diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b2ea447..955c5795 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,8 @@ - Add the ability to rename a nodes name [#560](https://github.com/juanfont/headscale/pull/560) - Node DNS names are now unique, a random suffix will be added when a node joins - This change contains database changes, remember to **backup** your database before upgrading +- Add option to enable/disable logtail (Tailscale's logging infrastructure) [#596](https://github.com/juanfont/headscale/pull/596) + - This change disables the logs by default ## 0.15.0 (2022-03-20) diff --git a/api.go b/api.go index a47857d1..3add6867 100644 --- a/api.go +++ b/api.go @@ -278,6 +278,9 @@ func (h *Headscale) getMapResponse( PacketFilter: h.aclRules, DERPMap: h.DERPMap, UserProfiles: profiles, + Debug: &tailcfg.Debug{ + DisableLogTail: !h.cfg.LogTail.Enabled, + }, } log.Trace(). diff --git a/app.go b/app.go index c0f18ded..a78a6b0e 100644 --- a/app.go +++ b/app.go @@ -113,6 +113,8 @@ type Config struct { OIDC OIDCConfig + LogTail LogTailConfig + CLI CLIConfig } @@ -139,6 +141,10 @@ type DERPConfig struct { UpdateFrequency time.Duration } +type LogTailConfig struct { + Enabled bool +} + type CLIConfig struct { Address string APIKey string diff --git a/cmd/headscale/cli/utils.go b/cmd/headscale/cli/utils.go index 8a2157a7..b1a5d4f8 100644 --- a/cmd/headscale/cli/utils.go +++ b/cmd/headscale/cli/utils.go @@ -72,6 +72,8 @@ func LoadConfig(path string) error { viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"}) viper.SetDefault("oidc.strip_email_domain", true) + viper.SetDefault("logtail.enabled", false) + if err := viper.ReadInConfig(); err != nil { return fmt.Errorf("fatal error reading config file: %w", err) } @@ -167,6 +169,14 @@ func GetDERPConfig() headscale.DERPConfig { } } +func GetLogConfig() headscale.LogTailConfig { + enabled := viper.GetBool("logtail.enabled") + + return headscale.LogTailConfig{ + Enabled: enabled, + } +} + func GetDNSConfig() (*tailcfg.DNSConfig, string) { if viper.IsSet("dns_config") { dnsConfig := &tailcfg.DNSConfig{} @@ -270,6 +280,7 @@ func absPath(path string) string { func getHeadscaleConfig() headscale.Config { dnsConfig, baseDomain := GetDNSConfig() derpConfig := GetDERPConfig() + logConfig := GetLogConfig() configuredPrefixes := viper.GetStringSlice("ip_prefixes") parsedPrefixes := make([]netaddr.IPPrefix, 0, len(configuredPrefixes)+1) @@ -378,6 +389,8 @@ func getHeadscaleConfig() headscale.Config { StripEmaildomain: viper.GetBool("oidc.strip_email_domain"), }, + LogTail: logConfig, + CLI: headscale.CLIConfig{ Address: viper.GetString("cli.address"), APIKey: viper.GetString("cli.api_key"), diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go index c971220b..faf55f4c 100644 --- a/cmd/headscale/headscale_test.go +++ b/cmd/headscale/headscale_test.go @@ -67,6 +67,7 @@ func (*Suite) TestConfigLoading(c *check.C) { check.Equals, fs.FileMode(0o770), ) + c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false) } func (*Suite) TestDNSConfigLoading(c *check.C) { diff --git a/config-example.yaml b/config-example.yaml index ebaa7101..380db11a 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -235,3 +235,12 @@ unix_socket_permission: "0770" # namespace: `first-name.last-name.example.com` # # strip_email_domain: true + +# Logtail configuration +# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel +# to instruct tailscale nodes to log their activity to a remote server. +logtail: + # Enable logtail for this headscales clients. + # As there is currently no support for overriding the log server in headscale, this is + # disabled by default. Enabling this will make your clients send logs to Tailscale Inc. + enabled: false