headscale

mirror of https://github.com/juanfont/headscale.git synced 2025-10-20 23:10:42 +00:00

Author	SHA1	Message	Date
Kristoffer Dalby	e7d2d79134	update capmap and deps for release (#2522 ) * generate new capver map Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * replace old sort func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * nix: flake update Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * capgen: update Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * capgen: update Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * go.mod: update tailscale Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * go.mod: update other deps Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-05-02 22:12:29 +02:00
Kristoffer Dalby	d810597414	policy/matcher: fix bug using contains instead of overlap (#2556 ) * policy/matcher: slices.ContainsFunc Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/matcher: slices.ContainsFunc, correct contains vs overlap Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy: add tests to validate fix for 2181 Fixes #2181 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-05-02 22:08:56 +02:00
Kristoffer Dalby	93afb03f67	cmd: add policy check command (#2553 )	2025-05-02 13:58:30 +03:00
Kristoffer Dalby	e4d10ad964	policy/v2: validate autogroup:interet only in dst (#2552 )	2025-05-02 13:58:12 +03:00
Janne Johansson	7dc86366b4	Update source.md If we assume someone doesn't already have the required go package, they might also not have the required git package installed either, so pkg_add both of them.	2025-05-02 10:43:56 +02:00
Kristoffer Dalby	c923f461ab	error on undefined host in policy (#2490 ) * add testcases Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: add validate to do post marshal validation Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-05-01 14:30:52 +02:00
Kristoffer Dalby	a4a203b9a3	cli/nodes: filter nodes without any routes (#2551 )	2025-05-01 13:27:54 +03:00
aergus-tng	4651d06fa8	Make matchers part of the Policy interface (#2514 ) * Make matchers part of the Policy interface * Prevent race condition between rules and matchers * Test also matchers in tests for Policy.Filter * Compute `filterChanged` in v2 policy correctly * Fix nil vs. empty list issue in v2 policy test * policy/v2: always clear ssh map Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> Co-authored-by: Aras Ergus <aras.ergus@tngtech.com> Co-authored-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-05-01 07:06:30 +02:00
Kristoffer Dalby	eb1ecefd9e	auth: ensure that routes are autoapproved when the node is stored (#2550 ) * integration: ensure route is set before node joins, reproduce Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * auth: ensure that routes are autoapproved when the node is stored Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-05-01 07:05:42 +02:00
Kristoffer Dalby	6b6509eeeb	notify nodes after owner change (#2543 ) * proto: user id as identifier for move node Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * gen: regenr Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * grpc: move, use userid, one tx, send update Updates #2467 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: update move cli tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-30 18:33:38 +02:00
Kristoffer Dalby	cfe9bbf829	oidc: try to get username from userinfo (#2545 ) * oidc: try to get username from userinfo Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * changelog Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-30 11:54:13 +02:00
Kristoffer Dalby	8f9fbf16f1	types/authkey: include user object in response (#2542 ) * types/authkey: include user object, not string Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * make preauthkeys use id Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * changelog Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: wire up user id for auth keys Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-30 11:45:08 +02:00
Kristoffer Dalby	f1206328dc	fix webauth + autoapprove routes (#2528 ) * types/node: add helper funcs for node tags Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * types/node: add DebugString method for node Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: add String func to AutoApprover interface Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: simplify, use slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: debug, use nodes.DebugString Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: fix potential nil pointer in NodeCanApproveRoute Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v1: slices.Contains Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: fix diff in login commands Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: fix webauth running with wrong scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: move common oidc opts to func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: require node count, more verbose Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * auth: remove uneffective route approve Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: fmt Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: add id func Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: remove call that might be nil Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: test autoapprovers against web/authkey x group/tag/user Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: unique network id per scenario Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * Revert "integration: move common oidc opts to func" This reverts commit `7e9d165d4a`. * remove cmd Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: clean docker images between runs in ci Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: run autoapprove test against differnt policy modes Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration/tsic: append, not overrwrite extra login args Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * .github/workflows: remove polv2 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-30 07:54:04 +02:00
Kristoffer Dalby	57861507ab	integration: remove failing resolvconf tests (#2549 ) Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-30 07:52:23 +02:00
Kristoffer Dalby	2b38f7bef7	policy/v2: make default (#2546 ) * policy/v2: make default Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * integration: do not run v1 tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy/v2: fix potential nil pointers Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * mapper: fix test failures in v2 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-29 16:27:41 +02:00
github-actions[bot]	9a4d0e1a99	flake.lock: Update (#2518 ) Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/18dd725c29603f582cf1900e0d25f9f1063dbf11?narHash=sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38%3D' (2025-04-13) → 'github:NixOS/nixpkgs/ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c?narHash=sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs%3D' (2025-04-17) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-04-24 11:02:09 +00:00
Kristoffer Dalby	30539b2e26	config: disallow same server url and base_domain (#2544 ) * config: disallow same server url and base_domain Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * changelog Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-23 16:24:38 +02:00
Kristoffer Dalby	098ab0357c	add casbin user test (#2474 ) * add casbin user test Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * Delete double slash * types/users: use join url on iss that are ursl Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> Co-authored-by: Juan Font <juanfontalonso@gmail.com>	2025-04-23 13:21:51 +02:00
Relihan Myburgh	56d085bd08	Fix panic on fast reconnection of node (#2536 ) * Fix panic on fast reconnection of node * Use parameter captured in closure as per review request	2025-04-23 11:52:24 +02:00
Relihan Myburgh	92e587a82c	Fix goroutine leak in EphemeralGC on node cancel (#2538 ) * Fix goroutine leak in EphemeralGC on node cancel * Deal with timer firing whilst the GC is shutting down. Fix typos.	2025-04-23 11:44:24 +02:00
Pamplemousse	f3a1e693f2	Mention "Network flow logs" as a missing feature	2025-04-22 11:28:41 +02:00
Kristoffer Dalby	f783555469	integration: clean up unreferenced hs- networks (#2534 )	2025-04-18 12:06:28 +02:00
Kristoffer Dalby	710d75367e	policy/v2: fix host validation, consistent pattern (#2533 )	2025-04-18 11:35:04 +02:00
Kristoffer Dalby	c30e3a4762	flake: add golang-lint lsp (#2507 ) Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-18 11:15:02 +02:00
alteriks	3287aa8bba	Update oidc.md Authelia docs	2025-04-18 10:16:08 +02:00
Kristoffer Dalby	8e7e52cf3a	some clarifications for tags (#2531 ) Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-04-18 09:33:02 +02:00
nblock	1e0516b99d	Restore support for "Override local DNS" (#2438 ) Tailscale allows to override the local DNS settings of a node via "Override local DNS" [1]. Restore this flag with the same config setting name `dns.override_local_dns` but disable it by default to align it with Tailscale's default behaviour. Tested with Tailscale 1.80.2 and systemd-resolved on Debian 12. With `dns.override_local_dns: false`: ``` Link 12 (tailscale0) Current Scopes: DNS Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 100.100.100.100 DNS Domain: tn.example.com ~0.e.1.a.c.5.1.1.a.7.d.f.ip6.arpa [snip] ``` With `dns.override_local_dns: true`: ``` Link 12 (tailscale0) Current Scopes: DNS Protocols: +DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 100.100.100.100 DNS Domain: tn.example.com ~. ``` [1] https://tailscale.com/kb/1054/dns#override-local-dns Fixes: #2256	2025-04-17 17:16:59 +02:00
Kristoffer Dalby	0fbe392499	more wait, more retry (#2532 )	2025-04-16 12:42:26 +02:00
Nick	109989005d	ensure final dot on node name (#2503 ) * ensure final dot on node name This ensures that nodes which have a base domain set, will have a dot appended to their FQDN. Resolves: https://github.com/juanfont/headscale/issues/2501 * improve OIDC TTL expire test Waiting a bit more than the TTL of the OIDC token seems to remove some flakiness of this test. This furthermore makes use of a go func safe buffer which should avoid race conditions.	2025-04-11 12:39:08 +02:00
Enkelmann	0d3134720b	Only read relevant nodes from database in PeerChangedResponse (#2509 ) * Only read relevant nodes from database in PeerChangedResponse * Rework to ensure transactional consistency in PeerChangedResponse again * An empty nodeIDs list should return an empty nodes list * Add test to ListNodesSubset * Link PR in CHANGELOG.md * combine ListNodes and ListNodesSubset into one function * query for all nodes in ListNodes if no parameter is given * also add optional filtering for relevant nodes to ListPeers	2025-04-08 14:56:44 +02:00
Christoph	d2a6356d89	Add unraid-headscale-admin web UI to docs (#2515 ) * Add unraid-headscale-admin link	2025-04-02 20:54:32 +02:00
Kristoffer Dalby	5a18e91317	fix auto approver on register and new policy (#2506 ) * fix issue auto approve route on register bug This commit fixes an issue where routes where not approved on a node during registration. This cause the auto approval to require the node to readvertise the routes. Fixes #2497 Fixes #2485 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * hsic: only set db policy if exist Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * policy: calculate changed based on policy and filter v1 is a bit simpler than v2, it does not pre calculate the auto approver map and we cannot tell if it is changed. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-03-31 15:55:07 +02:00
Kristoffer Dalby	e3521be705	allow users to be defined with @ in v1 (#2495 ) * allow users to be defined with @ in v1 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove integration test rewrite hack Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * remove test rewrite hack Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * add @ to integration tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * a bit to agressive removeals Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * fix last test Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-03-30 11:19:05 +00:00
github-actions[bot]	f52f15ff08	flake.lock: Update (#2510 )	2025-03-30 06:18:37 +00:00
Kristoffer Dalby	cbc99010f0	populate serving from primary routes (#2489 ) * populate serving from primary routes Depends on #2464 Fixes #2480 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * also exit Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * fix route update outside of connection there was a bug where routes would not be updated if they changed while a node was connected and it was not part of an autoapprove. Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update expected test output, cli only shows service node Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-03-28 13:22:15 +01:00
Benjamin Staffin	b5953d689c	OIDC: Fetch UserInfo to get EmailVerified if necessary (#2493 )	2025-03-27 10:39:29 +01:00
github-actions[bot]	badbb68217	flake.lock: Update (#2468 )	2025-03-23 08:34:03 +00:00
Kristoffer Dalby	603f3ad490	Multi network integration tests (#2464 )	2025-03-21 11:49:32 +01:00
Florian Preinstorfer	707438f25e	Mention that private keys generated if needed	2025-03-19 06:12:14 +01:00
Florian Preinstorfer	24ad235917	Explicitly handle /headscale/{config,lib,run} in container docs Fixes: #2304	2025-03-19 06:12:14 +01:00
Oleksii Samoliuk	00d5d647ed	add third-party tool headscale-pf	2025-03-17 13:20:24 +01:00
Florian Preinstorfer	cbce8f6011	Remove coderabbit It is no longer available for free and didn't do anything in the past months.	2025-03-16 14:02:33 +01:00
Florian Preinstorfer	05202099f7	Set content-type to JSON for some debug endpoints Some endpoints in /debug send JSON data as string. Set the Content-Type header to "application/json" which renders nicely in Firefox. Mention the /debug route in the example configuration.	2025-03-16 14:02:12 +01:00
Kristoffer Dalby	800456018a	update bug template with debug (#2481 ) Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-03-16 13:43:13 +01:00
Florian Preinstorfer	586a20fbff	Add a FAQ entry about two nodes seeing each other See: #2431 See: #2174	2025-03-14 18:48:44 +01:00
Kristoffer Dalby	818046f240	add faq section on scaling/performance (#2476 ) * add faq section on scaling/performance Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * Apply suggestions from code review Co-authored-by: nblock <nblock@users.noreply.github.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> Co-authored-by: nblock <nblock@users.noreply.github.com>	2025-03-14 17:09:30 +00:00
nblock	fe06a00d45	Container images are also available on GHCR (#2470 ) Fixes: #2456	2025-03-11 06:54:05 +01:00
Kristoffer Dalby	0b5c29e875	remove policy handling for old capver (#2429 ) * remove policy handling for old capver Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> * update tests Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com> --------- Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	2025-03-10 18:19:25 +00:00
Florian Preinstorfer	0a243b4162	Remove leftover printf	2025-03-10 16:52:29 +01:00
Florian Preinstorfer	29ba29478b	Add usage example to routes flag	2025-03-10 16:52:29 +01:00

1 2 3 4 5 ...

3415 Commits