223 Commits

Author SHA1 Message Date
Kristoffer Dalby
da48cf64b3 Set OpenID Connect Expiry
This commit adds a default OpenID Connect expiry to 180d to align with
Tailscale SaaS (previously infinite or based on token expiry).

In addition, it adds an option use the expiry time from the Token sent
by the OpenID provider. This will typically cause really short expiry
and you should only turn on this option if you know what you are
desiring.

This fixes #1176.

Co-authored-by: Even Holthe <even.holthe@bekk.no>
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-31 18:55:16 +01:00
Dominic Bevacqua
385fd93e73 Update changelog 2023-01-31 00:15:48 +01:00
Juan Font
640bb94119 Do not show IsPrimary field as false in exit nodes 2023-01-29 14:54:09 +01:00
Juan Font
b322cdf251 Updated changelog for v0.20.0 2023-01-29 11:46:37 +01:00
Kristoffer Dalby
8dadb045cf Mark -n and --namespace as deprecated
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-26 10:22:38 +01:00
Kristoffer Dalby
86a7129027 Update changelog, more explicit backup note
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-19 12:54:34 +01:00
Kristoffer Dalby
81441afe70 update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2023-01-18 15:40:04 +01:00
Motiejus Jakštys
bafb6791d3 oidc: allow reading the client secret from a file
Currently the most "secret" way to specify the oidc client secret is via
an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1].
Lets allow reading oidc client secret from a file. For extra convenience
the path to the secret will resolve the environment variables.

[1]: https://systemd.io/CREDENTIALS/
2023-01-14 17:03:57 +01:00
Juan Font
6c714e88ee Added entry for performance improvements in ACLs 2023-01-11 08:58:03 +01:00
Juan Font
2084464225 Update CHANGELOG.md
Co-authored-by: Kristoffer Dalby <kristoffer@dalby.cc>
2023-01-05 14:59:02 +01:00
Juan Font
afae1ff7b6 Delete ephemeral machines on logout
Update changelog

Use dedicated method to delete
2023-01-05 14:59:02 +01:00
Even Holthe
6db9656008 oidc: update changelog 2023-01-04 09:23:52 +01:00
Christian Heusel
1f4efbcd3b add changelog entry 2023-01-01 22:45:16 +01:00
Juan Font
593040b73d Run the Noise handlers under a new struct so we can access the noiseConn from the handlers
In TS2021 the MachineKey can be obtained from noiseConn.Peer() - contrary to what I thought before,
where I assumed MachineKey was dropped in TS2021.

By having a ts2021App and hanging from there the TS2021 handlers, we can fetch again the MachineKey.
2022-12-21 20:52:08 +01:00
Juan Font
ca37dc6268 Update changelog 2022-12-15 00:13:53 -08:00
Kristoffer Dalby
134c72f4fb Set db_ssl to false by default, fixes #1043
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-07 14:58:47 +01:00
Zachary Newell
70f2f5d750 Added an OIDC AllowGroups option for authorization. 2022-12-07 08:53:16 +01:00
Juan Font
34107f9a0f Updated changelog 2022-12-06 08:17:14 +01:00
Kristoffer Dalby
68c72d03b5 Prep changelog for new release
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby
bd4b2da06e Add changelog entry to correct version
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Kristoffer Dalby
a58a552f0e Update macos/windows doc
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-05 20:41:15 +01:00
Juan Font
89c12072ba added changelog for 0.17.1 2022-12-03 16:34:23 +01:00
Kristoffer Dalby
63cd3122e6 Add breaking change about noise private path
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-12-01 14:47:19 +01:00
Kristoffer Dalby
eb072a1a74 mark some changes as more important
Signed-off-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-11-26 12:01:12 +01:00
Kristoffer Dalby
36b8862e7c Add notes about current ssh status
Signed-off-by: Kristoffer Dalby <kradalby@kradalby.no>
2022-11-26 11:53:31 +01:00
Even Holthe
c28ca27133 Add SSH ACL to changelog 2022-11-26 11:53:31 +01:00
Orville Q. Song
25195b8d73 Update CHANGELOG.md 2022-11-24 16:13:47 +01:00
Arnar Gauti Ingason
6d3ede1367 Add support for NextDNS resolver 2022-11-18 09:38:46 +01:00
Juan Font Alonso
2d79179141 Updated changelog 2022-11-15 21:28:26 +01:00
Juan Font
6391555dab Updated changelog 2022-11-15 08:42:29 +01:00
Kristoffer Dalby
527b580f5e
Add build flag to enable TS2019 (#928) 2022-11-04 11:26:33 +01:00
Benjamin Roberts
8a07381e3a
Fix prefix length comparison bug in AutoApprovers route evaluation (#862) 2022-11-01 12:00:40 +01:00
Kristoffer Dalby
ca8bca98ed
Add support for "override local DNS" (#905)
* Add support for "override local DNS"

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* Update cli dump test

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-10-31 16:26:18 +01:00
Jiang Zhu
4e8b95e6cd
Fix issue 660 (#874)
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2022-10-31 15:59:50 +01:00
Kristoffer Dalby
94ad0a1555
Remove ip_prefix, its been deprecated for a long time (#899)
* Remove ip_prefix, its been deprecated for a long time

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

* update changelog

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
Co-authored-by: Juan Font <juanfontalonso@gmail.com>
2022-10-30 22:31:18 +01:00
Kristoffer Dalby
03194e2d66
Merge branch 'main' into feature-random-suffix-on-collision 2022-10-11 08:24:21 +02:00
Juan Font
5333df283a
Merge branch 'main' into sanitise-machine-key-url 2022-10-04 14:31:28 +02:00
=
2aebd2927d
Random suffix only on collision.
0.16.0 introduced random suffixes to all machine given names
(DNS hostnames) regardless of collisions within a namespace.
This commit brings Headscale more inline with Tailscale by only
adding a suffix if the hostname will collide within the namespace.

The suffix generation differs from Tailscale.
See https://tailscale.com/kb/1098/machine-names/
2022-10-03 09:13:56 +02:00
Kristoffer Dalby
6b4d53315b
Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-26 10:01:01 +02:00
Kristoffer Dalby
d06ba7b522
Merge branch 'main' into sanitise-machine-key-url 2022-09-23 11:09:23 +02:00
Benjamin George Roberts
6d2cfd52c5 Merge branch 'main' into autoapprovers 2022-09-23 18:44:36 +10:00
Kristoffer Dalby
75a8fc8b3e
Update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
2022-09-23 10:44:29 +02:00
Benjamin George Roberts
d764f52f24 Update changelog 2022-09-23 18:16:16 +10:00
Benjamin George Roberts
e5decbd0fa Update changelog 2022-09-23 18:13:48 +10:00
Juan Font
397754753f
Merge branch 'main' into feature/json-logs 2022-09-20 23:11:29 +02:00
Kristoffer Dalby
f2da1a1665
Add comment and update changelog
Signed-off-by: Kristoffer Dalby <kristoffer@dalby.cc>
2022-09-18 12:14:49 +02:00
Igor Perepilitsyn
874d6aaf6b Make styling fixes 2022-09-11 21:44:28 +02:00
Igor Perepilitsyn
ae4f2cc4b5 Update changelog 2022-09-11 21:37:38 +02:00
Juan Font Alonso
c28e559da4 Updated changelog 2022-09-04 16:23:46 +02:00
Juan Font Alonso
30c0fdb38d Update changelog 2022-09-03 23:19:07 +02:00
Juan Font Alonso
2c5bf6982c Updated changelog 2022-09-03 12:24:22 +02:00
Jiang Zhu
a81a4d274f
Update CHANGELOG.md 2022-08-22 20:20:20 +08:00
Jiang Zhu
35dd9209b9 update CHANGELOG.md 2022-08-21 23:51:04 +08:00
Juan Font Alonso
4aafe6c9d1 Added line in CHANGELOG 2022-08-21 12:32:01 +02:00
Juan Font Alonso
6fe895fd22 Updated changelog for 0.16.4 2022-08-21 10:51:58 +02:00
Laurent Marchaud
a31432ee7b
Fix changelog
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 14:14:30 +02:00
Laurent Marchaud
0c66590108
Update changelog
Signed-off-by: Laurent Marchaud <laurent@marchaud.com>
2022-08-19 14:11:19 +02:00
Azz
b6d324be69
Merge branch 'main' of https://github.com/juanfont/headscale
# Conflicts:
#	CHANGELOG.md
2022-08-17 19:31:26 +01:00
Juan Font
287309b65c Update changelog 2022-08-17 15:08:29 +00:00
azz
701ad3e017
chore: update CHANGELOG.md 2022-08-16 09:09:28 +01:00
Juan Font
7197ade4b4
Merge branch 'main' into postgres-connection-string 2022-08-15 13:37:09 +02:00
Juan Font Alonso
8557bcedae Added changelog entries for 0.16.x 2022-08-14 23:22:41 +02:00
Victor Freire
ec5acf7be2 Add ability to connect to PostgreSQL via unix socket 2022-08-13 11:34:12 -03:00
Juan Font Alonso
a9b9a2942d Update changelog 2022-08-12 09:31:11 +02:00
Adrien Raffin-Caboisse
110b01befa Merge remote-tracking branch 'origin/main' into fix-bug-in-excludecorrectlytaggednodes 2022-08-11 12:49:26 +02:00
Juan Font Alonso
84f66090fd Updated CHangelog and flake 2022-08-10 11:04:42 +02:00
Adrien Raffin-Caboisse
bce59345e4
docs: add entry in changelog 2022-08-04 10:51:06 +02:00
Juan Font Alonso
6f4d5a532e fixed linting errors 2022-07-26 11:25:20 +02:00
Juan Font Alonso
693f59ba2f Prepare changelog structure for 0.17.0 2022-07-25 10:35:21 +02:00
Jiang Zhu
49354f678e update CHANGELOG 2022-07-23 04:47:37 +08:00
Juan Font Alonso
6c9f3420e2 Updated changelog 2022-07-21 23:59:44 +02:00
Jiang Zhu
b755d47652 update CHANGELOG 2022-07-19 20:45:23 +08:00
Juan Font Alonso
5b5298b025 Renamed config param for node update check internal 2022-07-12 12:52:03 +02:00
Juan Font Alonso
8e0939f403 Updated changelog 2022-07-12 12:33:42 +02:00
Juan Font
bb4a9583a7
Merge branch 'main' into abandon-gin 2022-06-26 11:08:48 +02:00
Kristoffer Dalby
4637400d29
Update CHANGELOG.md 2022-06-26 09:30:16 +02:00
Kristoffer Dalby
0fa943e4b7
Update CHANGELOG.md 2022-06-26 09:29:33 +02:00
Juan Font Alonso
51b8c659f1 Updated changelog 2022-06-20 21:13:12 +02:00
Anton Schubert
8111b0aa83 update changelog 2022-06-17 11:07:35 +02:00
Juan Font
bfa9ed814d
Merge branch 'main' into show-nodes-online 2022-06-16 18:53:25 +02:00
Juan Font Alonso
1e4678c02f Updated changelog 2022-06-16 18:48:32 +02:00
Kristoffer Dalby
c95bce4aea Update changelog 2022-06-12 13:18:49 +00:00
Kristoffer Dalby
ab35baaa29
Merge branch 'main' into feature/configure-randomize-port 2022-06-11 15:07:47 +01:00
Kristoffer Dalby
7cd0f5e8a4
Merge branch 'main' into acl-syntax-fixes 2022-06-11 14:14:21 +01:00
Kristoffer Dalby
9ff09b73ad
Update Changelog 2022-06-11 13:49:17 +01:00
Juan Font Alonso
818d26b5f9 Updated changelog 2022-06-08 18:12:56 +02:00
Jiang Zhu
0c5a402206 add changelog 2022-06-05 23:15:21 +08:00
Kristoffer Dalby
1486adb25a Update changelog 2022-06-03 17:35:47 +00:00
Kristoffer Dalby
6f32b80b2b Update changelog 2022-05-31 14:30:11 +02:00
Kristoffer Dalby
7f7cd737dc
Merge branch 'main' into rename-fixess 2022-05-31 09:45:49 +02:00
Kristoffer Dalby
3d93cf9e2d Update changelog 2022-05-31 09:42:50 +02:00
Kristoffer Dalby
9175aca094
Merge branch 'main' into rename-fixess 2022-05-30 15:29:50 +02:00
Kristoffer Dalby
86dfc91dd5 update readme 2022-05-30 14:57:49 +02:00
Kristoffer Dalby
266aac9e61 Update CHANGELOG 2022-05-30 13:35:40 +02:00
Kristoffer Dalby
a28eebfca3
Merge branch 'main' into feat-list-tags-of-machines 2022-05-15 12:11:28 +01:00
Samuel Lock
614c003704 updated changelog 2022-05-14 22:36:04 +10:00
Adrien Raffin-Caboisse
294ed7a751
docs: update changelog 2022-05-13 11:51:31 +02:00
Antoine POPINEAU
7cc58af932
Allow more configuration over the OIDC flow.
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
2022-05-02 17:11:07 +02:00
Igor Perepilitsyn
62c780a448 update changelog 2022-05-01 17:56:02 +04:00
Juan Font
03659c4175 Updated changelog 2022-04-30 14:50:55 +00:00