Commit Graph

174 Commits

Author SHA1 Message Date
Kristoffer Dalby 3c20d2a178 Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-02-03 09:26:22 +01:00
Kristoffer Dalby da48cf64b3 Set OpenID Connect Expiry
This commit adds a default OpenID Connect expiry to 180d to align with
Tailscale SaaS (previously infinite or based on token expiry).

In addition, it adds an option use the expiry time from the Token sent
by the OpenID provider. This will typically cause really short expiry
and you should only turn on this option if you know what you are
desiring.

This fixes #1176.

Co-authored-by: Even Holthe <even.holthe@bekk.no>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-31 18:55:16 +01:00
Dominic Bevacqua 385fd93e73 Update changelog 2023-01-31 00:15:48 +01:00
Juan Font 640bb94119 Do not show IsPrimary field as false in exit nodes 2023-01-29 14:54:09 +01:00
Juan Font b322cdf251 Updated changelog for v0.20.0 2023-01-29 11:46:37 +01:00
Kristoffer Dalby 8dadb045cf Mark -n and --namespace as deprecated
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-26 10:22:38 +01:00
Kristoffer Dalby 86a7129027 Update changelog, more explicit backup note
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-19 12:54:34 +01:00
Kristoffer Dalby 81441afe70 update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Motiejus Jakštys bafb6791d3 oidc: allow reading the client secret from a file
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.

[1]: https://systemd.io/CREDENTIALS/
2023-01-14 17:03:57 +01:00
Juan Font 6c714e88ee Added entry for performance improvements in ACLs 2023-01-11 08:58:03 +01:00
Juan Font 2084464225 Update CHANGELOG.md
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2023-01-05 14:59:02 +01:00
Juan Font afae1ff7b6 Delete ephemeral machines on logout
Update changelog

Use dedicated method to delete
2023-01-05 14:59:02 +01:00
Even Holthe 6db9656008 oidc: update changelog 2023-01-04 09:23:52 +01:00
Christian Heusel 1f4efbcd3b add changelog entry 2023-01-01 22:45:16 +01:00
Juan Font 593040b73d Run the Noise handlers under a new struct so we can access the noiseConn from the handlers
In TS2021 the MachineKey can be obtained from noiseConn.Peer() - contrary to what I thought before,
where I assumed MachineKey was dropped in TS2021.

By having a ts2021App and hanging from there the TS2021 handlers, we can fetch again the MachineKey.
2022-12-21 20:52:08 +01:00
Juan Font ca37dc6268 Update changelog 2022-12-15 00:13:53 -08:00
Kristoffer Dalby 134c72f4fb Set db_ssl to false by default, fixes #1043
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-07 14:58:47 +01:00
Zachary Newell 70f2f5d750 Added an OIDC AllowGroups option for authorization. 2022-12-07 08:53:16 +01:00
Juan Font 34107f9a0f Updated changelog 2022-12-06 08:17:14 +01:00
Kristoffer Dalby 68c72d03b5 Prep changelog for new release
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby bd4b2da06e Add changelog entry to correct version
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby a58a552f0e Update macos/windows doc
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Juan Font 89c12072ba added changelog for 0.17.1 2022-12-03 16:34:23 +01:00
Kristoffer Dalby 63cd3122e6 Add breaking change about noise private path
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-01 14:47:19 +01:00
Kristoffer Dalby eb072a1a74 mark some changes as more important
Signed-off-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-11-26 12:01:12 +01:00
Kristoffer Dalby 36b8862e7c Add notes about current ssh status
Signed-off-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-11-26 11:53:31 +01:00
Even Holthe c28ca27133 Add SSH ACL to changelog 2022-11-26 11:53:31 +01:00
Orville Q. Song 25195b8d73 Update CHANGELOG.md 2022-11-24 16:13:47 +01:00
Arnar Gauti Ingason 6d3ede1367 Add support for NextDNS resolver 2022-11-18 09:38:46 +01:00
Juan Font Alonso 2d79179141 Updated changelog 2022-11-15 21:28:26 +01:00
Juan Font 6391555dab Updated changelog 2022-11-15 08:42:29 +01:00
Kristoffer Dalby 527b580f5e
Add build flag to enable TS2019 (#928) 2022-11-04 11:26:33 +01:00
Benjamin Roberts 8a07381e3a
Fix prefix length comparison bug in AutoApprovers route evaluation (#862) 2022-11-01 12:00:40 +01:00
Kristoffer Dalby ca8bca98ed
Add support for "override local DNS" (#905)
* Add support for "override local DNS"

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update cli dump test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-31 16:26:18 +01:00
Jiang Zhu 4e8b95e6cd
Fix issue 660 (#874)
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2022-10-31 15:59:50 +01:00
Kristoffer Dalby 94ad0a1555
Remove ip_prefix, its been deprecated for a long time (#899)
* Remove ip_prefix, its been deprecated for a long time

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2022-10-30 22:31:18 +01:00
Kristoffer Dalby 03194e2d66
Merge branch 'main' into feature-random-suffix-on-collision 2022-10-11 08:24:21 +02:00
Juan Font 5333df283a
Merge branch 'main' into sanitise-machine-key-url 2022-10-04 14:31:28 +02:00
= 2aebd2927d
Random suffix only on collision.
0.16.0 introduced random suffixes to all machine given names
(DNS hostnames) regardless of collisions within a namespace.
This commit brings Headscale more inline with Tailscale by only
adding a suffix if the hostname will collide within the namespace.

The suffix generation differs from Tailscale.
See https://tailscale.com/kb/1098/machine-names/
2022-10-03 09:13:56 +02:00
Kristoffer Dalby 6b4d53315b
Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:01:01 +02:00
Kristoffer Dalby d06ba7b522
Merge branch 'main' into sanitise-machine-key-url 2022-09-23 11:09:23 +02:00
Benjamin George Roberts 6d2cfd52c5 Merge branch 'main' into autoapprovers 2022-09-23 18:44:36 +10:00
Kristoffer Dalby 75a8fc8b3e
Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-23 10:44:29 +02:00
Benjamin George Roberts d764f52f24 Update changelog 2022-09-23 18:16:16 +10:00
Benjamin George Roberts e5decbd0fa Update changelog 2022-09-23 18:13:48 +10:00
Juan Font 397754753f
Merge branch 'main' into feature/json-logs 2022-09-20 23:11:29 +02:00
Kristoffer Dalby f2da1a1665
Add comment and update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 12:14:49 +02:00
Igor Perepilitsyn 874d6aaf6b Make styling fixes 2022-09-11 21:44:28 +02:00
Igor Perepilitsyn ae4f2cc4b5 Update changelog 2022-09-11 21:37:38 +02:00
Juan Font Alonso c28e559da4 Updated changelog 2022-09-04 16:23:46 +02:00