4e54796384
Allow gRPC server to run insecure
2022-02-13 09:08:46 +00:00
0018a78d5a
Add insecure option
...
Add option to not _validate_ if the certificate served from headscale is
trusted.
2022-02-13 08:41:49 +00:00
2bc8051ae5
Remove kv-namespace-worker
...
This commit removes the namespace kv worker and related code, now that
we talk over gRPC to the server, and not directly to the DB, we should
not need this anymore.
2022-02-12 20:46:05 +00:00
d79ccfc05a
Add comment on why grpc is on its own port, replace deprecated
2022-02-12 19:50:12 +00:00
315ff9daf0
Remove insecure, only allow valid certs
2022-02-12 19:35:55 +00:00
4078e75b50
Correct log message
2022-02-12 19:30:25 +00:00
531298fa59
Fix import
2022-02-12 17:13:51 +00:00
30a2ccd975
Add tls certs as creds for grpc
2022-02-12 17:05:30 +00:00
59e48993f2
Change the http listener
2022-02-12 16:33:18 +00:00
bfc6f6e0eb
Split grpc and http
2022-02-12 16:15:26 +00:00
2aba37d2ef
Try to support plaintext http2 after termination
2022-02-12 14:42:23 +00:00
8853ccd5b4
Terminate tls immediatly, mux after
2022-02-12 13:25:27 +00:00
af25aa75d9
Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls
2022-01-31 10:27:57 -05:00
da5250ea32
linting again
2022-01-31 10:27:43 -05:00
168b1bd579
Merge branch 'main' into configurable-mtls
2022-01-31 12:28:00 +00:00
52db80ab0d
Merge branch 'configurable-mtls' of github.com:arch4ngel/headscale into configurable-mtls
2022-01-31 07:19:14 -05:00
0c3fd16113
refining and adding tests
2022-01-31 07:18:50 -05:00
310e7b15c7
making alternatives constants
2022-01-30 10:46:57 -05:00
6f6018bad5
Merge branch 'main' into ipv6
2022-01-30 08:21:11 +00:00
0609c97459
Merge branch 'main' into configurable-mtls
2022-01-29 20:15:58 +00:00
c98a559b4d
linting/formatting
2022-01-29 14:15:33 -05:00
5935b13b67
refining
2022-01-29 13:35:08 -05:00
9e619fc020
Making client authentication mode configurable
2022-01-29 12:59:31 -05:00
13f23d2e7e
Merge branch 'main' into socket-permission
2022-01-29 14:34:36 +00:00
c0c3b7d511
Merge remote-tracking branch 'origin/main' into ipv6
2022-01-29 15:27:49 +01:00
b4f8961e44
Make Unix socket permissions configurable
2022-01-28 18:58:22 +00:00
f59071ff1c
Trim whitespace from privateKey before parsing
2022-01-28 17:23:01 +00:00
537cd35cb2
Try to add the grpc cert correctly
2022-01-25 22:22:15 +00:00
00c69ce50c
Enable remote gRPC and HTTP API
...
This commit enables the existing gRPC and HTTP API from remote locations
as long as the user can provide a valid API key. This allows users to
control their headscale with the CLI from a workstation. 🎉
2022-01-25 22:11:15 +00:00
1a6e5d8770
Add support for multiple IP prefixes
2022-01-16 14:18:22 +01:00
5a504fa711
Better error description
...
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-12-07 11:44:09 +01:00
b4cce22415
Better error description
...
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-12-07 11:44:00 +01:00
3a85c4d367
Better error description
2021-12-07 08:46:55 +01:00
7e95b3501d
Ignoe derp.yaml, don't panic in Serve()
2021-12-01 19:32:47 +01:00
34f4109fbd
Add back privatekey, but automatically generate it if it does not exist
2021-11-28 09:17:18 +00:00
ef81845deb
Merge branch 'main' into kradalby-patch-2
2021-11-27 20:30:27 +00:00
c63c259d31
Switch wgkey for types/key
...
We dont seem to need the wireguard key anymore, we generate a key on
startup based on the new library and the users fetch it from /key.
Clean up app.go and update docs
2021-11-26 23:28:06 +00:00
58fd6c4ba5
Revert postgres constant value
...
changes "postgresql" to "postgres"
2021-11-26 07:13:00 +00:00
021c464148
Add cache for requested expiry times
...
This commit adds a sentral cache to keep track of clients whom has
requested an expiry time, but were we need to keep hold of it until the
second request comes in.
2021-11-22 19:32:52 +00:00
9aac1fb255
Remove expiry logic, this needs to be redone
2021-11-19 09:02:29 +00:00
d6739386a0
Get rid of dynamic errors
2021-11-15 19:18:14 +00:00
c4d4c9c4e4
Add and fix gosec
2021-11-15 18:31:52 +00:00
715542ac1c
Add and fix stylecheck (golint replacement)
2021-11-15 17:24:24 +00:00
471c0b4993
Initial work eliminating one/two letter variables
2021-11-14 20:32:03 +01:00
53ed749f45
Start work on making gocritic pass
2021-11-14 18:44:37 +01:00
85f28a3f4a
Remove all instances of undefined numbers (gonmd)
2021-11-14 18:31:51 +01:00
9390348a65
Add and fix goconst
2021-11-14 18:06:25 +01:00
c9c16c7fb8
Remove unused params or returns
2021-11-14 18:03:21 +01:00
0315f55fcd
Add and fix nilnil
2021-11-14 17:51:34 +01:00
89eb13c6cb
Add and fix nlreturn (new line return)
2021-11-14 16:46:09 +01:00
2634215f12
golangci-lint --fix
2021-11-13 08:39:04 +00:00
03b7ec62ca
Go format with shorter lines
2021-11-13 08:36:45 +00:00
49893305b4
Only turn on response log in grpc in trace mode
2021-11-08 22:06:25 +00:00
b15efb5201
Ensure unix socket is removed before we startup
2021-11-07 09:55:32 +00:00
2dfd42f80c
Attempt to dry up CLI client, add proepr config
...
This commit is trying to DRY up the initiation of the gRPC client in
each command:
It renames the function to CLI instead of GRPC as it actually set up a
CLI client, not a generic grpc client
It also moves the configuration of address, timeout (which is now
consistent) and api to use Viper, allowing users to set it via env vars
and configuration file
2021-11-07 09:41:14 +00:00
706ff59d70
Clean pointer list in app.go, add grpc logging and simplify naming
2021-11-04 22:18:55 +00:00
7c774bc547
Remove flag that cant be trapped
2021-11-02 21:49:19 +00:00
9954a3c599
Add handling for closing the socket
2021-11-02 21:46:15 +00:00
b91c115ade
Remove "auth skip" for socket traffic
2021-10-31 19:57:42 +00:00
8db45a4e75
Setup a seperate, non-tls, no auth, socket grpc
2021-10-31 19:52:34 +00:00
1c9b1ea91a
Add todo
2021-10-31 16:34:20 +00:00
3f30bf1e33
Ensure we set up TLS for http
2021-10-31 16:19:38 +00:00
264e5964f6
Resolve merge conflict
2021-10-31 09:40:43 +00:00
cbf3f5d640
Resolve merge conflict
2021-10-30 15:33:01 +00:00
482a31b66b
Setup swagger and swagger UI properly
2021-10-30 14:29:53 +00:00
434fac52b7
Fix lint error
2021-10-30 14:29:03 +00:00
6aacada852
Switch from gRPC localhost to socket
...
This commit changes the way CLI and grpc-gateway communicates with the
gRPC backend to socket, instead of localhost. Unauthenticated access now
goes on the socket, while the network interface will require API key (in
the future).
2021-10-30 14:08:16 +00:00
68dab0fe7b
Move localhost check to utils
2021-10-29 17:04:58 +00:00
a23d82e33a
Setup API and prepare for API keys
...
This commit sets up the API and gRPC endpoints and adds authentication
to them. Currently there is no actual authentication implemented but it
has been prepared for API keys.
In addition, there is a allow put in place for gRPC traffic over
localhost. This has two purposes:
1. grpc-gateway, which is the base of the API, connects to the gRPC
service over localhost.
2. We do not want to break current "on server" behaviour which allows
users to use the cli on the server without any fuzz
2021-10-29 16:45:06 +00:00
2f045b20fb
Refactor tls and wire up grpc, grpc gateway/api
...
This commit moves the TLS configuration into a seperate function.
It also wires up the gRPC interface and prepares handing the API
endpoints to the grpc gateway.
2021-10-26 20:42:56 +00:00
57f46ded83
Split derp into its own config struct
2021-10-22 16:55:14 +00:00
41c5a0ddf5
Apply suggestions from code review
...
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-20 09:35:56 +02:00
18b00b5d8d
Add support for Split DNS (implements #179 )
2021-10-19 20:51:43 +02:00
677bd9b657
Implement namespace matching
2021-10-18 19:27:52 +00:00
afbfc1d370
Merge branch 'main' into main
2021-10-16 22:31:37 +08:00
5ce1526a06
Do not return a pointer
2021-10-10 12:43:41 +02:00
74e6c1479e
updates from code review
2021-10-10 17:22:42 +08:00
c4487b73c4
Merge branch 'main' into magic-dns-support
2021-10-09 12:24:07 +02:00
fc5153af3e
Generate MagicDNS search domains for any tailnet range
2021-10-09 12:22:13 +02:00
2997f4d251
Merge branch 'main' into main
2021-10-08 22:21:41 +01:00
e407d423d4
updates from code review
2021-10-08 17:43:52 +08:00
f0c54490ed
Allow multiple namespaces to be checked for state at the same time
2021-10-06 22:06:07 +00:00
ba391bc2ed
Account for updates in shared namespaces
2021-10-06 19:32:15 +00:00
c487591437
use go-oidc instead of verifying and extracting tokens ourselves, rename oidc_endpoint to oidc_issuer to be more inline with spec
2021-10-06 17:19:15 +08:00
a01a0d1039
Remove unstable update channel, replace with state updates
2021-10-05 16:24:46 +00:00
2eef535b4b
Merged main
2021-10-04 23:43:42 +02:00
040a18e6f8
Merge branch 'main' into magic-dns-support
2021-10-04 19:45:12 +02:00
94ba5181fc
Resolve merge conflict
2021-10-04 16:38:52 +00:00
1d5b090579
Initial work on Prometheus metrics
...
This commit adds some Prometheus metrics to /metrics in headscale.
It will add the standard go metrics, some automatic gin metrics and some
initial headscale specific ones.
Some of them has been added to aid debugging #97 (loop bug)
In the future, we can use the metrics to get rid of the sleep in the
integration tests by checking that our expected number of nodes has been
registered:
```
headscale_machine_registrations_total
```
2021-10-04 16:28:07 +00:00
ef0f7c0c09
Integration tests for MagicDNS working
2021-10-04 18:04:08 +02:00
8fa0fe65ba
Add the ability to specify registration ACME email and ACME URL.
2021-10-03 12:26:38 -06:00
ed728f57e0
Remove WriteTimeout from HTTP
...
Golangs built in HTTP server does not allow different HTTP timeout for
different types of handlers, so we cannot have a write timeout as we
attempt to do long polling (my bad).
See linked article.
Also removed redundant server declaration
2021-10-02 15:29:27 +01:00
8d60ae2c7e
Tidy gomod
2021-10-02 13:03:41 +02:00
45e71ecba0
Generated MagicDNS search domains (only in 100.64.0.0/10)
2021-10-02 12:13:05 +02:00
656237e167
Propagate dns config vales across Headscale
2021-10-02 11:20:42 +02:00
cc054d71fe
Merge branch 'main' into main
2021-09-26 21:35:26 +01:00
e7a2501fe8
initial work on OIDC (SSO) integration
2021-09-26 16:53:05 +08:00
2d39d6602c
Merge remote-tracking branch 'upstream/main' into apple-mobileconfig
2021-09-19 18:00:40 +01:00
dfcab2b6d5
Wire up new handlers
2021-09-19 17:56:29 +01:00
987bbee1db
Add DNSConfig field to configuration
2021-08-24 07:09:47 +01:00
Kristoffer Dalby
Justin Angel
Csaba Sarkadi
Eugen Biegler
Eugen
Juan Font
unreality
Raal Goff
Aaron Bieber