From 4c7f54020b3f7ca54b7f69acf2282eaefb023e9f Mon Sep 17 00:00:00 2001
From: azz <asteria@valera.co>
Date: Tue, 16 Aug 2022 08:50:30 +0100
Subject: [PATCH] feat: add support for TLS with Postgres

---
 app.go    | 5 ++++-
 config.go | 2 ++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 3e001203..6665c278 100644
--- a/app.go
+++ b/app.go
@@ -129,13 +129,16 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {
 	switch cfg.DBtype {
 	case Postgres:
 		dbString = fmt.Sprintf(
-			"host=%s port=%d dbname=%s user=%s password=%s sslmode=disable",
+			"host=%s port=%d dbname=%s user=%s password=%s",
 			cfg.DBhost,
 			cfg.DBport,
 			cfg.DBname,
 			cfg.DBuser,
 			cfg.DBpass,
 		)
+		if !cfg.DBssl {
+			dbString = dbString + " sslmode=disable"
+		}
 	case Sqlite:
 		dbString = cfg.DBpath
 	default:
diff --git a/config.go b/config.go
index 69358401..3c241b29 100644
--- a/config.go
+++ b/config.go
@@ -47,6 +47,7 @@ type Config struct {
 	DBname string
 	DBuser string
 	DBpass string
+	DBssl  bool
 
 	TLS TLSConfig
 
@@ -506,6 +507,7 @@ func GetHeadscaleConfig() (*Config, error) {
 		DBname: viper.GetString("db_name"),
 		DBuser: viper.GetString("db_user"),
 		DBpass: viper.GetString("db_pass"),
+		DBssl:  viper.GetBool("db_ssl"),
 
 		TLS: GetTLSConfig(),