public/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-02-21 12:10:30 +09:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Commit Graph

  • 8048f10d13 hscontrol/state: extract findExistingNodeForPAK to reduce complexity main Kristoffer Dalby 2026-02-20 15:37:46 +00:00
  • be4fd9ff2d integration: fix tag tests for tagged nodes with nil user_id Kristoffer Dalby 2026-02-20 13:02:51 +00:00
  • 1e4fc3f179 hscontrol: add tests for deleting users with tagged nodes Kristoffer Dalby 2026-02-20 09:27:42 +00:00
  • 894e6946dc hscontrol/types: regenerate types_view.go Kristoffer Dalby 2026-02-20 09:27:23 +00:00
  • 75e56df9e4 hscontrol: enforce that tagged nodes never have user_id Kristoffer Dalby 2026-02-20 09:27:11 +00:00
  • 52d454d0c8 hscontrol/db: add migration to clear user_id on tagged nodes Kristoffer Dalby 2026-02-20 09:26:54 +00:00
  • f20bd0cf08 node: implement disable key expiry via CLI and API Kristoffer Dalby 2026-02-20 10:58:49 +00:00
  • a8f7fedced proto: add disable_expiry field to ExpireNodeRequest Kristoffer Dalby 2026-02-20 10:58:29 +00:00
  • b668c7a596 policy/v2: add policy unmarshal tests for bracketed IPv6 Kristoffer Dalby 2026-02-18 08:28:25 +00:00
  • 49744cd467 policy/v2: accept RFC 3986 bracketed IPv6 in ACL destinations Kristoffer Dalby 2026-02-18 08:27:42 +00:00
  • 28680964fa Deployed a0d6802d to development with MkDocs 1.6.1 and mike 2.1.3 gh-pages github-actions 2026-02-20 16:00:34 +00:00
  • a0d6802d5b Fix minor formatting issue in FAQ Brandon Sprague 2026-02-20 06:36:14 -08:00
  • 13ebea192c cmd/headscale/cli: remove nil resp guards and unexport HasMachineOutputFlag Kristoffer Dalby 2026-02-18 15:28:09 +00:00
  • af777f44f4 cmd/headscale/cli: extract bypassDatabase helper and simplify policy file reads Kristoffer Dalby 2026-02-18 15:27:20 +00:00
  • 7460bec767 cmd/headscale/cli: move errMissingParameter and Error type to their users Kristoffer Dalby 2026-02-18 15:25:45 +00:00
  • ca321d3c13 cmd/headscale/cli: use HeadscaleDateTimeFormat and util.Base10 consistently Kristoffer Dalby 2026-02-18 15:25:14 +00:00
  • 2765fd397f cmd/headscale/cli: drop dead flag-read error checks Kristoffer Dalby 2026-02-18 15:21:22 +00:00
  • d72a06c6c6 cmd/headscale/cli: remove legacy namespace and machine aliases Kristoffer Dalby 2026-02-18 15:05:45 +00:00
  • e816397d54 cmd/headscale/cli: remove no-op Args functions from serveCmd and dumpConfigCmd Kristoffer Dalby 2026-02-18 14:54:06 +00:00
  • 22fccae125 cmd/headscale/cli: deduplicate expiration parsing and api-key flag validation Kristoffer Dalby 2026-02-18 14:53:30 +00:00
  • 6c08b49d63 cmd/headscale/cli: add confirmAction helper for force/prompt patterns Kristoffer Dalby 2026-02-18 14:51:42 +00:00
  • 7b7b270126 cmd/headscale/cli: add mustMarkRequired helper for init-time flag validation Kristoffer Dalby 2026-02-18 14:49:04 +00:00
  • d6c39e65a5 cmd/headscale/cli: add printListOutput to centralise table-vs-JSON branching Kristoffer Dalby 2026-02-18 14:30:07 +00:00
  • 8891ec9835 cmd/headscale/cli: remove deprecated output, SuccessOutput, ErrorOutput Kristoffer Dalby 2026-02-18 13:49:11 +00:00
  • 095106f498 cmd/headscale/cli: convert remaining commands to RunE Kristoffer Dalby 2026-02-18 13:46:42 +00:00
  • e4fe216e45 cmd/headscale/cli: switch to RunE with grpcRunE and error returns Kristoffer Dalby 2026-02-18 13:44:35 +00:00
  • e6546b2cea cmd/headscale/cli: silence cobra error/usage output and centralise error formatting Kristoffer Dalby 2026-02-18 13:36:28 +00:00
  • aae2f7de71 cmd/headscale/cli: add grpcRun wrapper for gRPC client lifecycle Kristoffer Dalby 2026-02-18 13:18:09 +00:00
  • ad3d012bb0 Deployed cfb308b4 to development with MkDocs 1.6.1 and mike 2.1.3 github-actions 2026-02-19 16:17:20 +00:00
  • cfb308b4a7 Add FAQ entry to migrate back to default IP prefixes Florian Preinstorfer 2026-02-19 17:09:25 +01:00
  • 4bb0241257 Require to update from one version to the next Florian Preinstorfer 2026-02-19 16:12:42 +01:00
  • 513544cc11 Simplify upgrade snippet with a link to the upgrade guide Florian Preinstorfer 2026-02-19 16:10:23 +01:00
  • d556df1c36 Extend upgrade guide with backup instructions Florian Preinstorfer 2026-02-19 09:21:44 +01:00
  • d15ec28799 ci: pin Docker to v28 to avoid v29 breaking changes Kristoffer Dalby 2026-02-18 16:56:25 +00:00
  • eccf64eb58 all: fix staticcheck SA4006 in types_test.go Kristoffer Dalby 2026-02-17 09:02:25 +00:00
  • 43afeedde2 all: apply golangci-lint 2.9.0 fixes Kristoffer Dalby 2026-02-16 19:40:02 +00:00
  • 73613d7f53 db: fix database_versions table creation for PostgreSQL Kristoffer Dalby 2026-02-16 18:34:04 +00:00
  • 30d18575be CHANGELOG: document strict version upgrade path Kristoffer Dalby 2026-02-16 14:21:04 +00:00
  • 70f8141abd all: upgrade from Go 1.26rc2 to Go 1.26.0 Kristoffer Dalby 2026-02-16 14:16:52 +00:00
  • 82958835ce db: enforce strict version upgrade path Kristoffer Dalby 2026-02-16 14:02:05 +00:00
  • 9c3a3c5837 flake: upgrade golangci-lint to 2.9.0 and update nixpkgs Kristoffer Dalby 2026-02-16 14:01:50 +00:00
  • bdd66e16ca Deployed faf55f5e to development with MkDocs 1.6.1 and mike 2.1.3 github-actions 2026-02-18 09:27:51 +00:00
  • faf55f5e8f Document how to use the provider identifier in the policy Florian Preinstorfer 2026-02-18 09:57:30 +01:00
  • e3323b65e5 Describe how to set username instead of SPN for Kanidm Florian Preinstorfer 2026-02-18 08:10:17 +01:00
  • 9a8398e1d7 Deployed 8f60b819 to development with MkDocs 1.6.1 and mike 2.1.3 github-actions 2026-02-16 14:23:20 +00:00
  • 8f60b819ec Refresh update path Florian Preinstorfer 2026-02-16 12:51:18 +01:00
  • c29bcd2eaf Release planning happens in milestones Florian Preinstorfer 2026-02-16 12:49:20 +01:00
  • 890a044ef6 Add more UIs Florian Preinstorfer 2026-02-14 08:52:10 +01:00
  • 8028fa5483 No longer consider autogroup:self experimental Florian Preinstorfer 2026-02-11 19:46:34 +01:00
  • a7f981e30e github: fix needs-more-info label race condition Kristoffer Dalby 2026-02-09 09:00:22 +00:00
  • 3b8451373d flake.lock: Update update_flake_lock_action github-actions[bot] 2026-02-15 00:33:10 +00:00
  • e0d8c3c877 github: fix needs-more-info label race condition Kristoffer Dalby 2026-02-09 09:00:22 +00:00
  • c1b468f9f4 github: update issue template contact links Kristoffer Dalby 2026-02-05 11:35:04 +00:00
  • 900f4b7b75 github: add support-request automation workflow Kristoffer Dalby 2026-02-05 11:32:08 +00:00
  • 64f23136a2 github: add needs-more-info automation workflow Kristoffer Dalby 2026-02-05 11:25:14 +00:00
  • 0f6d312ada all: upgrade to Go 1.26rc2 and modernize codebase Kristoffer Dalby 2026-02-06 21:39:35 +00:00
  • 20dff82f95 CHANGELOG: add minimum Tailscale version for 0.29.0 Kristoffer Dalby 2026-02-06 15:35:36 +00:00
  • 31c4331a91 capver: regenerate from docker tags Kristoffer Dalby 2026-02-06 15:31:32 +00:00
  • ce580f8245 all: fix golangci-lint issues (#3064) Kristoffer Dalby 2026-02-06 21:45:32 +01:00
  • bfb6fd80df integration: fixup test Kristoffer Dalby 2026-02-05 16:35:18 +00:00
  • 3acce2da87 errors: rewrite errors to follow go best practices Kristoffer Dalby 2026-02-05 16:29:54 +00:00
  • 4a9a329339 all: use lowercase log messages Kristoffer Dalby 2026-02-05 13:59:26 +00:00
  • dd16567c52 hscontrol/state,db: use zf constants for logging Kristoffer Dalby 2026-02-05 11:55:20 +00:00
  • e0a436cefc hscontrol/util/zlog/zf: add tag, authkey, and route constants Kristoffer Dalby 2026-02-05 11:54:33 +00:00
  • 53cdeff129 hscontrol/mapper: use sub-loggers and zf constants Kristoffer Dalby 2026-02-05 11:04:54 +00:00
  • 7148a690d0 hscontrol/grpcv1: use EmbedObject and zf constants Kristoffer Dalby 2026-02-05 11:01:41 +00:00
  • 4e73133b9f hscontrol/routes: use sub-logger and zf constants Kristoffer Dalby 2026-02-05 11:01:23 +00:00
  • 4f8724151e hscontrol/poll: use sub-logger pattern for mapSession Kristoffer Dalby 2026-02-05 11:00:49 +00:00
  • 91730e2a1d hscontrol: use EmbedObject for node logging Kristoffer Dalby 2026-02-05 09:44:23 +00:00
  • b5090a01ec cmd: use zf constants for zerolog field names Kristoffer Dalby 2026-01-28 14:39:34 +00:00
  • 27f5641341 golangci: add forbidigo rule for zerolog field constants Kristoffer Dalby 2026-01-28 14:05:46 +00:00
  • cf3d30b6f6 types: add MarshalZerologObject to domain types Kristoffer Dalby 2026-01-28 13:37:48 +00:00
  • 58020696fe zlog: add utility package for safe and consistent logging Kristoffer Dalby 2026-01-28 13:37:22 +00:00
  • e44b402fe4 integration: update TestSubnetRouteACL for filter merging and IPProto Kristoffer Dalby 2026-02-03 09:01:30 +00:00
  • 835b7eb960 policy: autogroup:internet does not generate packet filters Kristoffer Dalby 2026-01-28 13:08:38 +00:00
  • 95b1fd636e policy: fix wildcard DstPorts format and proto:icmp handling Kristoffer Dalby 2026-01-28 12:05:08 +00:00
  • 834ac27779 policy/v2: add subnet routes and exit node compatibility tests Kristoffer Dalby 2026-01-28 12:04:52 +00:00
  • 4a4032a4b0 changelog: document filter rule merging Kristoffer Dalby 2026-01-24 07:49:51 +00:00
  • 29aa08df0e policy: update test expectations for merged filter rules Kristoffer Dalby 2026-01-24 07:49:39 +00:00
  • 0b1727c337 policy: merge filter rules with identical SrcIPs and IPProto Kristoffer Dalby 2026-01-24 07:49:21 +00:00
  • 08fe2e4d6c policy: use CIDR format for autogroup:self destinations Kristoffer Dalby 2026-01-23 21:05:00 +00:00
  • cb29cade46 docs: add compatibility test documentation Kristoffer Dalby 2026-01-23 20:58:38 +00:00
  • f27298c759 changelog: document wildcard CGNAT range change Add breaking change entry for the wildcard resolution change to use CGNAT/ULA ranges instead of all IPs. Updates #3036 Kristoffer Dalby 2026-01-23 20:52:50 +00:00
  • 8baa14ef4a policy: use CGNAT/ULA ranges for wildcard resolution Change Asterix.Resolve() to use Tailscale's CGNAT range (100.64.0.0/10) and ULA range (fd7a:115c:a1e0::/48) instead of all IPs (0.0.0.0/0 and ::/0). This better matches Tailscale's security model where wildcard (*) means "any node in the tailnet" rather than literally "any IP address on the internet". Updates #3036 Kristoffer Dalby 2026-01-23 20:52:35 +00:00
  • ebdbe03639 policy: validate autogroup:self sources in ACL rules Tailscale validates that autogroup:self destinations in ACL rules can only be used when ALL sources are users, groups, autogroup:member, or wildcard (*). Previously, Headscale only performed this validation for SSH rules. Add validateACLSrcDstCombination() to enforce that tags, autogroup:tagged, hosts, and raw IPs cannot be used as sources with autogroup:self destinations. Invalid policies like tag:client → autogroup:self:* are now rejected at validation time, matching Tailscale behavior. Wildcard (*) is allowed because autogroup:self evaluation narrows it per-node to only the node's own IPs. Kristoffer Dalby 2026-01-23 20:37:27 +00:00
  • f735502eae policy: add ICMP protocols to default and export constants When ACL rules don't specify a protocol, Headscale now defaults to [TCP, UDP, ICMP, ICMPv6] instead of just [TCP, UDP], matching Tailscale's behavior. Also export protocol number constants (ProtocolTCP, ProtocolUDP, etc.) for use in external test packages, renaming the string protocol constants to ProtoNameTCP, ProtoNameUDP, etc. to avoid conflicts. This resolves 78 ICMP-related TODOs in the Tailscale compatibility tests, reducing the total from 165 to 87. Kristoffer Dalby 2026-01-23 20:16:02 +00:00
  • 53d17aa321 policy: add comprehensive Tailscale ACL compatibility tests Add extensive test coverage verifying Headscale's ACL policy behavior matches Tailscale's coordination server. Tests cover: - Source/destination resolution for users, groups, tags, hosts, IPs - autogroup:member, autogroup:tagged, autogroup:self behavior - Filter rule deduplication and merging semantics - Multi-rule interaction patterns - Error case validation Key behavioral differences documented: - Headscale creates separate filter entries per ACL rule; Tailscale merges rules with identical sources - Headscale deduplicates Dsts within a rule; Tailscale does not - Headscale does not validate autogroup:self source restrictions for ACL rules (only SSH rules); Tailscale rejects invalid sources Tests are based on real Tailscale coordination server responses captured from a test environment with 5 nodes (1 user-owned, 4 tagged). Kristoffer Dalby 2026-01-23 19:36:17 +00:00
  • 14f833bdb9 policy: fix autogroup:self handling for tagged nodes Skip autogroup:self destination processing for tagged nodes since they can never match autogroup:self (which only applies to user-owned nodes). Also reorder the IsTagged() check to short-circuit before accessing User() to avoid potential nil pointer access on tagged nodes. Kristoffer Dalby 2026-01-23 19:35:42 +00:00
  • 80518c75ab Deployed 9e50071d to development with MkDocs 1.6.1 and mike 2.1.3 github-actions 2026-02-05 07:01:32 +00:00
  • 9e50071df9 Link Fosdem 2026 talk Florian Preinstorfer 2026-02-05 07:30:16 +01:00
  • c907b0d323 Fix version in mkdocs Florian Preinstorfer 2026-02-05 07:25:22 +01:00
  • 4f263d91e2 Deployed 97fa117c to 0.28.0 with MkDocs 1.6.1 and mike 2.1.3 github-actions 2026-02-04 20:27:34 +00:00
  • 97fa117c48 changelog: set 0.28 date v0.28.0 Kristoffer Dalby 2026-02-04 21:19:23 +01:00
  • b5329ff0f3 flake.lock: update nixpkgs to 2026-02-03 Kristoffer Dalby 2026-02-04 16:54:08 +01:00
  • eac8a57bce flake.nix: update hashes for dependency changes Kristoffer Dalby 2026-02-04 16:42:49 +01:00
  • 44af046196 all: update Go module dependencies Kristoffer Dalby 2026-02-04 16:42:42 +01:00
  • 4a744f423b changelog: change api key format Kristoffer Dalby 2026-02-04 16:00:47 +01:00
  • ca75e096e6 integration: add test for tagged→user-owned conversion panic Kristoffer Dalby 2026-02-02 14:53:27 +00:00
  • ce7c256d1e state: set User pointer during tagged→user-owned conversion Kristoffer Dalby 2026-02-02 14:52:47 +00:00
  • 4912ceaaf5 state: inline reauthExistingNode and convertTaggedNodeToUser Kristoffer Dalby 2026-01-28 15:25:03 +00:00