Commit Graph

426 Commits

Author SHA1 Message Date
Kristoffer Dalby 95824ac2ec MOve ephemeral inactivity config check to all the other config check 2022-06-12 13:12:43 +00:00
Kristoffer Dalby 3f7749c6d4
Merge branch 'main' into feature/configure-randomize-port 2022-06-11 10:55:05 +01:00
Anton Schubert 34be10840c add ability to set randomizeClientPort 2022-06-09 21:26:40 +02:00
Jiang Zhu bcb04d38a5 Merge branch 'main' into enhance_cli_config
Extract LoadConfig from GetHeadscaleConfig, as they are conceptually
different operation, e.g.,
1) you can reload config through LoadConfig and do not get config
2) you can get config without reload config
2022-06-07 22:51:47 +08:00
Kristoffer Dalby 90f6be0c98 Rename one char var 2022-06-05 17:52:28 +02:00
Kristoffer Dalby af891808f6 Make get config load the config, use config in main method 2022-06-05 17:47:12 +02:00
Jiang Zhu ce13596077 add integration test for headscale -c 2022-06-05 23:13:58 +08:00
Jiang Zhu 402a29e50c impl heascale -c to specify config file 2022-06-05 18:25:09 +08:00
Jiang Zhu 0363e58467 cli.LoadConfig accepts config file now 2022-06-05 17:55:27 +08:00
Kristoffer Dalby 5514a862dc Update headscale read config tests 2022-06-03 09:26:46 +02:00
Kristoffer Dalby 1ea8bb782c Move all read config logic to config.go 2022-06-03 09:26:36 +02:00
Kristoffer Dalby 35722cd5aa Move FilePerm function from cli to headscale 2022-06-03 09:24:36 +02:00
Kristoffer Dalby 36dca3516a Move Abspath function to headscale utils 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 06129277ed Rename abspath function to describe what it does 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 6b1482daee Use config object instead of viper for policy path 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 24e4787a64 Make ACL policy part of the config struct 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 5bfae22c8f Make config get function global 2022-05-31 14:28:23 +02:00
Kristoffer Dalby 3e078f0494 Fix logtail config function name 2022-05-31 14:28:01 +02:00
Kristoffer Dalby f7edea5f40
Merge branch 'main' into rename-fixess 2022-05-31 09:42:20 +02:00
Kristoffer Dalby d860270733 Use Prometheus duration parser (support days and weeks) 2022-05-30 16:10:39 +02:00
Kristoffer Dalby 9175aca094
Merge branch 'main' into rename-fixess 2022-05-30 15:29:50 +02:00
Kristoffer Dalby 7f66d9184b Add config test 2022-05-30 14:57:43 +02:00
Kristoffer Dalby a0c465c2eb Wire up setting to enable/disable logtail 2022-05-30 14:47:41 +02:00
Kristoffer Dalby e631c6f7e0 Merge master 2022-05-16 21:41:46 +02:00
Kristoffer Dalby f4873d9387 Fix rename cli error 2022-05-16 20:29:31 +02:00
Adrien Raffin-Caboisse 4435a4f19d
chore: apply lint recommendations 2022-05-16 14:59:46 +02:00
Kristoffer Dalby a28eebfca3
Merge branch 'main' into feat-list-tags-of-machines 2022-05-15 12:11:28 +01:00
Adrien Raffin-Caboisse 72c1edaaa4
Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines 2022-05-13 11:56:06 +02:00
Adrien Raffin-Caboisse 63d920510d
feat: improve nodes list with inputs from @deonthomasgy
cf: https://github.com/juanfont/headscale/compare/main...deonthomasgy:dev/thomas/show-tags
2022-05-13 11:46:28 +02:00
Adrien Raffin-Caboisse 62cfd60e38
feat: add validation of tags 2022-05-13 10:18:01 +02:00
Samuel Lock c26280c331 modified code to satisfy golangci-lint and added integration test 2022-05-11 09:31:24 +10:00
Samuel Lock 8be9e9655c fixed issue #360 2022-05-10 20:51:14 +10:00
Deon Thomas 6ed79b7bb8
order Ip Address, IPv4 first, cleanup 2022-05-08 15:21:10 -04:00
Deon Thomas b4f5ed6618
order ip address output, IPv4 first 2022-05-08 15:06:12 -04:00
Adrien Raffin-Caboisse dc8c20e002
fix: handle empty aclPolicy for integration tests 2022-05-04 22:56:55 +02:00
Adrien Raffin-Caboisse a2fb5b2b9d
Merge remote-tracking branch 'origin/main' into feat-list-tags-of-machines 2022-05-03 20:35:28 +02:00
Antoine POPINEAU 7cc58af932
Allow more configuration over the OIDC flow.
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
2022-05-02 17:11:07 +02:00
Igor Perepilitsyn 12d8f0f4b0 remove redundant lines of code, fix response when output is not plain text 2022-05-02 14:00:00 +04:00
Igor Perepilitsyn 1b3a7bbf03 apply styling fixes 2022-05-02 08:32:33 +04:00
Igor Perepilitsyn bc055edf12 add command for moving node between namespaces 2022-05-01 17:55:34 +04:00
Adrien Raffin-Caboisse fec8cda16a
fix: fix linting issue on my computer 2022-04-25 22:33:53 +02:00
Adrien Raffin-Caboisse 2c448d4a5c
chore: apply linting 2022-04-25 22:27:44 +02:00
Adrien Raffin-Caboisse 8061abe279 refact: use generics for contains functions 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse cc9eeda889 feat: updating cli to match the set command 2022-04-25 22:17:23 +02:00
Kristoffer Dalby 79704dc9b0 Update command with new fields 2022-04-24 20:57:15 +01:00
Kristoffer Dalby 8845938881
Merge branch 'main' into main 2022-04-24 09:48:00 +02:00
Adrien Raffin-Caboisse f53bb63b2d
fix: move tag command to subcommand of nodes 2022-04-21 23:43:20 +02:00
Adrien Raffin-Caboisse 4651c44dde
feat: print tags in nodes list 2022-04-16 13:32:00 +02:00
Adrien Raffin-Caboisse 98f54c9f7f
chore: apply format and lint 2022-04-15 18:27:57 +02:00
Adrien Raffin-Caboisse 9de9bc23f8
feat(cli): add tag subcommand to add and remove tags 2022-04-15 16:12:35 +02:00
Nico Rey 6e08241712 Exit Headscale if ACL policy file cannot be parsed 2022-04-06 11:05:08 -03:00
henning mueller b2ae9b6cac
fix: Remove days from expiry option value examples 2022-04-05 18:45:29 +02:00
Kristoffer Dalby c8aa653275
Merge branch 'main' into main 2022-03-19 09:36:36 +00:00
Juan Font Alonso 2e6687209b Make STUN server mandatory if DERP embedded is enabled 2022-03-18 12:58:00 +01:00
Juan Font Alonso b8aad5451d Make STUN run by default when embedded DERP is enabled
This commit also allows to set an external STUN server, while running the embedded DERP server (without embedded STUN)
2022-03-15 13:22:25 +01:00
bravechamp 9901d6b2e7 Ability to clear nickname 2022-03-13 21:10:41 +00:00
bravechamp 663e8384a3 Nickname support 2022-03-13 21:03:20 +00:00
Juan Font Alonso de2ea83b3b Linting here and there 2022-03-06 17:35:54 +01:00
Juan Font Alonso eb06054a7b Make DERP Region configurable 2022-03-06 17:25:21 +01:00
Juan Font Alonso eb500155e8 Make STUN server configurable 2022-03-06 17:00:56 +01:00
Juan Font Alonso dc909ba6d7 Improved logging on startup 2022-03-06 16:54:19 +01:00
Juan Font Alonso df37d1a639 Do not offer the option to be DERP insecure
Websockets, in which DERP is based, requires a TLS certificate. At the same time,
if we use a certificate it must be valid... otherwise Tailscale wont connect (does not
have an Insecure option). So there is no option to expose insecure here
2022-03-05 19:19:21 +01:00
Juan Font Alonso 758b1ba1cb Renamed configuration items of the DERP server 2022-03-05 16:22:02 +01:00
Juan Font Alonso 23cde8445f Merge branch 'main' into embedded-derp 2022-03-04 00:04:59 +01:00
Juan Font Alonso 897d480f4d Add an embedded DERP server to Headscale
This series of commit will be adding an embedded DERP server (and STUN) to Headscale,
thus making it completely self-contained and not dependant in other infrastructure.
2022-03-04 00:01:31 +01:00
Kristoffer Dalby b61500670c
Merge branch 'main' into metrics-listen 2022-03-02 11:35:33 +00:00
zakaria 12b3b5f8f1 feat(aliases): add aliases for `preauthkeys` command
- `preauthkey`, `authkey`, `pre` are aliases for `preauthkey` command
- `ls`, `show` are aliases for `list` subcommand
- `c`, `new` are aliases for `create` subcommand
- `revoke`, `exp`, `e` are aliases for `expire` subcommand
2022-03-02 15:42:12 +10:00
zakaria 052dbfe440 feat(aliases): add aliases for `apikeys` command
- `apikey`, `api` are aliases for `apikeys` command
- `ls`, `show` are aliases for `list` subcommand
- `c`, `new` are aliases for `create` subcommand
- `revoke`, `exp`, `e` are aliases for the `expire` subcommand
2022-03-02 15:32:35 +10:00
zakaria 5310f8692b feat(aliases): add aliases for `namespaces` command
- `namespace`, `ns`, `user`, `users` are aliases for `namespaces`
   command
- `c`, `new` are aliases for the `create` subcommand
- `delete` is an alias for the `destroy` subcommand
- `mv` is an alias for the `rename` subcommand
- `ls`, `show` are aliases for the `list` subcommand
2022-03-02 14:35:20 +10:00
zakaria aff6b84250 feat(aliases): add 'gen' alias for 'generate' command 2022-03-02 14:29:33 +10:00
zakaria 21eee912a3 feat(aliases): add aliases for `nodes` command
- `node`, `machine`, `machines` are aliases for `nodes` command
- `ls`, `show` aliases for `list` subcommand
- `logout`, `exp`, `e` are aliases for `expire` subcommand
- `del` is an alias for `delete` subcommand
2022-03-02 14:28:03 +10:00
zakaria dbb2af0238 feat(aliases): add aliases for `route` command
- `r` is alias for `route` command
- `ls`, or `show` is alias for `list` subcommand
2022-03-02 14:27:56 +10:00
Nico Rey 9a61725e9f Metrics: Disable toggle. Set default port to 9090 2022-02-28 10:40:02 -03:00
Kristoffer Dalby 6126d6d9b5
Merge branch 'main' into metrics-listen 2022-02-28 14:24:25 +01:00
Nico Rey 06e6c29a5b metrics: make metrics endpoint toggleable 2022-02-25 18:36:03 -03:00
Nico Rey a9122c3de3 prometheus: replace default port by a port between the recommended prometheus range 2022-02-25 18:21:20 -03:00
Adrien Raffin-Caboisse b39faa124a
Merge remote-tracking branch 'origin/main' into feat-oidc-login-as-namespace 2022-02-25 11:28:17 +01:00
Nico d55c79e75b
Merge branch 'main' into metrics-listen 2022-02-24 10:41:07 -03:00
Kristoffer Dalby aa506503e2
Merge branch 'main' into feat-oidc-login-as-namespace 2022-02-24 11:40:34 +00:00
Kristoffer Dalby 9c2c09fce7
Merge branch 'main' into remove-shared 2022-02-24 11:39:44 +00:00
Kristoffer Dalby 8c33907655 Sort lint 2022-02-24 11:10:40 +00:00
Adrien Raffin-Caboisse 4f1f235a2e feat: add strip_email_domain to normalization of namespace 2022-02-23 14:03:07 +01:00
Adrien Raffin-Caboisse 717250adb3 feat: removing matchmap from headscale 2022-02-22 20:58:08 +01:00
Kristoffer Dalby 9ceac5c0fc Remove CLI and tests for Shared node 2022-02-21 22:44:08 +00:00
Nico Rey fbc1843889 metrics/tests: update tests 2022-02-21 12:51:05 -03:00
Nico Rey 45d5ab30ff metrics/cfg: add a new entry for the Prometheus listen address 2022-02-21 12:50:44 -03:00
Justin Angel daa75da277 Linting and updating tests 2022-02-21 10:09:23 -05:00
Kristoffer Dalby 7bf2a91dd0
Merge branch 'main' into configurable-mtls 2022-02-20 14:33:23 +00:00
Justin Angel 385dd9cc34 refactoring 2022-02-20 09:06:14 -05:00
Kristoffer Dalby 4e54796384 Allow gRPC server to run insecure 2022-02-13 09:08:46 +00:00
Kristoffer Dalby c3b68adfed Fix lint 2022-02-13 08:46:35 +00:00
Kristoffer Dalby 0018a78d5a Add insecure option
Add option to not _validate_ if the certificate served from headscale is
trusted.
2022-02-13 08:41:49 +00:00
Kristoffer Dalby ead8b68a03 Fix lint 2022-02-12 19:42:55 +00:00
Kristoffer Dalby 315ff9daf0 Remove insecure, only allow valid certs 2022-02-12 19:35:55 +00:00
Kristoffer Dalby e18078d7f8 Rename j 2022-02-12 19:08:41 +00:00
Kristoffer Dalby c73b57e7dc Use undeprecated method for insecure 2022-02-12 19:08:33 +00:00
Kristoffer Dalby 811d3d510c Add grpc_listen_addr config option 2022-02-12 16:14:33 +00:00
Kristoffer Dalby 168b1bd579
Merge branch 'main' into configurable-mtls 2022-01-31 12:28:00 +00:00
Justin Angel 9de5c7f8b8 updating default 2022-01-31 07:22:17 -05:00
Kristoffer Dalby 6f6018bad5
Merge branch 'main' into ipv6 2022-01-30 08:21:11 +00:00
Kristoffer Dalby 0609c97459
Merge branch 'main' into configurable-mtls 2022-01-29 20:15:58 +00:00
Kristoffer Dalby cd0df1e46f
Merge branch 'main' into socket-permission 2022-01-29 19:30:49 +00:00
Justin Angel c98a559b4d linting/formatting 2022-01-29 14:15:33 -05:00
Justin Angel 5935b13b67 refining 2022-01-29 13:35:08 -05:00
Justin Angel 9e619fc020 Making client authentication mode configurable 2022-01-29 12:59:31 -05:00
Csaba Sarkadi 45bcf39894 fixup! fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:52:27 +01:00
Csaba Sarkadi 0a1db89d33 fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:27:36 +01:00
Csaba Sarkadi e66f8b0eeb cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:04:15 +01:00
Kristoffer Dalby b4f8961e44 Make Unix socket permissions configurable 2022-01-28 18:58:22 +00:00
Kristoffer Dalby 126e694f26 Add generate private-key command
This commit adds a command to generate a private key for headscale.

Mostly useful for systems were you drive the deployment from another
machine and use a secret management system.
2022-01-28 18:08:52 +00:00
Kristoffer Dalby 05db1b7109 Formatting and improving logs for config loading 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 6e14fdf0d3 More reusable stuff in cli 2022-01-25 22:11:15 +00:00
Kristoffer Dalby 1fd57a3375 Add apikeys command to create, list and expire 2022-01-25 22:11:15 +00:00
Kristoffer Dalby b4259fcd79 Add helper function for colouring expiries 2022-01-25 22:11:15 +00:00
Csaba Sarkadi 1a6e5d8770 Add support for multiple IP prefixes 2022-01-16 14:18:22 +01:00
Kristoffer Dalby 25b5eb8d7f Update tests to aline with new config example 2022-01-02 23:17:42 +00:00
Kristoffer Dalby 8932133ae7
Merge branch 'main' into kradalby-patch-2 2021-11-28 09:28:32 +00:00
Kristoffer Dalby 34f4109fbd Add back privatekey, but automatically generate it if it does not exist 2021-11-28 09:17:18 +00:00
Kristoffer Dalby ef81845deb
Merge branch 'main' into kradalby-patch-2 2021-11-27 20:30:27 +00:00
Kristoffer Dalby 59aeaa8476 Ensure we always have the key prefix when needed 2021-11-27 20:25:12 +00:00
Ward Vandewege cb2ea300ad Fix linter errors. 2021-11-27 13:59:39 -05:00
Kristoffer Dalby c38f00fab8 Unmarshal keys in the non-deprecated way 2021-11-26 23:50:42 +00:00
Kristoffer Dalby cfd53bc4aa Factor wgkey to types/key
This commit converts all the uses of wgkey to the new key interfaces.

It now has specific  machine, node and discovery keys and we now should
use them correctly.

Please note the new logic which strips a key prefix (in utils.go) that
is now standard inside tailscale.

In theory we could put it in the database, but to preserve backwards
compatibility and not spend a lot of resources on accounting for both,
we just strip them.
2021-11-26 23:30:42 +00:00
Kristoffer Dalby 07418140a2 Remove config loading of private key path 2021-11-26 23:29:41 +00:00
Ward Vandewege b6ae60cc44 The `create-node` subcommand under `debug` needs a 64 character key. 2021-11-26 14:49:51 -05:00
Ward Vandewege c7f3e0632b When creating a preauthkey, the default expiration was passed through as
a nil value, instead of the default value (1h). This resulted in the
preauthkey being created with expiration key '0001-01-01 00:00:00',
which meant the key would not work, because it was already expired.

This commit applies the default expiration time (1h) when a preauthkey
is created without a specific expiration. It also updates an integration
test to make sure this bug does not reoccur.
2021-11-26 10:04:26 -05:00
Kristoffer Dalby e8faff4fe2 Use uint64 straight instead of converting 2021-11-22 17:22:22 +00:00
Kristoffer Dalby fac33e46e1
Add long description for expire 2021-11-21 21:35:36 +00:00
Kristoffer Dalby b152e53b13
Use correct type for nodes command 2021-11-21 21:34:03 +00:00
Kristoffer Dalby a2b9f3bede Add expire (logout) machine command 2021-11-21 13:40:44 +00:00
Kristoffer Dalby f85a77edb5 Remove println statement 2021-11-21 09:48:59 +00:00
Kristoffer Dalby 1c7aff5dd9 Add expired column to machine list command 2021-11-21 09:44:38 +00:00
Kristoffer Dalby 6a9dd2029e Remove expiry logic, this needs to be redone 2021-11-19 09:02:49 +00:00
Kristoffer Dalby d6739386a0
Get rid of dynamic errors 2021-11-15 19:18:14 +00:00
Kristoffer Dalby db8be91d8b
Add and fix forbidigo 2021-11-15 18:36:02 +00:00
Kristoffer Dalby c4d4c9c4e4
Add and fix gosec 2021-11-15 18:31:52 +00:00
Kristoffer Dalby 715542ac1c
Add and fix stylecheck (golint replacement) 2021-11-15 17:24:24 +00:00
Kristoffer Dalby 0c45f8d252
Add and fix errorlint 2021-11-15 16:26:41 +00:00
Kristoffer Dalby 471c0b4993
Initial work eliminating one/two letter variables 2021-11-14 20:32:03 +01:00
Kristoffer Dalby 85f28a3f4a
Remove all instances of undefined numbers (gonmd) 2021-11-14 18:31:51 +01:00
Kristoffer Dalby 796072a5a4
Add and fix ifshort 2021-11-14 18:09:22 +01:00
Kristoffer Dalby c9c16c7fb8
Remove unused params or returns 2021-11-14 18:03:21 +01:00
Kristoffer Dalby 19cd7a4eac
Add and fix exhaustive 2021-11-14 17:52:55 +01:00
Kristoffer Dalby 89eb13c6cb
Add and fix nlreturn (new line return) 2021-11-14 16:46:09 +01:00
Kristoffer Dalby 052883aa55 Fix merge conflict 2021-11-14 08:30:48 +00:00
Ward Vandewege acf7e462ad Improvements for namespace deletion: add a confirmation prompt, and make
sure to also delete any associated preauthkeys.
2021-11-13 14:01:05 -05:00
Kristoffer Dalby 2634215f12 golangci-lint --fix 2021-11-13 08:39:04 +00:00
Kristoffer Dalby 03b7ec62ca Go format with shorter lines 2021-11-13 08:36:45 +00:00
Kristoffer Dalby 0803c407a9 Fix Reusable typo, add tests for Augustines scenario 2021-11-08 20:49:03 +00:00
Kristoffer Dalby dce6b8d72e Add test case and fix nil pointer in preauthkeys command without expiration 2021-11-08 08:02:01 +00:00