Kristoffer Dalby
b684ac0668
Simplify goreleaser, package deb and rpm
...
This commit simplifies the goreleaser configuration and then adds nfpm
support which allows us to build .deb and .rpm for each of the ARCH we
support.
The deb and rpm packages adds systemd services and users, creates
directories etc and should in general give the user a working
environment. We should be able to remove a lot of the complicated,
PEBCAK inducing documentation after this.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-04-07 11:06:42 +02:00
Kristoffer Dalby
da48cf64b3
Set OpenID Connect Expiry
...
This commit adds a default OpenID Connect expiry to 180d to align with
Tailscale SaaS (previously infinite or based on token expiry).
In addition, it adds an option use the expiry time from the Token sent
by the OpenID provider. This will typically cause really short expiry
and you should only turn on this option if you know what you are
desiring.
This fixes #1176 .
Co-authored-by: Even Holthe <even.holthe@bekk.no>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-31 18:55:16 +01:00
Kristoffer Dalby
fb3e2dcf10
Rename namespace to user in docs
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Motiejus Jakštys
bafb6791d3
oidc: allow reading the client secret from a file
...
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.
[1]: https://systemd.io/CREDENTIALS/
2023-01-14 17:03:57 +01:00
Kristoffer Dalby
8ca0fb7ed0
update ip_prefixes docs
...
we cant actually have arbitrary ip ranges, add a note about that.
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-12 11:39:39 +01:00
Christian Heusel
e2c62a7b0c
document how to add new DNS records via extra_records
2023-01-01 22:45:16 +01:00
Zachary Newell
70f2f5d750
Added an OIDC AllowGroups option for authorization.
2022-12-07 08:53:16 +01:00
Orville Q. Song
e69176e200
Tweak
2022-11-24 16:13:47 +01:00
Orville Q. Song
d29d0222af
Add a note about the db_ssl field in the example config file
2022-11-24 16:13:47 +01:00
Juan Font
935319a218
Remove mTLS from doc and config example
2022-11-19 19:50:34 +01:00
Arnar Gauti Ingason
6d3ede1367
Add support for NextDNS resolver
2022-11-18 09:38:46 +01:00
Kristoffer Dalby
3d8dd68b14
default to localhost, not listen on all
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-16 17:37:35 +01:00
Kristoffer Dalby
9790831afb
Make config example "local dev first"
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-11-16 17:37:35 +01:00
Mesar Hameed
d8e9d95a3b
config-example.yaml: fix typos and improve english.
2022-11-10 15:52:57 +00:00
Kristoffer Dalby
ca8bca98ed
Add support for "override local DNS" ( #905 )
...
* Add support for "override local DNS"
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
* Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
* Update cli dump test
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-31 16:26:18 +01:00
phpmalik
0b0fb0af22
Minor change
...
Spelling mistake
listning -> listening
2022-10-03 12:59:39 +05:30
Kristoffer Dalby
256b6cb54d
Add new option to config-example
...
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:01:15 +02:00
Igor Perepilitsyn
dd155dca97
Create a distinct log section in config
2022-09-11 21:37:23 +02:00
Igor Perepilitsyn
2403c0e198
toggle json logging via config
2022-08-26 13:10:51 +02:00
Juan Font Alonso
4424a9abc0
Noise private key now a nested field in config
2022-08-21 10:42:23 +02:00
Juan Font
67ffebc30a
Merge branch 'main' into hs2021-v2
2022-08-18 17:56:56 +02:00
azz
0cc14d0aca
feat: added `db_ssl` to config-example.yaml
2022-08-16 09:02:51 +01:00
Juan Font
c701f9e817
Merge branch 'main' into hs2021-v2
2022-08-15 22:56:39 +02:00
Victor Freire
0a5db52855
Add ability to connect to PostgreSQL via unix socket
2022-08-15 11:55:38 -03:00
Victor Freire
ec5acf7be2
Add ability to connect to PostgreSQL via unix socket
2022-08-13 11:34:12 -03:00
Juan Font Alonso
6e8e2bf508
Generate and read the Noise private key
2022-08-13 11:14:38 +02:00
Juan Font Alonso
5b5298b025
Renamed config param for node update check internal
2022-07-12 12:52:03 +02:00
Juan Font Alonso
cf3fc85196
Make tailnet updates check configurable
2022-07-12 12:27:28 +02:00
Anton Schubert
34be10840c
add ability to set randomizeClientPort
2022-06-09 21:26:40 +02:00
Kristoffer Dalby
df7d5fa2b9
Fix lint
2022-05-30 14:58:40 +02:00
Kristoffer Dalby
a0c465c2eb
Wire up setting to enable/disable logtail
2022-05-30 14:47:41 +02:00
Antoine POPINEAU
7cc58af932
Allow more configuration over the OIDC flow.
...
Adds knobs to configure three aspects of the OpenID Connect flow:
* Custom scopes to override the default "openid profile email".
* Custom parameters to be added to the Authorize Endpoint request.
* Domain allowlisting for authenticated principals.
* User allowlisting for authenticated principals.
2022-05-02 17:11:07 +02:00
Juan Font Alonso
d5ce7d7523
Prettier
2022-03-18 13:09:57 +01:00
Juan Font Alonso
2e6687209b
Make STUN server mandatory if DERP embedded is enabled
2022-03-18 12:58:00 +01:00
Juan Font Alonso
b8aad5451d
Make STUN run by default when embedded DERP is enabled
...
This commit also allows to set an external STUN server, while running the embedded DERP server (without embedded STUN)
2022-03-15 13:22:25 +01:00
Juan Font Alonso
580db9b58f
Mention that STUN is UDP
2022-03-06 23:19:21 +01:00
Juan Font Alonso
eb06054a7b
Make DERP Region configurable
2022-03-06 17:25:21 +01:00
Juan Font Alonso
eb500155e8
Make STUN server configurable
2022-03-06 17:00:56 +01:00
Juan Font Alonso
237f7f1027
Merge branch 'main' into embedded-derp
2022-03-05 19:42:29 +01:00
Juan Font Alonso
df37d1a639
Do not offer the option to be DERP insecure
...
Websockets, in which DERP is based, requires a TLS certificate. At the same time,
if we use a certificate it must be valid... otherwise Tailscale wont connect (does not
have an Insecure option). So there is no option to expose insecure here
2022-03-05 19:19:21 +01:00
Juan Font Alonso
758b1ba1cb
Renamed configuration items of the DERP server
2022-03-05 16:22:02 +01:00
zakaria
745696b310
docs: fix mistake in ACME challenge type comment
2022-03-04 12:11:43 +10:00
Kristoffer Dalby
b61500670c
Merge branch 'main' into metrics-listen
2022-03-02 11:35:33 +00:00
Nico Rey
9a61725e9f
Metrics: Disable toggle. Set default port to 9090
2022-02-28 10:40:02 -03:00
Kristoffer Dalby
6126d6d9b5
Merge branch 'main' into metrics-listen
2022-02-28 14:24:25 +01:00
Kristoffer Dalby
e0b9a317f4
Add note to config example
2022-02-27 09:05:08 +01:00
Nico Rey
06e6c29a5b
metrics: make metrics endpoint toggleable
2022-02-25 18:36:03 -03:00
Nico Rey
a9122c3de3
prometheus: replace default port by a port between the recommended prometheus range
2022-02-25 18:21:20 -03:00
Nico
d55c79e75b
Merge branch 'main' into metrics-listen
2022-02-24 10:41:07 -03:00
Kristoffer Dalby
aa506503e2
Merge branch 'main' into feat-oidc-login-as-namespace
2022-02-24 11:40:34 +00:00