Commit Graph

2808 Commits

Author SHA1 Message Date
Adrien Raffin-Caboisse 7b5ba9f781
docs(acl): add configuration example to explain acls 2022-02-17 09:30:09 +01:00
Adrien Raffin de59946447
feat(acls): rewrite functions to be testable
Rewrite some function to get rid of the dependency on Headscale object. This allows us
to write succinct test that are more easy to review and implement.

The improvements of the tests allowed to write the removal of the tagged hosts
from the namespace as specified here: https://tailscale.com/kb/1068/acl-tags/
2022-02-17 09:30:09 +01:00
Adrien Raffin 97eac3b938
feat(acl): update frequently the aclRules
This call should be done quite at each modification of a server resources like RequestTags.
When a server changes it's tag we should rebuild the ACL rules.

When a server is added to headscale we also should update the ACLRules.
2022-02-17 09:30:08 +01:00
Adrien Raffin fb45138fc1
feat(acls): check acl owners and add bunch of tests 2022-02-17 09:30:08 +01:00
Adrien Raffin e9949b4c70
feat(acls): simplify updating rules 2022-02-17 09:30:08 +01:00
Adrien Raffin e482dfeed4
feat(machine): add ACLFilter if ACL's are enabled.
This commit change the default behaviour and remove the notion of namespaces between the hosts. It allows all namespaces to be only filtered by the ACLs. This behavior is closer to tailsnet.
2022-02-17 09:30:05 +01:00
Jamie Greeff 9b7d657cbe
Return all peers instead of peers in same namespace 2022-02-17 09:27:59 +01:00
Adrien Raffin-Caboisse 55d746d3f5 docs(acls-proposal): wording comment
A hidden thing was implied in this document is that each person should have his own namespace.
Hidden information in spicification isn't good.
Thank's @kradalby for pointing it out.
2022-02-16 09:16:25 +01:00
Kristoffer Dalby 73497382b7
Merge pull request #306 from kradalby/apiwork
Introduce API keys and enable remote control API
2022-02-15 22:23:32 +00:00
Adrien Raffin-Caboisse c364c2a382 chore(acl-proposals): apply prettier 2022-02-15 09:53:22 +01:00
Adrien Raffin-Caboisse e540679dbd docs(acl-proposals): integrate comments 2022-02-15 09:52:05 +01:00
Adrien Raffin-Caboisse 86b329d8bf chore(docs): create proposals directory 2022-02-15 09:27:33 +01:00
Kristoffer Dalby b2b2954545
Merge branch 'main' into apiwork 2022-02-14 22:29:20 +00:00
Kristoffer Dalby a3360b082f
Merge pull request #321 from ohdearaugustin/topic/specific-go-version 2022-02-14 22:03:17 +00:00
Kristoffer Dalby b721502147
Merge branch 'main' into topic/specific-go-version 2022-02-14 20:51:33 +00:00
Kristoffer Dalby 1869bff4ba
Merge pull request #316 from kradalby/kv-worker-cleanup 2022-02-14 20:51:00 +00:00
ohdearaugustin 0b9dd19ec7 Dockerfiles: update go version to 1.17.7 2022-02-14 21:32:20 +01:00
ohdearaugustin b2889bc355 github/workflows: set specific go version 2022-02-14 21:31:49 +01:00
Kristoffer Dalby 28c824acaf
Merge branch 'main' into apiwork 2022-02-14 16:17:34 +00:00
Kristoffer Dalby 57f1da6dca
Merge branch 'main' into kv-worker-cleanup 2022-02-14 11:35:15 +00:00
Kristoffer Dalby c9640b2f3e
Merge pull request #317 from kradalby/sponsor 2022-02-14 11:34:56 +00:00
Kristoffer Dalby 546b1e8a05
Merge branch 'main' into kv-worker-cleanup 2022-02-14 10:17:03 +00:00
Kristoffer Dalby 3b54a68f5c
Merge branch 'main' into sponsor 2022-02-14 10:16:58 +00:00
Kristoffer Dalby 1b1aac18d2
Merge pull request #315 from kradalby/windows-client-docs2 2022-02-14 10:16:25 +00:00
Kristoffer Dalby f30ee3d2df Add note about support in readme 2022-02-13 11:07:45 +00:00
Kristoffer Dalby 9f80349471 Add sponsorship button
This commit adds a sponsor/funding section to headscale.

@juanfont and I have discussed this and this arrangement is agreed upon
and hopefully this can bring us to a place in the future were even more
features and prioritization can be put upon the project.
2022-02-13 11:02:31 +00:00
Kristoffer Dalby 14b23544e4 Add note about running grpc behind a proxy and combining ports 2022-02-13 09:48:33 +00:00
Kristoffer Dalby 4e54796384 Allow gRPC server to run insecure 2022-02-13 09:08:46 +00:00
Kristoffer Dalby c3b68adfed Fix lint 2022-02-13 08:46:35 +00:00
Kristoffer Dalby 0018a78d5a Add insecure option
Add option to not _validate_ if the certificate served from headscale is
trusted.
2022-02-13 08:41:49 +00:00
Kristoffer Dalby 50f0270543
Merge branch 'main' into windows-client-docs2 2022-02-12 22:35:23 +00:00
Kristoffer Dalby bb80b679bc Remove RequestMapUpdates function 2022-02-12 21:04:00 +00:00
Kristoffer Dalby 6fa0903a8e Update changelog 2022-02-12 20:50:17 +00:00
Kristoffer Dalby 2bc8051ae5 Remove kv-namespace-worker
This commit removes the namespace kv worker and related code, now that
we talk over gRPC to the server, and not directly to the DB, we should
not need this anymore.
2022-02-12 20:46:05 +00:00
Kristoffer Dalby 4841e16386
Add remote control doc 2022-02-12 20:39:42 +00:00
Kristoffer Dalby d79ccfc05a Add comment on why grpc is on its own port, replace deprecated 2022-02-12 19:50:12 +00:00
Kristoffer Dalby ead8b68a03 Fix lint 2022-02-12 19:42:55 +00:00
Kristoffer Dalby 3bb4c28c9a
Merge branch 'main' into apiwork 2022-02-12 19:39:30 +00:00
Kristoffer Dalby 2fbcc38f8f Emph trusted cert 2022-02-12 19:36:43 +00:00
Kristoffer Dalby 315ff9daf0 Remove insecure, only allow valid certs 2022-02-12 19:35:55 +00:00
Kristoffer Dalby 4078e75b50 Correct log message 2022-02-12 19:30:25 +00:00
Kristoffer Dalby 58bfea4e64 Update examples and docs 2022-02-12 19:08:59 +00:00
Kristoffer Dalby e18078d7f8 Rename j 2022-02-12 19:08:41 +00:00
Kristoffer Dalby c73b57e7dc Use undeprecated method for insecure 2022-02-12 19:08:33 +00:00
Kristoffer Dalby 531298fa59 Fix import 2022-02-12 17:13:51 +00:00
Kristoffer Dalby 30a2ccd975 Add tls certs as creds for grpc 2022-02-12 17:05:30 +00:00
Kristoffer Dalby 59e48993f2 Change the http listener 2022-02-12 16:33:18 +00:00
Kristoffer Dalby bfc6f6e0eb Split grpc and http 2022-02-12 16:15:26 +00:00
Kristoffer Dalby 811d3d510c Add grpc_listen_addr config option 2022-02-12 16:14:33 +00:00
Kristoffer Dalby 2aba37d2ef Try to support plaintext http2 after termination 2022-02-12 14:42:23 +00:00