Adrien Raffin-Caboisse
aceaba60f1
docs(changelog): bump changelog
2022-02-17 09:30:09 +01:00
Adrien Raffin-Caboisse
7b5ba9f781
docs(acl): add configuration example to explain acls
2022-02-17 09:30:09 +01:00
Adrien Raffin
de59946447
feat(acls): rewrite functions to be testable
...
Rewrite some function to get rid of the dependency on Headscale object. This allows us
to write succinct test that are more easy to review and implement.
The improvements of the tests allowed to write the removal of the tagged hosts
from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-17 09:30:09 +01:00
Adrien Raffin
97eac3b938
feat(acl): update frequently the aclRules
...
This call should be done quite at each modification of a server resources like RequestTags.
When a server changes it's tag we should rebuild the ACL rules.
When a server is added to headscale we also should update the ACLRules.
2022-02-17 09:30:08 +01:00
Adrien Raffin
fb45138fc1
feat(acls): check acl owners and add bunch of tests
2022-02-17 09:30:08 +01:00
Adrien Raffin
e9949b4c70
feat(acls): simplify updating rules
2022-02-17 09:30:08 +01:00
Adrien Raffin
e482dfeed4
feat(machine): add ACLFilter if ACL's are enabled.
...
This commit change the default behaviour and remove the notion of namespaces between the hosts. It allows all namespaces to be only filtered by the ACLs. This behavior is closer to tailsnet.
2022-02-17 09:30:05 +01:00
Jamie Greeff
9b7d657cbe
Return all peers instead of peers in same namespace
2022-02-17 09:27:59 +01:00
Adrien Raffin-Caboisse
55d746d3f5
docs(acls-proposal): wording comment
...
A hidden thing was implied in this document is that each person should have his own namespace.
Hidden information in spicification isn't good.
Thank's @kradalby for pointing it out.
2022-02-16 09:16:25 +01:00
Kristoffer Dalby
73497382b7
Merge pull request #306 from kradalby/apiwork
...
Introduce API keys and enable remote control API
2022-02-15 22:23:32 +00:00
Adrien Raffin-Caboisse
c364c2a382
chore(acl-proposals): apply prettier
2022-02-15 09:53:22 +01:00
Adrien Raffin-Caboisse
e540679dbd
docs(acl-proposals): integrate comments
2022-02-15 09:52:05 +01:00
Adrien Raffin-Caboisse
86b329d8bf
chore(docs): create proposals directory
2022-02-15 09:27:33 +01:00
Kristoffer Dalby
b2b2954545
Merge branch 'main' into apiwork
2022-02-14 22:29:20 +00:00
Kristoffer Dalby
a3360b082f
Merge pull request #321 from ohdearaugustin/topic/specific-go-version
2022-02-14 22:03:17 +00:00
Kristoffer Dalby
b721502147
Merge branch 'main' into topic/specific-go-version
2022-02-14 20:51:33 +00:00
Kristoffer Dalby
1869bff4ba
Merge pull request #316 from kradalby/kv-worker-cleanup
2022-02-14 20:51:00 +00:00
ohdearaugustin
0b9dd19ec7
Dockerfiles: update go version to 1.17.7
2022-02-14 21:32:20 +01:00
ohdearaugustin
b2889bc355
github/workflows: set specific go version
2022-02-14 21:31:49 +01:00
Kristoffer Dalby
28c824acaf
Merge branch 'main' into apiwork
2022-02-14 16:17:34 +00:00
Kristoffer Dalby
57f1da6dca
Merge branch 'main' into kv-worker-cleanup
2022-02-14 11:35:15 +00:00
Kristoffer Dalby
c9640b2f3e
Merge pull request #317 from kradalby/sponsor
2022-02-14 11:34:56 +00:00
Kristoffer Dalby
546b1e8a05
Merge branch 'main' into kv-worker-cleanup
2022-02-14 10:17:03 +00:00
Kristoffer Dalby
3b54a68f5c
Merge branch 'main' into sponsor
2022-02-14 10:16:58 +00:00
Kristoffer Dalby
1b1aac18d2
Merge pull request #315 from kradalby/windows-client-docs2
2022-02-14 10:16:25 +00:00
Kristoffer Dalby
f30ee3d2df
Add note about support in readme
2022-02-13 11:07:45 +00:00
Kristoffer Dalby
9f80349471
Add sponsorship button
...
This commit adds a sponsor/funding section to headscale.
@juanfont and I have discussed this and this arrangement is agreed upon
and hopefully this can bring us to a place in the future were even more
features and prioritization can be put upon the project.
2022-02-13 11:02:31 +00:00
Kristoffer Dalby
14b23544e4
Add note about running grpc behind a proxy and combining ports
2022-02-13 09:48:33 +00:00
Kristoffer Dalby
4e54796384
Allow gRPC server to run insecure
2022-02-13 09:08:46 +00:00
Kristoffer Dalby
c3b68adfed
Fix lint
2022-02-13 08:46:35 +00:00
Kristoffer Dalby
0018a78d5a
Add insecure option
...
Add option to not _validate_ if the certificate served from headscale is
trusted.
2022-02-13 08:41:49 +00:00
Kristoffer Dalby
50f0270543
Merge branch 'main' into windows-client-docs2
2022-02-12 22:35:23 +00:00
Kristoffer Dalby
bb80b679bc
Remove RequestMapUpdates function
2022-02-12 21:04:00 +00:00
Kristoffer Dalby
6fa0903a8e
Update changelog
2022-02-12 20:50:17 +00:00
Kristoffer Dalby
2bc8051ae5
Remove kv-namespace-worker
...
This commit removes the namespace kv worker and related code, now that
we talk over gRPC to the server, and not directly to the DB, we should
not need this anymore.
2022-02-12 20:46:05 +00:00
Kristoffer Dalby
4841e16386
Add remote control doc
2022-02-12 20:39:42 +00:00
Kristoffer Dalby
d79ccfc05a
Add comment on why grpc is on its own port, replace deprecated
2022-02-12 19:50:12 +00:00
Kristoffer Dalby
ead8b68a03
Fix lint
2022-02-12 19:42:55 +00:00
Kristoffer Dalby
3bb4c28c9a
Merge branch 'main' into apiwork
2022-02-12 19:39:30 +00:00
Kristoffer Dalby
2fbcc38f8f
Emph trusted cert
2022-02-12 19:36:43 +00:00
Kristoffer Dalby
315ff9daf0
Remove insecure, only allow valid certs
2022-02-12 19:35:55 +00:00
Kristoffer Dalby
4078e75b50
Correct log message
2022-02-12 19:30:25 +00:00
Kristoffer Dalby
58bfea4e64
Update examples and docs
2022-02-12 19:08:59 +00:00
Kristoffer Dalby
e18078d7f8
Rename j
2022-02-12 19:08:41 +00:00
Kristoffer Dalby
c73b57e7dc
Use undeprecated method for insecure
2022-02-12 19:08:33 +00:00
Kristoffer Dalby
531298fa59
Fix import
2022-02-12 17:13:51 +00:00
Kristoffer Dalby
30a2ccd975
Add tls certs as creds for grpc
2022-02-12 17:05:30 +00:00
Kristoffer Dalby
59e48993f2
Change the http listener
2022-02-12 16:33:18 +00:00
Kristoffer Dalby
bfc6f6e0eb
Split grpc and http
2022-02-12 16:15:26 +00:00
Kristoffer Dalby
811d3d510c
Add grpc_listen_addr config option
2022-02-12 16:14:33 +00:00