenge_type are HTTP-01 and TLS-ALPN-01\n"
}
if !strings.HasPrefix(viper.GetString("server_url"), "http://") &&
!strings.HasPrefix(viper.GetString("server_url"), "https://") {
errorText += "Fatal config error: server_url must start with https:// or http://\n"
}
// Minimum inactivity time out is keepalive timeout (60s) plus a few seconds
// to avoid races
minInactivityTimeout, _ := time.ParseDuration("65s")
if viper.GetDuration("ephemeral_node_inactivity_timeout") <= minInactivityTimeout {
errorText += fmt.Sprintf(
"Fatal config error: ephemeral_node_inactivity_timeout (%s) is set too low, must be more than %s",
viper.GetString("ephemeral_node_inactivity_timeout"),
minInactivityTimeout,
)
}
maxNodeUpdateCheckInterval, _ := time.ParseDuration("60s")
if viper.GetDuration("node_update_check_interval") > maxNodeUpdateCheckInterval {
errorText += fmt.Sprintf(
"Fatal config error: node_update_check_interval (%s) is set too high, must be less than %s",
viper.GetString("node_update_check_interval"),
maxNodeUpdateCheckInterval,
)
}
if errorText != "" {
//nolint
return errors.New(strings.TrimSuffix(errorText, "\n"))
} else {
return nil
}
}
func GetTLSConfig() TLSConfig {
return TLSConfig{
LetsEncrypt: LetsEncryptConfig{
Hostname: viper.GetString("tls_letsencrypt_hostname"),
Listen: viper.GetString("tls_letsencrypt_listen"),
CacheDir: AbsolutePathFromConfigPath(
viper.GetString("tls_letsencrypt_cache_dir"),
),
ChallengeType: viper.GetString("tls_letsencrypt_challenge_type"),
},
CertPath: AbsolutePathFromConfigPath(
viper.GetString("tls_cert_path"),
),
KeyPath: AbsolutePathFromConfigPath(
viper.GetString("tls_key_path"),
),
}
}
func GetDERPConfig() DERPConfig {
serverEnabled := viper.GetBool("derp.server.enabled")
serverRegionID := viper.GetInt("derp.server.region_id")
serverRegionCode := viper.GetString("derp.server.region_code")
serverRegionName := viper.GetString("derp.server.region_name")
stunAddr := viper.GetString("derp.server.stun_listen_addr")
if serverEnabled && stunAddr == "" {
log.Fatal().
Msg("derp.server.stun_listen_addr must be set if derp.server.enabled is true")
}
urlStrs := viper.GetStringSlice("derp.urls")
urls := make([]url.URL, len(urlStrs))
for index, urlStr := range urlStrs {
urlAddr, err := url.Parse(urlStr)
if err != nil {
log.Error().
Str("url", urlStr).
Err(err).
Msg("Failed to parse url, ignoring...")
}
urls[index] = *urlAddr
}
paths := viper.GetStringSlice("derp.paths")
autoUpdate := viper.GetBool("derp.auto_update_enabled")
updateFrequency := viper.GetDuration("derp.update_frequency")
return DERPConfig{
ServerEnabled: serverEnabled,
ServerRegionID: serverRegionID,
ServerRegionCode: serverRegionCode,
ServerRegionName: serverRegionName,
STUNAddr: stunAddr,
URLs: urls,
Paths: paths,
AutoUpdate: autoUpdate,
UpdateFrequency: updateFrequency,
}
}
func GetLogTailConfig() LogTailConfig {
enabled := viper.GetBool("logtail.enabled")
return LogTailConfig{
Enabled: enabled,
}
}
func GetACLConfig() ACLConfig {
policyPath := viper.GetString("acl_policy_path")
return ACLConfig{
PolicyPath: policyPath,
}
}
func GetLogConfig() LogConfig {
logLevelStr := viper.GetString("log.level")
logLevel, err := zerolog.ParseLevel(logLevelStr)
if err != nil {
logLevel = zerolog.DebugLevel
}
logFormatOpt := viper.GetString("log.format")
var logFormat string
switch logFormatOpt {
case "json":
logFormat = JSONLogFormat
case "text":
logFormat = TextLogFormat
case "":
logFormat = TextLogFormat
default:
log.Error().
Str("func", "GetLogConfig").
Msgf("Could not parse log format: %s. Valid choices are 'json' or 'text'", logFormatOpt)
}
return LogConfig{
Format: logFormat,
Level: logLevel,
}
}
func GetDNSConfig() (*tailcfg.DNSConfig, string) {
if viper.IsSet("dns_config") {
dnsConfig := &tailcfg.DNSConfig{}
overrideLocalDNS := viper.GetBool("dns_config.override_local_dns")
if viper.IsSet("dns_config.nameservers") {
nameserversStr := viper.GetStringSlice("dns_config.nameservers")
nameservers := []netip.Addr{}
resolvers := []*dnstype.Resolver{}
for _, nameserverStr := range nameserversStr {
// Search for explicit DNS-over-HTTPS resolvers
if strings.HasPrefix(nameserverStr, "https://") {
resolvers = append(resolvers, &dnstype.Resolver{
Addr: nameserverStr,
})
// This nameserver can not be parsed as an IP address
continue
}
// Parse nameserver as a regular IP
nameserver, err := netip.ParseAddr(nameserverStr)
if err != nil {
log.Error().
Str("func", "getDNSConfig").
Err(err).
Msgf("Could not parse nameserver IP: %s", nameserverStr)
}
nameservers = append(nameservers, nameserver)
resolvers = append(resolvers, &dnstype.Resolver{
Addr: nameserver.String(),
})
}
dnsConfig.Nameservers = nameservers
if overrideLocalDNS {
dnsConfig.Resolvers = resolvers
} else {
dnsConfig.FallbackResolvers = resolvers
}
}
if viper.IsSet("dns_config.restricted_nameservers") {
dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
domains := []string{}
restrictedDNS := viper.GetStringMapStringSlice(
"dns_config.restricted_nameservers",
)
for domain, restrictedNameservers := range restrictedDNS {
restrictedResolvers := make(
[]*dnstype.Resolver,
len(restrictedNameservers),
)
for index, nameserverStr := range restrictedNameservers {
nameserver, err := netip.ParseAddr(nameserverStr)
if err != nil {
log.Error().
Str("func", "getDNSConfig").
Err(err).
Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
}
restrictedResolvers[index] = &dnstype.Resolver{
Addr: nameserver.String(),
}
}
dnsConfig.Routes[domain] = restrictedResolvers
domains = append(domains, domain)
}
dnsConfig.Domains = domains
}
if viper.IsSet("dns_config.domains") {
domains := viper.GetStringSlice("dns_config.domains")
if len(dnsConfig.Resolvers) > 0 {
dnsConfig.Domains = domains
} else if domains != nil {
log.Warn().
Msg("Warning: dns_config.domains is set, but no nameservers are configured. Ignoring domains.")
}
}
if viper.IsSet("dns_config.extra_records") {
var extraRecords []tailcfg.DNSRecord
err := viper.UnmarshalKey("dns_config.extra_records", &extraRecords)
if err != nil {
log.Error().
Str("func", "getDNSConfig").
Err(err).
Msgf("Could not parse dns_config.extra_records")
}
dnsConfig.ExtraRecords = extraRecords
}
if viper.IsSet("dns_config.magic_dns") {
dnsConfig.Proxied = viper.GetBool("dns_config.magic_dns")
}
var baseDomain string
if viper.IsSet("dns_config.base_domain") {
baseDomain = viper.GetString("dns_config.base_domain")
} else {
baseDomain = "headscale.net" // does not really matter when MagicDNS is not enabled
}
return dnsConfig, baseDomain
}
return nil, ""
}
func GetHeadscaleConfig() (*Config, error) {
if IsCLIConfigured() {
return &Config{
CLI: CLIConfig{
Address: viper.GetString("cli.address"),
APIKey: viper.GetString("cli.api_key"),
Timeout: viper.GetDuration("cli.timeout"),
Insecure: viper.GetBool("cli.insecure"),
},
}, nil
}
dnsConfig, baseDomain := GetDNSConfig()
derpConfig := GetDERPConfig()
logConfig := GetLogTailConfig()
randomizeClientPort := viper.GetBool("randomize_client_port")
configuredPrefixes := viper.GetStringSlice("ip_prefixes")
parsedPrefixes := make([]netip.Prefix, 0, len(configuredPrefixes)+1)
for i, prefixInConfig := range configuredPrefixes {
prefix, err := netip.ParsePrefix(prefixInConfig)
if err != nil {
panic(fmt.Errorf("failed to parse ip_prefixes[%d]: %w", i, err))
}
parsedPrefixes = append(parsedPrefixes, prefix)
}
prefixes := make([]netip.Prefix, 0, len(parsedPrefixes))
{
// dedup
normalizedPrefixes := make(map[string]int, len(parsedPrefixes))
for i, p := range parsedPrefixes {
normalized, _ := netipx.RangeOfPrefix(p).Prefix()
normalizedPrefixes[normalized.String()] = i
}
// convert back to list
for _, i := range normalizedPrefixes {
prefixes = append(prefixes, parsedPrefixes[i])
}
}
if len(prefixes) < 1 {
prefixes = append(prefixes, netip.MustParsePrefix("100.64.0.0/10"))
log.Warn().
Msgf("'ip_prefixes' not configured, falling back to default: %v", prefixes)
}
oidcClientSecret := viper.GetString("oidc.client_secret")
oidcClientSecretPath := viper.GetString("oidc.client_secret_path")
if oidcClientSecretPath != "" && oidcClientSecret != "" {
return nil, errOidcMutuallyExclusive
}
if oidcClientSecretPath != "" {
secretBytes, err := os.ReadFile(os.ExpandEnv(oidcClientSecretPath))
if err != nil {
return nil, err
}
oidcClientSecret = string(secretBytes)
}
return &Config{
ServerURL: viper.GetString("server_url"),
Addr: viper.GetString("listen_addr"),
MetricsAddr: viper.GetString("metrics_listen_addr"),
GRPCAddr: viper.GetString("grpc_listen_addr"),
GRPCAllowInsecure: viper.GetBool("grpc_allow_insecure"),
DisableUpdateCheck: viper.GetBool("disable_check_updates"),
IPPrefixes: prefixes,
PrivateKeyPath: AbsolutePathFromConfigPath(
viper.GetString("private_key_path"),
),
NoisePrivateKeyPath: AbsolutePathFromConfigPath(
viper.GetString("noise.private_key_path"),
),
BaseDomain: baseDomain,
DERP: derpConfig,
EphemeralNodeInactivityTimeout: viper.GetDuration(
"ephemeral_node_inactivity_timeout",
),
NodeUpdateCheckInterval: viper.GetDuration(
"node_update_check_interval",
),
DBtype: viper.GetString("db_type"),
DBpath: AbsolutePathFromConfigPath(viper.GetString("db_path")),
DBhost: viper.GetString("db_host"),
DBport: viper.GetInt("db_port"),
DBname: viper.GetString("db_name"),
DBuser: viper.GetString("db_user"),
DBpass: viper.GetString("db_pass"),
DBssl: viper.GetString("db_ssl"),
TLS: GetTLSConfig(),
DNSConfig: dnsConfig,
ACMEEmail: viper.GetString("acme_email"),
ACMEURL: viper.GetString("acme_url"),
UnixSocket: viper.GetString("unix_socket"),
UnixSocketPermission: GetFileMode("unix_socket_permission"),
OIDC: OIDCConfig{
OnlyStartIfOIDCIsAvailable: viper.GetBool(
"oidc.only_start_if_oidc_is_available",
),
Issuer: viper.GetString("oidc.issuer"),
ClientID: viper.GetString("oidc.client_id"),
ClientSecret: oidcClientSecret,
Scope: viper.GetStringSlice("oidc.scope"),
ExtraParams: viper.GetStringMapString("oidc.extra_params"),
AllowedDomains: viper.GetStringSlice("oidc.allowed_domains"),
AllowedUsers: viper.GetStringSlice("oidc.allowed_users"),
AllowedGroups: viper.GetStringSlice("oidc.allowed_groups"),
StripEmaildomain: viper.GetBool("oidc.strip_email_domain"),
Expiry: func() time.Duration {
// if set to 0, we assume no expiry
if value := viper.GetString("oidc.expiry"); value == "0" {
return maxDuration
} else {
expiry, err := model.ParseDuration(value)
if err != nil {
log.Warn().Msg("failed to parse oidc.expiry, defaulting back to 180 days")
return defaultOIDCExpiryTime
}
return time.Duration(expiry)
}
}(),
UseExpiryFromToken: viper.GetBool("oidc.use_expiry_from_token"),
},
LogTail: logConfig,
RandomizeClientPort: randomizeClientPort,
ACL: GetACLConfig(),
CLI: CLIConfig{
Address: viper.GetString("cli.address"),
APIKey: viper.GetString("cli.api_key"),
Timeout: viper.GetDuration("cli.timeout"),
Insecure: viper.GetBool("cli.insecure"),
},
Log: GetLogConfig(),
}, nil
}
func IsCLIConfigured() bool {
return viper.GetString("cli.address") != "" && viper.GetString("cli.api_key") != ""
}
-30
View File
@@ -1,30 +0,0 @@
{
"server_url": "http://127.0.0.1:8080",
"listen_addr": "0.0.0.0:8080",
"private_key_path": "private.key",
"derp_map_path": "derp.yaml",
"ephemeral_node_inactivity_timeout": "30m",
"db_type": "postgres",
"db_host": "localhost",
"db_port": 5432,
"db_name": "headscale",
"db_user": "foo",
"db_pass": "bar",
"acme_url": "https://acme-v02.api.letsencrypt.org/directory",
"acme_email": "",
"tls_letsencrypt_hostname": "",
"tls_letsencrypt_listen": ":http",
"tls_letsencrypt_cache_dir": ".cache",
"tls_letsencrypt_challenge_type": "HTTP-01",
"tls_cert_path": "",
"tls_key_path": "",
"acl_policy_path": "",
"dns_config": {
"nameservers": [
"1.1.1.1"
],
"domains": [],
"magic_dns": true,
"base_domain": "example.com"
}
}
-26
View File
@@ -1,26 +0,0 @@
{
"server_url": "http://127.0.0.1:8080",
"listen_addr": "0.0.0.0:8080",
"private_key_path": "private.key",
"derp_map_path": "derp.yaml",
"ephemeral_node_inactivity_timeout": "30m",
"db_type": "sqlite3",
"db_path": "db.sqlite",
"acme_url": "https://acme-v02.api.letsencrypt.org/directory",
"acme_email": "",
"tls_letsencrypt_hostname": "",
"tls_letsencrypt_listen": ":http",
"tls_letsencrypt_cache_dir": ".cache",
"tls_letsencrypt_challenge_type": "HTTP-01",
"tls_cert_path": "",
"tls_key_path": "",
"acl_policy_path": "",
"dns_config": {
"nameservers": [
"1.1.1.1"
],
"domains": [],
"magic_dns": true,
"base_domain": "example.com"
}
}

Some files were not shown because too many files have changed in this diff Show More