Add note on Apache as unsupported

2025-08-17 00:18:40 +00:00 · 2023-01-22 22:59:09 +00:00
157 changed files with 2123 additions and 6632 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -8,14 +8,9 @@ on:
    branches:
      - main
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  build:
    runs-on: ubuntu-latest
    permissions: write-all
    steps:
      - uses: actions/checkout@v3
@@ -37,34 +32,10 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run build
        id: build
        if: steps.changed-files.outputs.any_changed == 'true'
-        run: |
+        run: nix build
          nix build |& tee build-result
          BUILD_STATUS="${PIPESTATUS[0]}"
-          OLD_HASH=$(cat build-result | grep specified: | awk -F ':' '{print $2}' | sed 's/ //g')
+      - uses: actions/upload-artifact@v2
          NEW_HASH=$(cat build-result | grep got: | awk -F ':' '{print $2}' | sed 's/ //g')
          echo "OLD_HASH=$OLD_HASH" >> $GITHUB_OUTPUT
          echo "NEW_HASH=$NEW_HASH" >> $GITHUB_OUTPUT
          exit $BUILD_STATUS
      - name: Nix gosum diverging
        uses: actions/github-script@v6
        if: failure() && steps.build.outcome == 'failure'
        with:
          github-token: ${{secrets.GITHUB_TOKEN}}
          script: |
            github.rest.pulls.createReviewComment({
              pull_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: 'Nix build failed with wrong gosum, please update "vendorSha256" (${{ steps.build.outputs.OLD_HASH }}) for the "headscale" package in flake.nix with the new SHA: ${{ steps.build.outputs.NEW_HASH }}'
            })
      - uses: actions/upload-artifact@v3
        if: steps.changed-files.outputs.any_changed == 'true'
        with:
          name: headscale-linux
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -1,45 +0,0 @@
 name: Build documentation
 on:
  push:
    branches:
      - main
  workflow_dispatch:
 permissions:
  contents: read
  pages: write
  id-token: write
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v3
      - name: Install python
        uses: actions/setup-python@v4
        with:
          python-version: 3.x
      - name: Setup cache
        uses: actions/cache@v2
        with:
          key: ${{ github.ref }}
          path: .cache
      - name: Setup dependencies
        run: pip install mkdocs-material pillow cairosvg mkdocs-minify-plugin
      - name: Build docs
        run: mkdocs build --strict
      - name: Upload artifact
        uses: actions/upload-pages-artifact@v1
        with:
          path: ./site
  deploy:
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Deploy to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v1
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -3,10 +3,6 @@ name: Lint
 on: [push, pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  golangci-lint:
    runs-on: ubuntu-latest
@@ -30,7 +26,7 @@ jobs:
        if: steps.changed-files.outputs.any_changed == 'true'
        uses: golangci/golangci-lint-action@v2
        with:
-          version: v1.51.2
+          version: v1.49.0
          # Only block PRs on new problems.
          # If this is not enabled, we will end up having PRs
@@ -63,7 +59,7 @@ jobs:
      - name: Prettify code
        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: creyD/prettier_action@v4.3
+        uses: creyD/prettier_action@v4.0
        with:
          prettier_options: >-
            --check **/*.{ts,js,md,yaml,yml,sass,css,scss,html}
--- a/.github/workflows/release-docker.yml
+++ b/.github/workflows/release-docker.yml
@@ -1,138 +0,0 @@
 ---
 name: Release Docker
 on:
  push:
    tags:
      - "*" # triggers only if push new tag version
  workflow_dispatch:
 jobs:
  docker-release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: Set up QEMU for multiple platforms
        uses: docker/setup-qemu-action@master
        with:
          platforms: arm64,amd64
      - name: Cache Docker layers
        uses: actions/cache@v2
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v3
        with:
          # list of Docker images to use as base name for tags
          images: |
            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
            ghcr.io/${{ github.repository_owner }}/headscale
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
            type=raw,value=develop
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/amd64,linux/arm64
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new
          build-args: |
            VERSION=${{ steps.meta.outputs.version }}
      - name: Prepare cache for next build
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
  docker-debug-release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: Set up QEMU for multiple platforms
        uses: docker/setup-qemu-action@master
        with:
          platforms: arm64,amd64
      - name: Cache Docker layers
        uses: actions/cache@v2
        with:
          path: /tmp/.buildx-cache-debug
          key: ${{ runner.os }}-buildx-debug-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-debug-
      - name: Docker meta
        id: meta-debug
        uses: docker/metadata-action@v3
        with:
          # list of Docker images to use as base name for tags
          images: |
            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
            ghcr.io/${{ github.repository_owner }}/headscale
          flavor: |
            suffix=-debug,onlatest=true
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
            type=raw,value=develop
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          file: Dockerfile.debug
          tags: ${{ steps.meta-debug.outputs.tags }}
          labels: ${{ steps.meta-debug.outputs.labels }}
          platforms: linux/amd64,linux/arm64
          cache-from: type=local,src=/tmp/.buildx-cache-debug
          cache-to: type=local,dest=/tmp/.buildx-cache-debug-new
          build-args: |
            VERSION=${{ steps.meta-debug.outputs.version }}
      - name: Prepare cache for next build
        run: |
          rm -rf /tmp/.buildx-cache-debug
          mv /tmp/.buildx-cache-debug-new /tmp/.buildx-cache-debug
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,6 +19,135 @@ jobs:
      - uses: cachix/install-nix-action@v16
      - name: Run goreleaser
-        run: nix develop --command -- goreleaser release --clean
+        run: nix develop --command -- goreleaser release --rm-dist
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  docker-release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: Set up QEMU for multiple platforms
        uses: docker/setup-qemu-action@master
        with:
          platforms: arm64,amd64
      - name: Cache Docker layers
        uses: actions/cache@v2
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-buildx-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v3
        with:
          # list of Docker images to use as base name for tags
          images: |
            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
            ghcr.io/${{ github.repository_owner }}/headscale
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
            type=raw,value=develop
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          platforms: linux/amd64,linux/arm64
          cache-from: type=local,src=/tmp/.buildx-cache
          cache-to: type=local,dest=/tmp/.buildx-cache-new
          build-args: |
            VERSION=${{ steps.meta.outputs.version }}
      - name: Prepare cache for next build
        run: |
          rm -rf /tmp/.buildx-cache
          mv /tmp/.buildx-cache-new /tmp/.buildx-cache
  docker-debug-release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      - name: Set up QEMU for multiple platforms
        uses: docker/setup-qemu-action@master
        with:
          platforms: arm64,amd64
      - name: Cache Docker layers
        uses: actions/cache@v2
        with:
          path: /tmp/.buildx-cache-debug
          key: ${{ runner.os }}-buildx-debug-${{ github.sha }}
          restore-keys: |
            ${{ runner.os }}-buildx-debug-
      - name: Docker meta
        id: meta-debug
        uses: docker/metadata-action@v3
        with:
          # list of Docker images to use as base name for tags
          images: |
            ${{ secrets.DOCKERHUB_USERNAME }}/headscale
            ghcr.io/${{ github.repository_owner }}/headscale
          flavor: |
            suffix=-debug,onlatest=true
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
            type=raw,value=develop
      - name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GHCR
        uses: docker/login-action@v1
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push
        id: docker_build
        uses: docker/build-push-action@v2
        with:
          push: true
          context: .
          file: Dockerfile.debug
          tags: ${{ steps.meta-debug.outputs.tags }}
          labels: ${{ steps.meta-debug.outputs.labels }}
          platforms: linux/amd64,linux/arm64
          cache-from: type=local,src=/tmp/.buildx-cache-debug
          cache-to: type=local,dest=/tmp/.buildx-cache-debug-new
          build-args: |
            VERSION=${{ steps.meta-debug.outputs.version }}
      - name: Prepare cache for next build
        run: |
          rm -rf /tmp/.buildx-cache-debug
          mv /tmp/.buildx-cache-debug-new /tmp/.buildx-cache-debug
--- a/.github/workflows/test-integration-v2-TestACLAllowUser80Dst.yaml
+++ b/.github/workflows/test-integration-v2-TestACLAllowUser80Dst.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestACLAllowUser80Dst
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestACLAllowUser80Dst$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestACLAllowUserDst.yaml
+++ b/.github/workflows/test-integration-v2-TestACLAllowUserDst.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestACLAllowUserDst
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestACLAllowUserDst$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestACLDenyAllPort80.yaml
+++ b/.github/workflows/test-integration-v2-TestACLDenyAllPort80.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestACLDenyAllPort80
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestACLDenyAllPort80$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestACLDevice1CanAccessDevice2.yaml
+++ b/.github/workflows/test-integration-v2-TestACLDevice1CanAccessDevice2.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestACLDevice1CanAccessDevice2
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestACLDevice1CanAccessDevice2$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestACLHostsInNetMapTable.yaml
+++ b/.github/workflows/test-integration-v2-TestACLHostsInNetMapTable.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestACLHostsInNetMapTable
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestACLHostsInNetMapTable$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestACLNamedHostsCanReach.yaml
+++ b/.github/workflows/test-integration-v2-TestACLNamedHostsCanReach.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestACLNamedHostsCanReach
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestACLNamedHostsCanReach$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestACLNamedHostsCanReachBySubnet.yaml
+++ b/.github/workflows/test-integration-v2-TestACLNamedHostsCanReachBySubnet.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestACLNamedHostsCanReachBySubnet
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestACLNamedHostsCanReachBySubnet$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestAuthKeyLogoutAndRelogin.yaml
+++ b/.github/workflows/test-integration-v2-TestAuthKeyLogoutAndRelogin.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestAuthKeyLogoutAndRelogin
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestAuthKeyLogoutAndRelogin$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestAuthWebFlowAuthenticationPingAll.yaml
+++ b/.github/workflows/test-integration-v2-TestAuthWebFlowAuthenticationPingAll.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestAuthWebFlowAuthenticationPingAll
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestAuthWebFlowAuthenticationPingAll$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestAuthWebFlowLogoutAndRelogin.yaml
+++ b/.github/workflows/test-integration-v2-TestAuthWebFlowLogoutAndRelogin.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestAuthWebFlowLogoutAndRelogin
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestAuthWebFlowLogoutAndRelogin$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestCreateTailscale.yaml
+++ b/.github/workflows/test-integration-v2-TestCreateTailscale.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestCreateTailscale
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestCreateTailscale$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestDERPServerScenario.yaml
+++ b/.github/workflows/test-integration-v2-TestDERPServerScenario.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestDERPServerScenario
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestDERPServerScenario$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestEnablingRoutes.yaml
+++ b/.github/workflows/test-integration-v2-TestEnablingRoutes.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestEnablingRoutes
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestEnablingRoutes$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestHeadscale.yaml
+++ b/.github/workflows/test-integration-v2-TestHeadscale.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestHeadscale
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestHeadscale$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestNamespaceCommand.yaml
+++ b/.github/workflows/test-integration-v2-TestNamespaceCommand.yaml
@@ -1,14 +1,11 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
-name: Integration Test v2 - TestEphemeral
+name: Integration Test v2 - TestNamespaceCommand
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,17 +38,10 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
-                  -run "^TestEphemeral$"
+                  -run "^TestNamespaceCommand$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestOIDCAuthenticationPingAll.yaml
+++ b/.github/workflows/test-integration-v2-TestOIDCAuthenticationPingAll.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestOIDCAuthenticationPingAll
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestOIDCAuthenticationPingAll$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestOIDCExpireNodes.yaml
+++ b/.github/workflows/test-integration-v2-TestOIDCExpireNodes.yaml
@@ -1,14 +1,11 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
-name: Integration Test v2 - TestExpireNode
+name: Integration Test v2 - TestOIDCExpireNodes
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,17 +38,10 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
-                  -run "^TestExpireNode$"
+                  -run "^TestOIDCExpireNodes$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestOIDCExpireNodesBasedOnTokenExpiry.yaml
+++ b/.github/workflows/test-integration-v2-TestOIDCExpireNodesBasedOnTokenExpiry.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestOIDCExpireNodesBasedOnTokenExpiry
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestOIDCExpireNodesBasedOnTokenExpiry$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestPingAllByHostname.yaml
+++ b/.github/workflows/test-integration-v2-TestPingAllByHostname.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestPingAllByHostname
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestPingAllByHostname$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestPingAllByIP.yaml
+++ b/.github/workflows/test-integration-v2-TestPingAllByIP.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestPingAllByIP
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestPingAllByIP$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestPreAuthKeyCommand.yaml
+++ b/.github/workflows/test-integration-v2-TestPreAuthKeyCommand.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestPreAuthKeyCommand
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestPreAuthKeyCommand$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestPreAuthKeyCommandReusableEphemeral.yaml
+++ b/.github/workflows/test-integration-v2-TestPreAuthKeyCommandReusableEphemeral.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestPreAuthKeyCommandReusableEphemeral
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestPreAuthKeyCommandReusableEphemeral$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestPreAuthKeyCommandWithoutExpiry.yaml
+++ b/.github/workflows/test-integration-v2-TestPreAuthKeyCommandWithoutExpiry.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestPreAuthKeyCommandWithoutExpiry
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestPreAuthKeyCommandWithoutExpiry$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestResolveMagicDNS.yaml
+++ b/.github/workflows/test-integration-v2-TestResolveMagicDNS.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestResolveMagicDNS
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestResolveMagicDNS$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestSSHIsBlockedInACL.yaml
+++ b/.github/workflows/test-integration-v2-TestSSHIsBlockedInACL.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestSSHIsBlockedInACL
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestSSHIsBlockedInACL$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestSSHMultipleNamespacesAllToAll.yaml
+++ b/.github/workflows/test-integration-v2-TestSSHMultipleNamespacesAllToAll.yaml
@@ -1,14 +1,11 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
-name: Integration Test v2 - TestUserCommand
+name: Integration Test v2 - TestSSHMultipleNamespacesAllToAll
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,17 +38,10 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
-                  -run "^TestUserCommand$"
+                  -run "^TestSSHMultipleNamespacesAllToAll$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestSSHMultipleUsersAllToAll.yaml
+++ b/.github/workflows/test-integration-v2-TestSSHMultipleUsersAllToAll.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestSSHMultipleUsersAllToAll
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestSSHMultipleUsersAllToAll$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestSSHNoSSHConfigured.yaml
+++ b/.github/workflows/test-integration-v2-TestSSHNoSSHConfigured.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestSSHNoSSHConfigured
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestSSHNoSSHConfigured$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestSSHOneNamespaceAllToAll.yaml
+++ b/.github/workflows/test-integration-v2-TestSSHOneNamespaceAllToAll.yaml
@@ -1,14 +1,11 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
-name: Integration Test v2 - TestACLAllowStarDst
+name: Integration Test v2 - TestSSHOneNamespaceAllToAll
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,17 +38,10 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
-                  -run "^TestACLAllowStarDst$"
+                  -run "^TestSSHOneNamespaceAllToAll$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestSSHOneUserAllToAll.yaml
+++ b/.github/workflows/test-integration-v2-TestSSHOneUserAllToAll.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestSSHOneUserAllToAll
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestSSHOneUserAllToAll$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestSSNamespaceOnlyIsolation.yaml
+++ b/.github/workflows/test-integration-v2-TestSSNamespaceOnlyIsolation.yaml
@@ -0,0 +1,47 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestSSNamespaceOnlyIsolation
 on: [pull_request]
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v16
        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestSSNamespaceOnlyIsolation$"
--- a/.github/workflows/test-integration-v2-TestSSUserOnlyIsolation.yaml
+++ b/.github/workflows/test-integration-v2-TestSSUserOnlyIsolation.yaml
@@ -1,57 +0,0 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - TestSSUserOnlyIsolation
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 2
      - name: Get changed files
        id: changed-files
        uses: tj-actions/changed-files@v34
        with:
          files: |
            *.nix
            go.*
            **/*.go
            integration_test/
            config-example.yaml
      - uses: cachix/install-nix-action@v18
        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
        run: |
            nix develop --command -- docker run \
              --tty --rm \
              --volume ~/.cache/hs-integration-go:/go \
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
                  -failfast \
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestSSUserOnlyIsolation$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestTaildrop.yaml
+++ b/.github/workflows/test-integration-v2-TestTaildrop.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestTaildrop
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestTaildrop$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test-integration-v2-TestTailscaleNodesJoiningHeadcale.yaml
+++ b/.github/workflows/test-integration-v2-TestTailscaleNodesJoiningHeadcale.yaml
@@ -1,3 +1,4 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
@@ -5,10 +6,6 @@ name: Integration Test v2 - TestTailscaleNodesJoiningHeadcale
 on: [pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -29,8 +26,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: ${{ env.ACT }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -41,7 +38,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -49,9 +45,3 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^TestTailscaleNodesJoiningHeadcale$"
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,10 +2,6 @@ name: Tests
 on: [push, pull_request]
 concurrency:
  group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,3 @@
 ignored/
 # Binaries for programs and plugins
 *.exe
 *.exe~
@@ -14,9 +12,8 @@ ignored/
 *.out
 # Dependency directories (remove the comment below to include it)
-vendor/
+# vendor/
 dist/
 /headscale
 config.json
 config.yaml
@@ -29,15 +26,10 @@ derp.yaml
 # Exclude Jetbrains Editors
 .idea
-test_output/
+test_output/ 
 control_logs/
 # Nix build output
 result
 .direnv/
 integration_test/etc/config.dump.yaml
 # MkDocs
 .cache
 /site
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -29,14 +29,6 @@ linters:
    - execinquery
    - exhaustruct
    - nolintlint
    - musttag # causes issues with imported libs
    # deprecated
    - structcheck # replaced by unused
    - ifshort # deprecated by the owner
    - varcheck # replaced by unused
    - nosnakecase # replaced by revive
    - deadcode # replaced by unused
    # We should strive to enable these:
    - wrapcheck
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,28 +1,21 @@
 ---
 before:
  hooks:
-    - go mod tidy -compat=1.20
+    - go mod tidy -compat=1.19
    - go mod vendor
 release:
  prerelease: auto
 builds:
-  - id: headscale
+  - id: darwin-amd64
    main: ./cmd/headscale/headscale.go
    mod_timestamp: "{{ .CommitTimestamp }}"
    env:
      - CGO_ENABLED=0
-    targets:
+    goos:
-      - darwin_amd64
+      - darwin
-      - darwin_arm64
+    goarch:
-      - freebsd_amd64
+      - amd64
      - linux_386
      - linux_amd64
      - linux_arm64
      - linux_arm_5
      - linux_arm_6
      - linux_arm_7
    flags:
      - -mod=readonly
    ldflags:
@@ -30,56 +23,60 @@ builds:
    tags:
      - ts2019
  - id: darwin-arm64
    main: ./cmd/headscale/headscale.go
    mod_timestamp: "{{ .CommitTimestamp }}"
    env:
      - CGO_ENABLED=0
    goos:
      - darwin
    goarch:
      - arm64
    flags:
      - -mod=readonly
    ldflags:
      - -s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=v{{.Version}}
    tags:
      - ts2019
  - id: linux-amd64
    mod_timestamp: "{{ .CommitTimestamp }}"
    env:
      - CGO_ENABLED=0
    goos:
      - linux
    goarch:
      - amd64
    main: ./cmd/headscale/headscale.go
    ldflags:
      - -s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=v{{.Version}}
    tags:
      - ts2019
  - id: linux-arm64
    mod_timestamp: "{{ .CommitTimestamp }}"
    env:
      - CGO_ENABLED=0
    goos:
      - linux
    goarch:
      - arm64
    main: ./cmd/headscale/headscale.go
    ldflags:
      - -s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=v{{.Version}}
    tags:
      - ts2019
 archives:
  - id: golang-cross
-    name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
+    builds:
      - darwin-amd64
      - darwin-arm64
      - linux-amd64
      - linux-arm64
    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
    format: binary
 source:
  enabled: true
  name_template: "{{ .ProjectName }}_{{ .Version }}"
  format: tar.gz
  files:
    - "vendor/"
 nfpms:
  # Configure nFPM for .deb and .rpm releases
  #
  # See https://nfpm.goreleaser.com/configuration/
  # and https://goreleaser.com/customization/nfpm/
  #
  # Useful tools for debugging .debs:
  # List file contents: dpkg -c dist/headscale...deb
  # Package metadata: dpkg --info dist/headscale....deb
  #
  - builds:
      - headscale
    package_name: headscale
    priority: optional
    vendor: headscale
    maintainer: Kristoffer Dalby <kristoffer@dalby.cc>
    homepage: https://github.com/juanfont/headscale
    license: BSD
    bindir: /usr/bin
    formats:
      - deb
      # - rpm
    contents:
      - src: ./config-example.yaml
        dst: /etc/headscale/config.yaml
        type: config|noreplace
        file_info:
          mode: 0644
      - src: ./docs/packaging/headscale.systemd.service
        dst: /etc/systemd/system/headscale.service
      - dst: /var/lib/headscale
        type: dir
      - dst: /var/run/headscale
        type: dir
    scripts:
      postinstall: ./docs/packaging/postinstall.sh
      postremove: ./docs/packaging/postremove.sh
 checksum:
  name_template: "checksums.txt"
 snapshot:
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,56 +1,13 @@
 # CHANGELOG
-## 0.23.0 (2023-XX-XX)
+## 0.19.0 (2022-11-26)
 ### Changes
 ## 0.22.1 (2023-04-20)
 ### Changes
 - Fix issue where SystemD could not bind to port 80 [#1365](https://github.com/juanfont/headscale/pull/1365)
 ## 0.22.0 (2023-04-20)
 ### Changes
 - Add `.deb` packages to release process [#1297](https://github.com/juanfont/headscale/pull/1297)
 - Update and simplify the documentation to use new `.deb` packages [#1349](https://github.com/juanfont/headscale/pull/1349)
 - Add 32-bit Arm platforms to release process [#1297](https://github.com/juanfont/headscale/pull/1297)
 - Fix longstanding bug that would prevent "\*" from working properly in ACLs (issue [#699](https://github.com/juanfont/headscale/issues/699)) [#1279](https://github.com/juanfont/headscale/pull/1279)
 - Fix issue where IPv6 could not be used in, or while using ACLs (part of [#809](https://github.com/juanfont/headscale/issues/809)) [#1339](https://github.com/juanfont/headscale/pull/1339)
 - Target Go 1.20 and Tailscale 1.38 for Headscale [#1323](https://github.com/juanfont/headscale/pull/1323)
 ## 0.21.0 (2023-03-20)
 ### Changes
 - Adding "configtest" CLI command. [#1230](https://github.com/juanfont/headscale/pull/1230)
 - Add documentation on connecting with iOS to `/apple` [#1261](https://github.com/juanfont/headscale/pull/1261)
 - Update iOS compatibility and added documentation for iOS [#1264](https://github.com/juanfont/headscale/pull/1264)
 - Allow to delete routes [#1244](https://github.com/juanfont/headscale/pull/1244)
 ## 0.20.0 (2023-02-03)
 ### Changes
 - Fix wrong behaviour in exit nodes [#1159](https://github.com/juanfont/headscale/pull/1159)
 - Align behaviour of `dns_config.restricted_nameservers` to tailscale [#1162](https://github.com/juanfont/headscale/pull/1162)
 - Make OpenID Connect authenticated client expiry time configurable [#1191](https://github.com/juanfont/headscale/pull/1191)
  - defaults to 180 days like Tailscale SaaS
  - adds option to use the expiry time from the OpenID token for the node (see config-example.yaml)
 - Set ControlTime in Map info sent to nodes [#1195](https://github.com/juanfont/headscale/pull/1195)
 - Populate Tags field on Node updates sent [#1195](https://github.com/juanfont/headscale/pull/1195)
 ## 0.19.0 (2023-01-29)
 ### BREAKING
 - Rename Namespace to User [#1144](https://github.com/juanfont/headscale/pull/1144)
  - **BACKUP your database before upgrading**
 - Command line flags previously taking `--namespace` or `-n` will now require `--user` or `-u`
-## 0.18.0 (2023-01-14)
+## 0.18.0 (2022-01-14)
 ### Changes
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 # Builder image
-FROM docker.io/golang:1.20-bullseye AS build
+FROM docker.io/golang:1.19-bullseye AS build
 ARG VERSION=dev
 ENV GOPATH /go
 WORKDIR /go/src/headscale
--- a/Dockerfile.debug
+++ b/Dockerfile.debug
@@ -1,5 +1,5 @@
 # Builder image
-FROM docker.io/golang:1.20-bullseye AS build
+FROM docker.io/golang:1.19-bullseye AS build
 ARG VERSION=dev
 ENV GOPATH /go
 WORKDIR /go/src/headscale
@@ -13,7 +13,7 @@ RUN CGO_ENABLED=0 GOOS=linux go install -tags ts2019 -ldflags="-s -w -X github.c
 RUN test -e /go/bin/headscale
 # Debug image
-FROM docker.io/golang:1.20.0-bullseye
+FROM docker.io/golang:1.19.0-bullseye
 COPY --from=build /go/bin/headscale /bin/headscale
 ENV TZ UTC
--- a/21
+++ b/21
@@ -36,7 +36,7 @@ test_integration_cli:
 		-v ~/.cache/hs-integration-go:/go \
 		-v $$PWD:$$PWD -w $$PWD \
 		-v /var/run/docker.sock:/var/run/docker.sock golang:1 \
-		go run gotest.tools/gotestsum@latest -- $(TAGS) -failfast -timeout 30m -count=1 -run IntegrationCLI ./...
+		go test $(TAGS) -failfast -timeout 30m -count=1 -run IntegrationCLI ./...
 test_integration_derp:
 	docker network rm $$(docker network ls --filter name=headscale --quiet) || true
@@ -46,7 +46,7 @@ test_integration_derp:
 		-v ~/.cache/hs-integration-go:/go \
 		-v $$PWD:$$PWD -w $$PWD \
 		-v /var/run/docker.sock:/var/run/docker.sock golang:1 \
-		go run gotest.tools/gotestsum@latest -- $(TAGS) -failfast -timeout 30m -count=1 -run IntegrationDERP ./...
+		go test $(TAGS) -failfast -timeout 30m -count=1 -run IntegrationDERP ./...
 test_integration_v2_general:
 	docker run \
@@ -56,7 +56,13 @@ test_integration_v2_general:
 		-v $$PWD:$$PWD -w $$PWD/integration \
 		-v /var/run/docker.sock:/var/run/docker.sock \
 		golang:1 \
-		go run gotest.tools/gotestsum@latest -- $(TAGS) -failfast ./... -timeout 120m -parallel 8
+		go test $(TAGS) -failfast ./... -timeout 120m -parallel 8
 coverprofile_func:
 	go tool cover -func=coverage.out
 coverprofile_html:
 	go tool cover -html=coverage.out
 lint:
 	golangci-lint run --fix --timeout 10m
@@ -74,4 +80,11 @@ compress: build
 generate:
 	rm -rf gen
-	buf generate proto
+	go run github.com/bufbuild/buf/cmd/buf generate proto
 install-protobuf-plugins:
 	go install \
 		github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-grpc-gateway \
 		github.com/grpc-ecosystem/grpc-gateway/v2/protoc-gen-openapiv2 \
 		google.golang.org/protobuf/cmd/protoc-gen-go \
 		google.golang.org/grpc/cmd/protoc-gen-go-grpc
--- a/README.md
+++ b/README.md
@@ -75,26 +75,12 @@ one of the maintainers.
 | macOS   | Yes (see `/apple` on your headscale for more information) |
 | Windows | Yes [docs](./docs/windows-client.md)                      |
 | Android | Yes [docs](./docs/android-client.md)                      |
-| iOS     | Yes [docs](./docs/iOS-client.md)                          |
+| iOS     | Not yet                                                   |
 ## Running headscale
 Please have a look at the documentation under [`docs/`](docs/).
 ## Graphical Control Panels
 Headscale provides an API for complete management of your Tailnet.
 These are community projects not directly affiliated with the Headscale project.
 | Name            | Repository Link                                      | Description                                            | Status |
 | --------------- | ---------------------------------------------------- | ------------------------------------------------------ | ------ |
 | headscale-webui | [Github](https://github.com/ifargle/headscale-webui) | A simple Headscale web UI for small-scale deployments. | Alpha  |
 ## Talks
 - Fosdem 2023 (video): [Headscale: How we are using integration testing to reimplement Tailscale](https://fosdem.org/2023/schedule/event/goheadscale/)
  - presented by Juan Font Alonso and Kristoffer Dalby
 ## Disclaimer
 1. We have nothing to do with Tailscale, or Tailscale Inc.
@@ -188,6 +174,13 @@ make build
            <sub style="font-size:14px"><b>Juan Font</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/restanrm>
            <img src=https://avatars.githubusercontent.com/u/4344371?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Adrien Raffin-Caboisse/>
            <br />
            <sub style="font-size:14px"><b>Adrien Raffin-Caboisse</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/cure>
            <img src=https://avatars.githubusercontent.com/u/149135?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Ward Vandewege/>
@@ -209,6 +202,8 @@ make build
            <sub style="font-size:14px"><b>Benjamin Roberts</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/reynico>
            <img src=https://avatars.githubusercontent.com/u/715768?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Nico/>
@@ -216,15 +211,6 @@ make build
            <sub style="font-size:14px"><b>Nico</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/evenh>
            <img src=https://avatars.githubusercontent.com/u/2701536?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Even Holthe/>
            <br />
            <sub style="font-size:14px"><b>Even Holthe</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/e-zk>
            <img src=https://avatars.githubusercontent.com/u/58356365?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=e-zk/>
@@ -253,15 +239,6 @@ make build
            <sub style="font-size:14px"><b>unreality</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/mpldr>
            <img src=https://avatars.githubusercontent.com/u/33086936?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Moritz Poldrack/>
            <br />
            <sub style="font-size:14px"><b>Moritz Poldrack</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/ohdearaugustin>
            <img src=https://avatars.githubusercontent.com/u/14001491?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ohdearaugustin/>
@@ -269,11 +246,13 @@ make build
            <sub style="font-size:14px"><b>ohdearaugustin</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/restanrm>
+        <a href=https://github.com/mpldr>
-            <img src=https://avatars.githubusercontent.com/u/4344371?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Adrien Raffin-Caboisse/>
+            <img src=https://avatars.githubusercontent.com/u/33086936?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Moritz Poldrack/>
            <br />
-            <sub style="font-size:14px"><b>Adrien Raffin-Caboisse</b></sub>
+            <sub style="font-size:14px"><b>Moritz Poldrack</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
@@ -283,13 +262,6 @@ make build
            <sub style="font-size:14px"><b>GrigoriyMikhalkin</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/christian-heusel>
            <img src=https://avatars.githubusercontent.com/u/26827864?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Christian Heusel/>
            <br />
            <sub style="font-size:14px"><b>Christian Heusel</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/mike-lloyd03>
            <img src=https://avatars.githubusercontent.com/u/49411532?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mike Lloyd/>
@@ -304,8 +276,6 @@ make build
            <sub style="font-size:14px"><b>Anton Schubert</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/Niek>
            <img src=https://avatars.githubusercontent.com/u/213140?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Niek van der Maas/>
@@ -320,6 +290,8 @@ make build
            <sub style="font-size:14px"><b>Eugen Biegler</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/617a7a>
            <img src=https://avatars.githubusercontent.com/u/67651251?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Azz/>
@@ -327,6 +299,13 @@ make build
            <sub style="font-size:14px"><b>Azz</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/evenh>
            <img src=https://avatars.githubusercontent.com/u/2701536?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Even Holthe/>
            <br />
            <sub style="font-size:14px"><b>Even Holthe</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/qbit>
            <img src=https://avatars.githubusercontent.com/u/68368?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Aaron Bieber/>
@@ -348,15 +327,6 @@ make build
            <sub style="font-size:14px"><b>Laurent Marchaud</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/majst01>
            <img src=https://avatars.githubusercontent.com/u/410110?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Stefan Majer/>
            <br />
            <sub style="font-size:14px"><b>Stefan Majer</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/fdelucchijr>
            <img src=https://avatars.githubusercontent.com/u/69133647?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Fernando De Lucchi/>
@@ -364,6 +334,8 @@ make build
            <sub style="font-size:14px"><b>Fernando De Lucchi</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/OrvilleQ>
            <img src=https://avatars.githubusercontent.com/u/21377465?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Orville Q. Song/>
@@ -385,15 +357,6 @@ make build
            <sub style="font-size:14px"><b>bravechamp</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/bravechamp>
            <img src=https://avatars.githubusercontent.com/u/48980452?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=bravechamp/>
            <br />
            <sub style="font-size:14px"><b>bravechamp</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/deonthomasgy>
            <img src=https://avatars.githubusercontent.com/u/150036?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Deon Thomas/>
@@ -415,6 +378,8 @@ make build
            <sub style="font-size:14px"><b>ChibangLW</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/mevansam>
            <img src=https://avatars.githubusercontent.com/u/403630?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mevan Samaratunga/>
@@ -436,8 +401,6 @@ make build
            <sub style="font-size:14px"><b>Paul Tötterman</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/samson4649>
            <img src=https://avatars.githubusercontent.com/u/12725953?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Samuel Lock/>
@@ -445,6 +408,13 @@ make build
            <sub style="font-size:14px"><b>Samuel Lock</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/majst01>
            <img src=https://avatars.githubusercontent.com/u/410110?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Stefan Majer/>
            <br />
            <sub style="font-size:14px"><b>Stefan Majer</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/kevin1sMe>
            <img src=https://avatars.githubusercontent.com/u/6886076?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=kevinlin/>
@@ -452,13 +422,8 @@ make build
            <sub style="font-size:14px"><b>kevinlin</b></sub>
        </a>
    </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+</tr>
-        <a href=https://github.com/QZAiXH>
+<tr>
            <img src=https://avatars.githubusercontent.com/u/23068780?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Snack/>
            <br />
            <sub style="font-size:14px"><b>Snack</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/artemklevtsov>
            <img src=https://avatars.githubusercontent.com/u/603798?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Artem Klevtsov/>
@@ -473,22 +438,6 @@ make build
            <sub style="font-size:14px"><b>Casey Marshall</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/dbevacqua>
            <img src=https://avatars.githubusercontent.com/u/6534306?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=dbevacqua/>
            <br />
            <sub style="font-size:14px"><b>dbevacqua</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/joshuataylor>
            <img src=https://avatars.githubusercontent.com/u/225131?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Josh Taylor/>
            <br />
            <sub style="font-size:14px"><b>Josh Taylor</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/CNLHC>
            <img src=https://avatars.githubusercontent.com/u/21005146?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=LiuHanCheng/>
@@ -496,13 +445,6 @@ make build
            <sub style="font-size:14px"><b>LiuHanCheng</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/motiejus>
            <img src=https://avatars.githubusercontent.com/u/107720?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Motiejus Jakštys/>
            <br />
            <sub style="font-size:14px"><b>Motiejus Jakštys</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/pvinis>
            <img src=https://avatars.githubusercontent.com/u/100233?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pavlos Vinieratos/>
@@ -533,6 +475,13 @@ make build
            <sub style="font-size:14px"><b>Victor Freire</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/lachy2849>
            <img src=https://avatars.githubusercontent.com/u/98844035?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=lachy2849/>
            <br />
            <sub style="font-size:14px"><b>lachy2849</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/t56k>
            <img src=https://avatars.githubusercontent.com/u/12165422?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=thomas/>
@@ -540,13 +489,6 @@ make build
            <sub style="font-size:14px"><b>thomas</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/linsomniac>
            <img src=https://avatars.githubusercontent.com/u/466380?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Sean Reifschneider/>
            <br />
            <sub style="font-size:14px"><b>Sean Reifschneider</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/aberoham>
            <img src=https://avatars.githubusercontent.com/u/586805?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Abraham Ingersoll/>
@@ -554,13 +496,6 @@ make build
            <sub style="font-size:14px"><b>Abraham Ingersoll</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/iFargle>
            <img src=https://avatars.githubusercontent.com/u/124551390?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Albert Copeland/>
            <br />
            <sub style="font-size:14px"><b>Albert Copeland</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/puzpuzpuz>
            <img src=https://avatars.githubusercontent.com/u/37772591?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Andrei Pechkurov/>
@@ -568,15 +503,6 @@ make build
            <sub style="font-size:14px"><b>Andrei Pechkurov</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/theryecatcher>
            <img src=https://avatars.githubusercontent.com/u/16442416?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Anoop Sundaresh/>
            <br />
            <sub style="font-size:14px"><b>Anoop Sundaresh</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/apognu>
            <img src=https://avatars.githubusercontent.com/u/3017182?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Antoine POPINEAU/>
@@ -584,13 +510,8 @@ make build
            <sub style="font-size:14px"><b>Antoine POPINEAU</b></sub>
        </a>
    </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+</tr>
-        <a href=https://github.com/tony1661>
+<tr>
            <img src=https://avatars.githubusercontent.com/u/5287266?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Antonio Fernandez/>
            <br />
            <sub style="font-size:14px"><b>Antonio Fernandez</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/aofei>
            <img src=https://avatars.githubusercontent.com/u/5037285?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Aofei Sheng/>
@@ -606,14 +527,12 @@ make build
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/avirut>
+        <a href=https://github.com/awoimbee>
-            <img src=https://avatars.githubusercontent.com/u/27095602?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Avirut Mehta/>
+            <img src=https://avatars.githubusercontent.com/u/22431493?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Arthur Woimbée/>
            <br />
-            <sub style="font-size:14px"><b>Avirut Mehta</b></sub>
+            <sub style="font-size:14px"><b>Arthur Woimbée</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/stensonb>
            <img src=https://avatars.githubusercontent.com/u/933389?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Bryan Stenson/>
@@ -635,13 +554,8 @@ make build
            <sub style="font-size:14px"><b>kundel</b></sub>
        </a>
    </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+</tr>
-        <a href=https://github.com/fatih-acar>
+<tr>
            <img src=https://avatars.githubusercontent.com/u/15028881?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=fatih-acar/>
            <br />
            <sub style="font-size:14px"><b>fatih-acar</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/fkr>
            <img src=https://avatars.githubusercontent.com/u/51063?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Felix Kronlage-Dammers/>
@@ -656,15 +570,6 @@ make build
            <sub style="font-size:14px"><b>Felix Yan</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/gabe565>
            <img src=https://avatars.githubusercontent.com/u/7717888?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Gabe Cook/>
            <br />
            <sub style="font-size:14px"><b>Gabe Cook</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/JJGadgets>
            <img src=https://avatars.githubusercontent.com/u/5709019?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=JJGadgets/>
@@ -672,13 +577,6 @@ make build
            <sub style="font-size:14px"><b>JJGadgets</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/hrtkpf>
            <img src=https://avatars.githubusercontent.com/u/42646788?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=hrtkpf/>
            <br />
            <sub style="font-size:14px"><b>hrtkpf</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/jimt>
            <img src=https://avatars.githubusercontent.com/u/180326?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jim Tittsler/>
@@ -686,22 +584,6 @@ make build
            <sub style="font-size:14px"><b>Jim Tittsler</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/jsiebens>
            <img src=https://avatars.githubusercontent.com/u/499769?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Johan Siebens/>
            <br />
            <sub style="font-size:14px"><b>Johan Siebens</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/johnae>
            <img src=https://avatars.githubusercontent.com/u/28332?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=John Axel Eriksson/>
            <br />
            <sub style="font-size:14px"><b>John Axel Eriksson</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/ShadowJonathan>
            <img src=https://avatars.githubusercontent.com/u/22740616?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jonathan de Jong/>
@@ -709,43 +591,6 @@ make build
            <sub style="font-size:14px"><b>Jonathan de Jong</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/JulienFloris>
            <img src=https://avatars.githubusercontent.com/u/20380255?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Julien Zweverink/>
            <br />
            <sub style="font-size:14px"><b>Julien Zweverink</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/win-t>
            <img src=https://avatars.githubusercontent.com/u/1589120?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Kurnia D Win/>
            <br />
            <sub style="font-size:14px"><b>Kurnia D Win</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/foxtrot>
            <img src=https://avatars.githubusercontent.com/u/4153572?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Marc/>
            <br />
            <sub style="font-size:14px"><b>Marc</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/magf>
            <img src=https://avatars.githubusercontent.com/u/11992737?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Maxim Gajdaj/>
            <br />
            <sub style="font-size:14px"><b>Maxim Gajdaj</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/mikejsavage>
            <img src=https://avatars.githubusercontent.com/u/579299?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Michael Savage/>
            <br />
            <sub style="font-size:14px"><b>Michael Savage</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/piec>
            <img src=https://avatars.githubusercontent.com/u/781471?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pierre Carru/>
@@ -753,6 +598,8 @@ make build
            <sub style="font-size:14px"><b>Pierre Carru</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/Donran>
            <img src=https://avatars.githubusercontent.com/u/4838348?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pontus N/>
@@ -788,8 +635,6 @@ make build
            <sub style="font-size:14px"><b>Ryan Fowler</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/shaananc>
            <img src=https://avatars.githubusercontent.com/u/2287839?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Shaanan Cohney/>
@@ -797,6 +642,8 @@ make build
            <sub style="font-size:14px"><b>Shaanan Cohney</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/stefanvanburen>
            <img src=https://avatars.githubusercontent.com/u/622527?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Stefan VanBuren/>
@@ -825,15 +672,6 @@ make build
            <sub style="font-size:14px"><b>Teteros</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/Teteros>
            <img src=https://avatars.githubusercontent.com/u/5067989?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Teteros/>
            <br />
            <sub style="font-size:14px"><b>Teteros</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/gitter-badger>
            <img src=https://avatars.githubusercontent.com/u/8518239?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=The Gitter Badger/>
@@ -848,6 +686,8 @@ make build
            <sub style="font-size:14px"><b>Tianon Gravi</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/thetillhoff>
            <img src=https://avatars.githubusercontent.com/u/25052289?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Till Hoffmann/>
@@ -876,13 +716,11 @@ make build
            <sub style="font-size:14px"><b>Yujie Xia</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/newellz2>
-            <img src=https://avatars.githubusercontent.com/u/52436542?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zachary Newell/>
+            <img src=https://avatars.githubusercontent.com/u/52436542?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zachary N./>
            <br />
-            <sub style="font-size:14px"><b>Zachary Newell</b></sub>
+            <sub style="font-size:14px"><b>Zachary N.</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
@@ -892,6 +730,8 @@ make build
            <sub style="font-size:14px"><b>Zakhar Bessarab</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/zhzy0077>
            <img src=https://avatars.githubusercontent.com/u/8717471?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zhiyuan Zheng/>
@@ -906,13 +746,6 @@ make build
            <sub style="font-size:14px"><b>Ziyuan Han</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/caelansar>
            <img src=https://avatars.githubusercontent.com/u/31852257?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=caelansar/>
            <br />
            <sub style="font-size:14px"><b>caelansar</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/derelm>
            <img src=https://avatars.githubusercontent.com/u/465155?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=derelm/>
@@ -920,15 +753,6 @@ make build
            <sub style="font-size:14px"><b>derelm</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/dnaq>
            <img src=https://avatars.githubusercontent.com/u/1299717?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=dnaq/>
            <br />
            <sub style="font-size:14px"><b>dnaq</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/nning>
            <img src=https://avatars.githubusercontent.com/u/557430?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=henning mueller/>
@@ -943,13 +767,6 @@ make build
            <sub style="font-size:14px"><b>ignoramous</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/jimyag>
            <img src=https://avatars.githubusercontent.com/u/69233189?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=jimyag/>
            <br />
            <sub style="font-size:14px"><b>jimyag</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/magichuihui>
            <img src=https://avatars.githubusercontent.com/u/10866198?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=suhelen/>
@@ -957,6 +774,8 @@ make build
            <sub style="font-size:14px"><b>suhelen</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/lion24>
            <img src=https://avatars.githubusercontent.com/u/1382102?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=sharkonet/>
@@ -964,15 +783,6 @@ make build
            <sub style="font-size:14px"><b>sharkonet</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/ma6174>
            <img src=https://avatars.githubusercontent.com/u/1449133?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ma6174/>
            <br />
            <sub style="font-size:14px"><b>ma6174</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/manju-rn>
            <img src=https://avatars.githubusercontent.com/u/26291847?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=manju-rn/>
@@ -980,18 +790,11 @@ make build
            <sub style="font-size:14px"><b>manju-rn</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/nicholas-yap>
            <img src=https://avatars.githubusercontent.com/u/38109533?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=nicholas-yap/>
            <br />
            <sub style="font-size:14px"><b>nicholas-yap</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/pernila>
-            <img src=https://avatars.githubusercontent.com/u/12460060?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tommi Pernila/>
+            <img src=https://avatars.githubusercontent.com/u/12460060?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=pernila/>
            <br />
-            <sub style="font-size:14px"><b>Tommi Pernila</b></sub>
+            <sub style="font-size:14px"><b>pernila</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
@@ -1008,8 +811,6 @@ make build
            <sub style="font-size:14px"><b>Wakeful-Cloud</b></sub>
        </a>
    </td>
 </tr>
 <tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/xpzouying>
            <img src=https://avatars.githubusercontent.com/u/3946563?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=zy/>
@@ -1017,12 +818,5 @@ make build
            <sub style="font-size:14px"><b>zy</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/atorregrosa-smd>
            <img src=https://avatars.githubusercontent.com/u/78434679?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Àlex Torregrosa/>
            <br />
            <sub style="font-size:14px"><b>Àlex Torregrosa</b></sub>
        </a>
    </td>
 </tr>
 </table>
--- a/acls.go
+++ b/acls.go
@@ -13,9 +13,7 @@ import (
 	"time"
 	"github.com/rs/zerolog/log"
 	"github.com/samber/lo"
 	"github.com/tailscale/hujson"
 	"go4.org/netipx"
 	"gopkg.in/yaml.v3"
 	"tailscale.com/envknob"
 	"tailscale.com/tailcfg"
@@ -135,14 +133,6 @@ func (h *Headscale) UpdateACLRules() error {
 	log.Trace().Interface("ACL", rules).Msg("ACL rules generated")
 	h.aclRules = rules
 	// Precompute a map of which sources can reach each destination, this is
 	// to provide quicker lookup when we calculate the peerlist for the map
 	// response to nodes.
 	aclPeerCacheMap := generateACLPeerCacheMap(rules)
 	h.aclPeerCacheMapRW.Lock()
 	h.aclPeerCacheMap = aclPeerCacheMap
 	h.aclPeerCacheMapRW.Unlock()
 	if featureEnableSSH() {
 		sshRules, err := h.generateSSHRules()
 		if err != nil {
@@ -160,78 +150,7 @@ func (h *Headscale) UpdateACLRules() error {
 	return nil
 }
-// generateACLPeerCacheMap takes a list of Tailscale filter rules and generates a map
+func generateACLRules(machines []Machine, aclPolicy ACLPolicy, stripEmaildomain bool) ([]tailcfg.FilterRule, error) {
 // of which Sources ("*" and IPs) can access destinations. This is to speed up the
 // process of generating MapResponses when deciding which Peers to inform nodes about.
 func generateACLPeerCacheMap(rules []tailcfg.FilterRule) map[string]map[string]struct{} {
 	aclCachePeerMap := make(map[string]map[string]struct{})
 	for _, rule := range rules {
 		for _, srcIP := range rule.SrcIPs {
 			for _, ip := range expandACLPeerAddr(srcIP) {
 				if data, ok := aclCachePeerMap[ip]; ok {
 					for _, dstPort := range rule.DstPorts {
 						for _, dstIP := range expandACLPeerAddr(dstPort.IP) {
 							data[dstIP] = struct{}{}
 						}
 					}
 				} else {
 					dstPortsMap := make(map[string]struct{}, len(rule.DstPorts))
 					for _, dstPort := range rule.DstPorts {
 						for _, dstIP := range expandACLPeerAddr(dstPort.IP) {
 							dstPortsMap[dstIP] = struct{}{}
 						}
 					}
 					aclCachePeerMap[ip] = dstPortsMap
 				}
 			}
 		}
 	}
 	log.Trace().Interface("ACL Cache Map", aclCachePeerMap).Msg("ACL Peer Cache Map generated")
 	return aclCachePeerMap
 }
 // expandACLPeerAddr takes a "tailcfg.FilterRule" "IP" and expands it into
 // something our cache logic can look up, which is "*" or single IP addresses.
 // This is probably quite inefficient, but it is a result of
 // "make it work, then make it fast", and a lot of the ACL stuff does not
 // work, but people have tried to make it fast.
 func expandACLPeerAddr(srcIP string) []string {
 	if ip, err := netip.ParseAddr(srcIP); err == nil {
 		return []string{ip.String()}
 	}
 	if cidr, err := netip.ParsePrefix(srcIP); err == nil {
 		addrs := []string{}
 		ipRange := netipx.RangeOfPrefix(cidr)
 		from := ipRange.From()
 		too := ipRange.To()
 		if from == too {
 			return []string{from.String()}
 		}
 		for from != too && from.Less(too) {
 			addrs = append(addrs, from.String())
 			from = from.Next()
 		}
 		addrs = append(addrs, too.String()) // Add the last IP address in the range
 		return addrs
 	}
 	// probably "*" or other string based "IP"
 	return []string{srcIP}
 }
 func generateACLRules(
 	machines []Machine,
 	aclPolicy ACLPolicy,
 	stripEmaildomain bool,
 ) ([]tailcfg.FilterRule, error) {
 	rules := []tailcfg.FilterRule{}
 	for index, acl := range aclPolicy.ACLs {
@@ -241,7 +160,7 @@ func generateACLRules(
 		srcIPs := []string{}
 		for innerIndex, src := range acl.Sources {
-			srcs, err := generateACLPolicySrc(machines, aclPolicy, src, stripEmaildomain)
+			srcs, err := generateACLPolicySrcIP(machines, aclPolicy, src, stripEmaildomain)
 			if err != nil {
 				log.Error().
 					Msgf("Error parsing ACL %d, Source %d", index, innerIndex)
@@ -392,7 +311,7 @@ func sshCheckAction(duration string) (*tailcfg.SSHAction, error) {
 	}, nil
 }
-func generateACLPolicySrc(
+func generateACLPolicySrcIP(
 	machines []Machine,
 	aclPolicy ACLPolicy,
 	src string,
@@ -408,40 +327,15 @@ func generateACLPolicyDest(
 	needsWildcard bool,
 	stripEmaildomain bool,
 ) ([]tailcfg.NetPortRange, error) {
-	var tokens []string
+	tokens := strings.Split(dest, ":")
 	log.Trace().Str("destination", dest).Msg("generating policy destination")
 	// Check if there is a IPv4/6:Port combination, IPv6 has more than
 	// three ":".
 	tokens = strings.Split(dest, ":")
 	if len(tokens) < expectedTokenItems || len(tokens) > 3 {
-		port := tokens[len(tokens)-1]
+		return nil, errInvalidPortFormat
 		maybeIPv6Str := strings.TrimSuffix(dest, ":"+port)
 		log.Trace().Str("maybeIPv6Str", maybeIPv6Str).Msg("")
 		if maybeIPv6, err := netip.ParseAddr(maybeIPv6Str); err != nil && !maybeIPv6.Is6() {
 			log.Trace().Err(err).Msg("trying to parse as IPv6")
 			return nil, fmt.Errorf(
 				"failed to parse destination, tokens %v: %w",
 				tokens,
 				errInvalidPortFormat,
 			)
 		} else {
 			tokens = []string{maybeIPv6Str, port}
 		}
 	}
 	log.Trace().Strs("tokens", tokens).Msg("generating policy destination")
 	var alias string
 	// We can have here stuff like:
 	// git-server:*
 	// 192.168.1.0/24:22
 	// fd7a:115c:a1e0::2:22
 	// fd7a:115c:a1e0::2/128:22
 	// tag:montreal-webserver:80,443
 	// tag:api-server:443
 	// example-host-1:*
@@ -533,12 +427,9 @@ func parseProtocol(protocol string) ([]int, bool, error) {
 // - a user
 // - a group
 // - a tag
 // - a host
 // - an ip
 // - a cidr
 // and transform these in IPAddresses.
 func expandAlias(
-	machines Machines,
+	machines []Machine,
 	aclPolicy ACLPolicy,
 	alias string,
 	stripEmailDomain bool,
@@ -620,40 +511,19 @@ func expandAlias(
 	// if alias is an host
 	if h, ok := aclPolicy.Hosts[alias]; ok {
-		log.Trace().Str("host", h.String()).Msg("expandAlias got hosts entry")
+		return []string{h.String()}, nil
 		return expandAlias(machines, aclPolicy, h.String(), stripEmailDomain)
 	}
 	// if alias is an IP
-	if ip, err := netip.ParseAddr(alias); err == nil {
+	ip, err := netip.ParseAddr(alias)
-		log.Trace().Str("ip", ip.String()).Msg("expandAlias got ip")
+	if err == nil {
-		ips := []string{ip.String()}
+		return []string{ip.String()}, nil
 		matches := machines.FilterByIP(ip)
 		for _, machine := range matches {
 			ips = append(ips, machine.IPAddresses.ToStringSlice()...)
 		}
 		return lo.Uniq(ips), nil
 	}
-	if cidr, err := netip.ParsePrefix(alias); err == nil {
+	// if alias is an CIDR
-		log.Trace().Str("cidr", cidr.String()).Msg("expandAlias got cidr")
+	cidr, err := netip.ParsePrefix(alias)
-		val := []string{cidr.String()}
+	if err == nil {
-		// This is suboptimal and quite expensive, but if we only add the cidr, we will miss all the relevant IPv6
+		return []string{cidr.String()}, nil
 		// addresses for the hosts that belong to tailscale. This doesnt really affect stuff like subnet routers.
 		for _, machine := range machines {
 			for _, ip := range machine.IPAddresses {
 				// log.Trace().
 				// 	Msgf("checking if machine ip (%s) is part of cidr (%s): %v, is single ip cidr (%v), addr: %s", ip.String(), cidr.String(), cidr.Contains(ip), cidr.IsSingleIP(), cidr.Addr().String())
 				if cidr.Contains(ip) {
 					val = append(val, machine.IPAddresses.ToStringSlice()...)
 				}
 			}
 		}
 		return lo.Uniq(val), nil
 	}
 	log.Warn().Msgf("No IPs found with the alias %v", alias)
@@ -715,7 +585,6 @@ func expandPorts(portsStr string, needsWildcard bool) (*[]tailcfg.PortRange, err
 	ports := []tailcfg.PortRange{}
 	for _, portStr := range strings.Split(portsStr, ",") {
 		log.Trace().Msgf("parsing portstring: %s", portStr)
 		rang := strings.Split(portStr, "-")
 		switch len(rang) {
 		case 1:
--- a/acls_test.go
+++ b/acls_test.go
@@ -1025,88 +1025,6 @@ func Test_expandAlias(t *testing.T) {
 			want:    []string{"10.0.0.3"},
 			wantErr: false,
 		},
 		{
 			name: "simple host by ip passed through",
 			args: args{
 				alias:            "10.0.0.1",
 				machines:         []Machine{},
 				aclPolicy:        ACLPolicy{},
 				stripEmailDomain: true,
 			},
 			want:    []string{"10.0.0.1"},
 			wantErr: false,
 		},
 		{
 			name: "simple host by ipv4 single ipv4",
 			args: args{
 				alias: "10.0.0.1",
 				machines: []Machine{
 					{
 						IPAddresses: MachineAddresses{
 							netip.MustParseAddr("10.0.0.1"),
 						},
 						User: User{Name: "mickael"},
 					},
 				},
 				aclPolicy:        ACLPolicy{},
 				stripEmailDomain: true,
 			},
 			want:    []string{"10.0.0.1"},
 			wantErr: false,
 		},
 		{
 			name: "simple host by ipv4 single dual stack",
 			args: args{
 				alias: "10.0.0.1",
 				machines: []Machine{
 					{
 						IPAddresses: MachineAddresses{
 							netip.MustParseAddr("10.0.0.1"),
 							netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
 						},
 						User: User{Name: "mickael"},
 					},
 				},
 				aclPolicy:        ACLPolicy{},
 				stripEmailDomain: true,
 			},
 			want:    []string{"10.0.0.1", "fd7a:115c:a1e0:ab12:4843:2222:6273:2222"},
 			wantErr: false,
 		},
 		{
 			name: "simple host by ipv6 single dual stack",
 			args: args{
 				alias: "fd7a:115c:a1e0:ab12:4843:2222:6273:2222",
 				machines: []Machine{
 					{
 						IPAddresses: MachineAddresses{
 							netip.MustParseAddr("10.0.0.1"),
 							netip.MustParseAddr("fd7a:115c:a1e0:ab12:4843:2222:6273:2222"),
 						},
 						User: User{Name: "mickael"},
 					},
 				},
 				aclPolicy:        ACLPolicy{},
 				stripEmailDomain: true,
 			},
 			want:    []string{"fd7a:115c:a1e0:ab12:4843:2222:6273:2222", "10.0.0.1"},
 			wantErr: false,
 		},
 		{
 			name: "simple host by hostname alias",
 			args: args{
 				alias:    "testy",
 				machines: []Machine{},
 				aclPolicy: ACLPolicy{
 					Hosts: Hosts{
 						"testy": netip.MustParsePrefix("10.0.0.132/32"),
 					},
 				},
 				stripEmailDomain: true,
 			},
 			want:    []string{"10.0.0.132/32"},
 			wantErr: false,
 		},
 		{
 			name: "private network",
 			args: args{
@@ -1122,6 +1040,17 @@ func Test_expandAlias(t *testing.T) {
 			want:    []string{"192.168.1.0/24"},
 			wantErr: false,
 		},
 		{
 			name: "simple host",
 			args: args{
 				alias:            "10.0.0.1",
 				machines:         []Machine{},
 				aclPolicy:        ACLPolicy{},
 				stripEmailDomain: true,
 			},
 			want:    []string{"10.0.0.1"},
 			wantErr: false,
 		},
 		{
 			name: "simple CIDR",
 			args: args{
@@ -1612,138 +1541,3 @@ func Test_excludeCorrectlyTaggedNodes(t *testing.T) {
 		})
 	}
 }
 func Test_expandACLPeerAddr(t *testing.T) {
 	type args struct {
 		srcIP string
 	}
 	tests := []struct {
 		name string
 		args args
 		want []string
 	}{
 		{
 			name: "asterix",
 			args: args{
 				srcIP: "*",
 			},
 			want: []string{"*"},
 		},
 		{
 			name: "ip",
 			args: args{
 				srcIP: "10.0.0.1",
 			},
 			want: []string{"10.0.0.1"},
 		},
 		{
 			name: "ip/32",
 			args: args{
 				srcIP: "10.0.0.1/32",
 			},
 			want: []string{"10.0.0.1"},
 		},
 		{
 			name: "ip/30",
 			args: args{
 				srcIP: "10.0.0.1/30",
 			},
 			want: []string{
 				"10.0.0.0",
 				"10.0.0.1",
 				"10.0.0.2",
 				"10.0.0.3",
 			},
 		},
 		{
 			name: "ip/28",
 			args: args{
 				srcIP: "192.168.0.128/28",
 			},
 			want: []string{
 				"192.168.0.128", "192.168.0.129", "192.168.0.130",
 				"192.168.0.131", "192.168.0.132", "192.168.0.133",
 				"192.168.0.134", "192.168.0.135", "192.168.0.136",
 				"192.168.0.137", "192.168.0.138", "192.168.0.139",
 				"192.168.0.140", "192.168.0.141", "192.168.0.142",
 				"192.168.0.143",
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if got := expandACLPeerAddr(tt.args.srcIP); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("expandACLPeerAddr() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
 func Test_expandACLPeerAddrV6(t *testing.T) {
 	type args struct {
 		srcIP string
 	}
 	tests := []struct {
 		name string
 		args args
 		want []string
 	}{
 		{
 			name: "asterix",
 			args: args{
 				srcIP: "*",
 			},
 			want: []string{"*"},
 		},
 		{
 			name: "ipfull",
 			args: args{
 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:3166",
 			},
 			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:3166"},
 		},
 		{
 			name: "ipzerocompression",
 			args: args{
 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c::",
 			},
 			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:0"},
 		},
 		{
 			name: "ip/128",
 			args: args{
 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:3166/128",
 			},
 			want: []string{"fd7a:115c:a1e0:ab12:4943:cd96:624c:3166"},
 		},
 		{
 			name: "ip/127",
 			args: args{
 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:0000/127",
 			},
 			want: []string{
 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:0",
 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:1",
 			},
 		},
 		{
 			name: "ip/126",
 			args: args{
 				srcIP: "fd7a:115c:a1e0:ab12:4943:cd96:624c:0000/126",
 			},
 			want: []string{
 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:0",
 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:1",
 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:2",
 				"fd7a:115c:a1e0:ab12:4943:cd96:624c:3",
 			},
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if got := expandACLPeerAddr(tt.args.srcIP); !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("expandACLPeerAddr() = %v, want %v", got, tt.want)
 			}
 		})
 	}
 }
--- a/api_common.go
+++ b/api_common.go
@@ -1,8 +1,6 @@
 package headscale
 import (
 	"time"
 	"github.com/rs/zerolog/log"
 	"tailscale.com/tailcfg"
 )
@@ -57,46 +55,16 @@ func (h *Headscale) generateMapResponse(
 		peers,
 	)
 	now := time.Now()
 	resp := tailcfg.MapResponse{
-		KeepAlive: false,
+		KeepAlive:    false,
-		Node:      node,
+		Node:         node,
-
+		Peers:        nodePeers,
-		// TODO: Only send if updated
+		DNSConfig:    dnsConfig,
-		DERPMap: h.DERPMap,
+		Domain:       h.cfg.BaseDomain,
 		// TODO: Only send if updated
 		Peers: nodePeers,
 		// TODO(kradalby): Implement:
 		// https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L1351-L1374
 		// PeersChanged
 		// PeersRemoved
 		// PeersChangedPatch
 		// PeerSeenChange
 		// OnlineChange
 		// TODO: Only send if updated
 		DNSConfig: dnsConfig,
 		// TODO: Only send if updated
 		Domain: h.cfg.BaseDomain,
 		// Do not instruct clients to collect services, we do not
 		// support or do anything with them
 		CollectServices: "false",
 		// TODO: Only send if updated
 		PacketFilter: h.aclRules,
-
+		SSHPolicy:    h.sshPolicy,
 		DERPMap:      h.DERPMap,
 		UserProfiles: profiles,
 		// TODO: Only send if updated
 		SSHPolicy: h.sshPolicy,
 		ControlTime: &now,
 		Debug: &tailcfg.Debug{
 			DisableLogTail:      !h.cfg.LogTail.Enabled,
 			RandomizeClientPort: h.cfg.RandomizeClientPort,
--- a/app.go
+++ b/app.go
@@ -84,11 +84,9 @@ type Headscale struct {
 	DERPMap    *tailcfg.DERPMap
 	DERPServer *DERPServer
-	aclPolicy         *ACLPolicy
+	aclPolicy *ACLPolicy
-	aclRules          []tailcfg.FilterRule
+	aclRules  []tailcfg.FilterRule
-	aclPeerCacheMapRW sync.RWMutex
+	sshPolicy *tailcfg.SSHPolicy
 	aclPeerCacheMap   map[string]map[string]struct{}
 	sshPolicy         *tailcfg.SSHPolicy
 	lastStateChange *xsync.MapOf[string, time.Time]
@@ -523,7 +521,7 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *mux.Router {
 	apiRouter.Use(h.httpAuthenticationMiddleware)
 	apiRouter.PathPrefix("/v1/").HandlerFunc(grpcMux.ServeHTTP)
-	router.PathPrefix("/").HandlerFunc(notFoundHandler)
+	router.PathPrefix("/").HandlerFunc(stdoutHandler)
 	return router
 }
@@ -959,7 +957,7 @@ func (h *Headscale) getLastStateChange(users ...User) time.Time {
 	}
 }
-func notFoundHandler(
+func stdoutHandler(
 	writer http.ResponseWriter,
 	req *http.Request,
 ) {
@@ -971,7 +969,6 @@ func notFoundHandler(
 		Interface("url", req.URL).
 		Bytes("body", body).
 		Msg("Request did not match")
 	writer.WriteHeader(http.StatusNotFound)
 }
 func readOrCreatePrivateKey(path string) (*key.MachinePrivate, error) {
--- a/cmd/gh-action-integration-generator/main.go
+++ b/cmd/gh-action-integration-generator/main.go
@@ -7,29 +7,19 @@ import (
 	"fmt"
 	"log"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
 	"text/template"
 )
 var (
 	githubWorkflowPath  = "../../.github/workflows/"
 	jobFileNameTemplate = `test-integration-v2-%s.yaml`
-	jobTemplate         = template.Must(
+	jobTemplate         = template.Must(template.New("jobTemplate").Parse(`
-		template.New("jobTemplate").
+# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 			Parse(`# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 name: Integration Test v2 - {{.Name}}
 on: [pull_request]
 concurrency:
  group: {{ "${{ github.workflow }}-$${{ github.head_ref || github.run_id }}" }}
  cancel-in-progress: true
 jobs:
  test:
    runs-on: ubuntu-latest
@@ -50,8 +40,8 @@ jobs:
            integration_test/
            config-example.yaml
-      - uses: cachix/install-nix-action@v18
+      - uses: cachix/install-nix-action@v16
-        if: {{ "${{ env.ACT }}" }} || steps.changed-files.outputs.any_changed == 'true'
+        if: steps.changed-files.outputs.any_changed == 'true'
      - name: Run general integration tests
        if: steps.changed-files.outputs.any_changed == 'true'
@@ -62,7 +52,6 @@ jobs:
              --name headscale-test-suite \
              --volume $PWD:$PWD -w $PWD/integration \
              --volume /var/run/docker.sock:/var/run/docker.sock \
              --volume $PWD/control_logs:/tmp/control \
              golang:1 \
                go test ./... \
                  -tags ts2019 \
@@ -70,81 +59,43 @@ jobs:
                  -timeout 120m \
                  -parallel 1 \
                  -run "^{{.Name}}$"
-
+`))
      - uses: actions/upload-artifact@v3
        if: always() && steps.changed-files.outputs.any_changed == 'true'
        with:
          name: logs
          path: "control_logs/*.log"
 `),
 	)
 )
 const workflowFilePerm = 0o600
 func removeTests() {
 	glob := fmt.Sprintf(jobFileNameTemplate, "*")
 	files, err := filepath.Glob(filepath.Join(githubWorkflowPath, glob))
 	if err != nil {
 		log.Fatalf("failed to find test files")
 	}
 	for _, file := range files {
 		err := os.Remove(file)
 		if err != nil {
 			log.Printf("failed to remove: %s", err)
 		}
 	}
 }
 func findTests() []string {
 	rgBin, err := exec.LookPath("rg")
 	if err != nil {
 		log.Fatalf("failed to find rg (ripgrep) binary")
 	}
 	args := []string{
 		"--regexp", "func (Test.+)\\(.*",
 		"../../integration/",
 		"--replace", "$1",
 		"--sort", "path",
 		"--no-line-number",
 		"--no-filename",
 		"--no-heading",
 	}
 	log.Printf("executing: %s %s", rgBin, strings.Join(args, " "))
 	ripgrep := exec.Command(
 		rgBin,
 		args...,
 	)
 	result, err := ripgrep.CombinedOutput()
 	if err != nil {
 		log.Printf("out: %s", result)
 		log.Fatalf("failed to run ripgrep: %s", err)
 	}
 	tests := strings.Split(string(result), "\n")
 	tests = tests[:len(tests)-1]
 	return tests
 }
 func main() {
 	type testConfig struct {
 		Name string
 	}
-	tests := findTests()
+	// TODO(kradalby): automatic fetch tests at runtime
-
+	tests := []string{
-	removeTests()
+		"TestAuthKeyLogoutAndRelogin",
 		"TestAuthWebFlowAuthenticationPingAll",
 		"TestAuthWebFlowLogoutAndRelogin",
 		"TestCreateTailscale",
 		"TestEnablingRoutes",
 		"TestHeadscale",
 		"TestUserCommand",
 		"TestOIDCAuthenticationPingAll",
 		"TestOIDCExpireNodes",
 		"TestPingAllByHostname",
 		"TestPingAllByIP",
 		"TestPreAuthKeyCommand",
 		"TestPreAuthKeyCommandReusableEphemeral",
 		"TestPreAuthKeyCommandWithoutExpiry",
 		"TestResolveMagicDNS",
 		"TestSSHIsBlockedInACL",
 		"TestSSHMultipleUsersAllToAll",
 		"TestSSHNoSSHConfigured",
 		"TestSSHOneUserAllToAll",
 		"TestSSUserOnlyIsolation",
 		"TestTaildrop",
 		"TestTailscaleNodesJoiningHeadcale",
 	}
 	for _, test := range tests {
 		log.Printf("generating workflow for %s", test)
 		var content bytes.Buffer
 		if err := jobTemplate.Execute(&content, testConfig{
@@ -153,9 +104,9 @@ func main() {
 			log.Fatalf("failed to render template: %s", err)
 		}
-		testPath := path.Join(githubWorkflowPath, fmt.Sprintf(jobFileNameTemplate, test))
+		path := "../../.github/workflows/" + fmt.Sprintf(jobFileNameTemplate, test)
-		err := os.WriteFile(testPath, content.Bytes(), workflowFilePerm)
+		err := os.WriteFile(path, content.Bytes(), workflowFilePerm)
 		if err != nil {
 			log.Fatalf("failed to write github job: %s", err)
 		}
--- a/cmd/headscale/cli/configtest.go
+++ b/cmd/headscale/cli/configtest.go
@@ -1,22 +0,0 @@
 package cli
 import (
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 )
 func init() {
 	rootCmd.AddCommand(configTestCmd)
 }
 var configTestCmd = &cobra.Command{
 	Use:   "configtest",
 	Short: "Test the configuration.",
 	Long:  "Run a test of the configuration and exit.",
 	Run: func(cmd *cobra.Command, args []string) {
 		_, err := getHeadscaleApp()
 		if err != nil {
 			log.Fatal().Caller().Err(err).Msg("Error initializing")
 		}
 	},
 }
--- a/cmd/headscale/cli/debug.go
+++ b/cmd/headscale/cli/debug.go
@@ -27,13 +27,7 @@ func init() {
 	if err != nil {
 		log.Fatal().Err(err).Msg("")
 	}
-	createNodeCmd.Flags().StringP("user", "u", "", "User")
+	createNodeCmd.Flags().StringP("user", "n", "", "User")
 	createNodeCmd.Flags().StringP("namespace", "n", "", "User")
 	createNodeNamespaceFlag := createNodeCmd.Flags().Lookup("namespace")
 	createNodeNamespaceFlag.Deprecated = deprecateNamespaceMessage
 	createNodeNamespaceFlag.Hidden = true
 	err = createNodeCmd.MarkFlagRequired("user")
 	if err != nil {
 		log.Fatal().Err(err).Msg("")
--- a/cmd/headscale/cli/nodes.go
+++ b/cmd/headscale/cli/nodes.go
@@ -19,23 +19,11 @@ import (
 func init() {
 	rootCmd.AddCommand(nodeCmd)
-	listNodesCmd.Flags().StringP("user", "u", "", "Filter by user")
+	listNodesCmd.Flags().StringP("user", "n", "", "Filter by user")
 	listNodesCmd.Flags().BoolP("tags", "t", false, "Show tags")
 	listNodesCmd.Flags().StringP("namespace", "n", "", "User")
 	listNodesNamespaceFlag := listNodesCmd.Flags().Lookup("namespace")
 	listNodesNamespaceFlag.Deprecated = deprecateNamespaceMessage
 	listNodesNamespaceFlag.Hidden = true
 	nodeCmd.AddCommand(listNodesCmd)
-	registerNodeCmd.Flags().StringP("user", "u", "", "User")
+	registerNodeCmd.Flags().StringP("user", "n", "", "User")
 	registerNodeCmd.Flags().StringP("namespace", "n", "", "User")
 	registerNodeNamespaceFlag := registerNodeCmd.Flags().Lookup("namespace")
 	registerNodeNamespaceFlag.Deprecated = deprecateNamespaceMessage
 	registerNodeNamespaceFlag.Hidden = true
 	err := registerNodeCmd.MarkFlagRequired("user")
 	if err != nil {
 		log.Fatalf(err.Error())
@@ -75,12 +63,7 @@ func init() {
 		log.Fatalf(err.Error())
 	}
-	moveNodeCmd.Flags().StringP("user", "u", "", "New user")
+	moveNodeCmd.Flags().StringP("user", "n", "", "New user")
 	moveNodeCmd.Flags().StringP("namespace", "n", "", "User")
 	moveNodeNamespaceFlag := moveNodeCmd.Flags().Lookup("namespace")
 	moveNodeNamespaceFlag.Deprecated = deprecateNamespaceMessage
 	moveNodeNamespaceFlag.Hidden = true
 	err = moveNodeCmd.MarkFlagRequired("user")
 	if err != nil {
--- a/cmd/headscale/cli/preauthkeys.go
+++ b/cmd/headscale/cli/preauthkeys.go
@@ -20,13 +20,7 @@ const (
 func init() {
 	rootCmd.AddCommand(preauthkeysCmd)
-	preauthkeysCmd.PersistentFlags().StringP("user", "u", "", "User")
+	preauthkeysCmd.PersistentFlags().StringP("user", "n", "", "User")
 	preauthkeysCmd.PersistentFlags().StringP("namespace", "n", "", "User")
 	pakNamespaceFlag := preauthkeysCmd.PersistentFlags().Lookup("namespace")
 	pakNamespaceFlag.Deprecated = deprecateNamespaceMessage
 	pakNamespaceFlag.Hidden = true
 	err := preauthkeysCmd.MarkPersistentFlagRequired("user")
 	if err != nil {
 		log.Fatal().Err(err).Msg("")
--- a/cmd/headscale/cli/root.go
+++ b/cmd/headscale/cli/root.go
@@ -12,15 +12,10 @@ import (
 	"github.com/tcnksm/go-latest"
 )
 const (
 	deprecateNamespaceMessage = "use --user"
 )
 var cfgFile string = ""
 func init() {
-	if len(os.Args) > 1 &&
+	if len(os.Args) > 1 && (os.Args[1] == "version" || os.Args[1] == "mockoidc" || os.Args[1] == "completion") {
 		(os.Args[1] == "version" || os.Args[1] == "mockoidc" || os.Args[1] == "completion") {
 		return
 	}
--- a/cmd/headscale/cli/routes.go
+++ b/cmd/headscale/cli/routes.go
@@ -3,10 +3,8 @@ package cli
 import (
 	"fmt"
 	"log"
 	"net/netip"
 	"strconv"
 	"github.com/juanfont/headscale"
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
 	"github.com/pterm/pterm"
 	"github.com/spf13/cobra"
@@ -35,13 +33,6 @@ func init() {
 		log.Fatalf(err.Error())
 	}
 	routesCmd.AddCommand(disableRouteCmd)
 	deleteRouteCmd.Flags().Uint64P("route", "r", 0, "Route identifier (ID)")
 	err = deleteRouteCmd.MarkFlagRequired("route")
 	if err != nil {
 		log.Fatalf(err.Error())
 	}
 	routesCmd.AddCommand(deleteRouteCmd)
 }
 var routesCmd = &cobra.Command{
@@ -207,50 +198,7 @@ var disableRouteCmd = &cobra.Command{
 		if err != nil {
 			ErrorOutput(
 				err,
-				fmt.Sprintf("Cannot disable route %d: %s", routeID, status.Convert(err).Message()),
+				fmt.Sprintf("Cannot enable route %d: %s", routeID, status.Convert(err).Message()),
 				output,
 			)
 			return
 		}
 		if output != "" {
 			SuccessOutput(response, "", output)
 			return
 		}
 	},
 }
 var deleteRouteCmd = &cobra.Command{
 	Use:   "delete",
 	Short: "Delete a given route",
 	Long:  `This command will delete a given route.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		output, _ := cmd.Flags().GetString("output")
 		routeID, err := cmd.Flags().GetUint64("route")
 		if err != nil {
 			ErrorOutput(
 				err,
 				fmt.Sprintf("Error getting machine id from flag: %s", err),
 				output,
 			)
 			return
 		}
 		ctx, client, conn, cancel := getHeadscaleCLIClient()
 		defer cancel()
 		defer conn.Close()
 		response, err := client.DeleteRoute(ctx, &v1.DeleteRouteRequest{
 			RouteId: routeID,
 		})
 		if err != nil {
 			ErrorOutput(
 				err,
 				fmt.Sprintf("Cannot delete route %d: %s", routeID, status.Convert(err).Message()),
 				output,
 			)
@@ -270,19 +218,6 @@ func routesToPtables(routes []*v1.Route) pterm.TableData {
 	tableData := pterm.TableData{{"ID", "Machine", "Prefix", "Advertised", "Enabled", "Primary"}}
 	for _, route := range routes {
 		var isPrimaryStr string
 		prefix, err := netip.ParsePrefix(route.Prefix)
 		if err != nil {
 			log.Printf("Error parsing prefix %s: %s", route.Prefix, err)
 			continue
 		}
 		if prefix == headscale.ExitRouteV4 || prefix == headscale.ExitRouteV6 {
 			isPrimaryStr = "-"
 		} else {
 			isPrimaryStr = strconv.FormatBool(route.IsPrimary)
 		}
 		tableData = append(tableData,
 			[]string{
 				strconv.FormatUint(route.Id, Base10),
@@ -290,7 +225,7 @@ func routesToPtables(routes []*v1.Route) pterm.TableData {
 				route.Prefix,
 				strconv.FormatBool(route.Advertised),
 				strconv.FormatBool(route.Enabled),
-				isPrimaryStr,
+				strconv.FormatBool(route.IsPrimary),
 			})
 	}
--- a/cmd/headscale/cli/users.go
+++ b/cmd/headscale/cli/users.go
@@ -27,7 +27,7 @@ const (
 var userCmd = &cobra.Command{
 	Use:     "users",
 	Short:   "Manage the users of Headscale",
-	Aliases: []string{"user", "namespace", "namespaces", "ns"},
+	Aliases: []string{"user", "namespace", "ns"},
 }
 var createUserCmd = &cobra.Command{
--- a/cmd/headscale/cli/utils.go
+++ b/cmd/headscale/cli/utils.go
@@ -14,7 +14,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
 )
 const (
--- a/cmd/headscale/headscale_test.go
+++ b/cmd/headscale/headscale_test.go
@@ -58,7 +58,7 @@ func (*Suite) TestConfigFileLoading(c *check.C) {
 	c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
 	c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
 	c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3")
-	c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
+	c.Assert(viper.GetString("db_path"), check.Equals, "./db.sqlite")
 	c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
 	c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
 	c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
@@ -101,7 +101,7 @@ func (*Suite) TestConfigLoading(c *check.C) {
 	c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
 	c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
 	c.Assert(viper.GetString("db_type"), check.Equals, "sqlite3")
-	c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
+	c.Assert(viper.GetString("db_path"), check.Equals, "./db.sqlite")
 	c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
 	c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
 	c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -44,7 +44,9 @@ grpc_allow_insecure: false
 # and Tailscale clients.
 # The private key file will be autogenerated if it's missing.
 #
-private_key_path: /var/lib/headscale/private.key
+# For production:
 # /var/lib/headscale/private.key
 private_key_path: ./private.key
 # The Noise section includes specific configuration for the
 # TS2021 Noise protocol
@@ -53,7 +55,10 @@ noise:
  # traffic between headscale and Tailscale clients when
  # using the new Noise-based protocol. It must be different
  # from the legacy private key.
-  private_key_path: /var/lib/headscale/noise_private.key
+  #
  # For production:
  # private_key_path: /var/lib/headscale/noise_private.key
  private_key_path: ./noise_private.key
 # List of IP prefixes to allocate tailaddresses from.
 # Each prefix consists of either an IPv4 or IPv6 address,
@@ -132,7 +137,8 @@ node_update_check_interval: 10s
 db_type: sqlite3
 # For production:
-db_path: /var/lib/headscale/db.sqlite
+# db_path: /var/lib/headscale/db.sqlite
 db_path: ./db.sqlite
 # # Postgres config
 # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
@@ -166,7 +172,8 @@ tls_letsencrypt_hostname: ""
 # Path to store certificates and metadata needed by
 # letsencrypt
 # For production:
-tls_letsencrypt_cache_dir: /var/lib/headscale/cache
+# tls_letsencrypt_cache_dir: /var/lib/headscale/cache
 tls_letsencrypt_cache_dir: ./cache
 # Type of ACME challenge to use, currently supported types:
 # HTTP-01 or TLS-ALPN-01
@@ -256,7 +263,8 @@ dns_config:
 # Unix socket used for the CLI to connect without authentication
 # Note: for production you will want to set this to something like:
-unix_socket: /var/run/headscale/headscale.sock
+# unix_socket: /var/run/headscale.sock
 unix_socket: ./headscale.sock
 unix_socket_permission: "0770"
 #
 # headscale supports experimental OpenID connect support,
@@ -274,38 +282,27 @@ unix_socket_permission: "0770"
 #   client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
 #   # client_secret and client_secret_path are mutually exclusive.
 #
-#   # The amount of time from a node is authenticated with OpenID until it
+#   Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
-#   # expires and needs to reauthenticate.
+#   parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
 #   # Setting the value to "0" will mean no expiry.
 #   expiry: 180d
 #
 #   # Use the expiry from the token received from OpenID when the user logged
 #   # in, this will typically lead to frequent need to reauthenticate and should
 #   # only been enabled if you know what you are doing.
 #   # Note: enabling this will cause `oidc.expiry` to be ignored.
 #   use_expiry_from_token: false
 #
 #   # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
 #   # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
 #
 #   scope: ["openid", "profile", "email", "custom"]
 #   extra_params:
 #     domain_hint: example.com
 #
-#   # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
+#   List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
-#   # authentication request will be rejected.
+#   authentication request will be rejected.
 #
 #   allowed_domains:
 #     - example.com
-#   # Note: Groups from keycloak have a leading '/'
+# Groups from keycloak have a leading '/'
 #   allowed_groups:
 #     - /headscale
 #   allowed_users:
 #     - alice@example.com
 #
-#   # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
+#   If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
-#   # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
+#   This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
-#   # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
+#   If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
 #   user: `first-name.last-name.example.com`
 #
 #   strip_email_domain: true
--- a/config.go
+++ b/config.go
@@ -11,7 +11,6 @@ import (
 	"time"
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/prometheus/common/model"
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/viper"
@@ -26,14 +25,9 @@ const (
 	JSONLogFormat = "json"
 	TextLogFormat = "text"
 	defaultOIDCExpiryTime               = 180 * 24 * time.Hour // 180 Days
 	maxDuration           time.Duration = 1<<63 - 1
 )
-var errOidcMutuallyExclusive = errors.New(
+var errOidcMutuallyExclusive = errors.New("oidc_client_secret and oidc_client_secret_path are mutually exclusive")
 	"oidc_client_secret and oidc_client_secret_path are mutually exclusive",
 )
 // Config contains the initial Headscale configuration.
 type Config struct {
@@ -107,8 +101,6 @@ type OIDCConfig struct {
 	AllowedUsers               []string
 	AllowedGroups              []string
 	StripEmaildomain           bool
 	Expiry                     time.Duration
 	UseExpiryFromToken         bool
 }
 type DERPConfig struct {
@@ -188,8 +180,6 @@ func LoadConfig(path string, isFile bool) error {
 	viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
 	viper.SetDefault("oidc.strip_email_domain", true)
 	viper.SetDefault("oidc.only_start_if_oidc_is_available", true)
 	viper.SetDefault("oidc.expiry", "180d")
 	viper.SetDefault("oidc.use_expiry_from_token", false)
 	viper.SetDefault("logtail.enabled", false)
 	viper.SetDefault("randomize_client_port", false)
@@ -421,32 +411,34 @@ func GetDNSConfig() (*tailcfg.DNSConfig, string) {
 		}
 		if viper.IsSet("dns_config.restricted_nameservers") {
-			dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
+			if len(dnsConfig.Resolvers) > 0 {
-			domains := []string{}
+				dnsConfig.Routes = make(map[string][]*dnstype.Resolver)
-			restrictedDNS := viper.GetStringMapStringSlice(
+				restrictedDNS := viper.GetStringMapStringSlice(
-				"dns_config.restricted_nameservers",
+					"dns_config.restricted_nameservers",
 			)
 			for domain, restrictedNameservers := range restrictedDNS {
 				restrictedResolvers := make(
 					[]*dnstype.Resolver,
 					len(restrictedNameservers),
 				)
-				for index, nameserverStr := range restrictedNameservers {
+				for domain, restrictedNameservers := range restrictedDNS {
-					nameserver, err := netip.ParseAddr(nameserverStr)
+					restrictedResolvers := make(
-					if err != nil {
+						[]*dnstype.Resolver,
-						log.Error().
+						len(restrictedNameservers),
-							Str("func", "getDNSConfig").
+					)
-							Err(err).
+					for index, nameserverStr := range restrictedNameservers {
-							Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
+						nameserver, err := netip.ParseAddr(nameserverStr)
-					}
+						if err != nil {
-					restrictedResolvers[index] = &dnstype.Resolver{
+							log.Error().
-						Addr: nameserver.String(),
+								Str("func", "getDNSConfig").
 								Err(err).
 								Msgf("Could not parse restricted nameserver IP: %s", nameserverStr)
 						}
 						restrictedResolvers[index] = &dnstype.Resolver{
 							Addr: nameserver.String(),
 						}
 					}
 					dnsConfig.Routes[domain] = restrictedResolvers
 				}
-				dnsConfig.Routes[domain] = restrictedResolvers
+			} else {
-				domains = append(domains, domain)
+				log.Warn().
 					Msg("Warning: dns_config.restricted_nameservers is set, but no nameservers are configured. Ignoring restricted_nameservers.")
 			}
 			dnsConfig.Domains = domains
 		}
 		if viper.IsSet("dns_config.domains") {
@@ -611,22 +603,6 @@ func GetHeadscaleConfig() (*Config, error) {
 			AllowedUsers:     viper.GetStringSlice("oidc.allowed_users"),
 			AllowedGroups:    viper.GetStringSlice("oidc.allowed_groups"),
 			StripEmaildomain: viper.GetBool("oidc.strip_email_domain"),
 			Expiry: func() time.Duration {
 				// if set to 0, we assume no expiry
 				if value := viper.GetString("oidc.expiry"); value == "0" {
 					return maxDuration
 				} else {
 					expiry, err := model.ParseDuration(value)
 					if err != nil {
 						log.Warn().Msg("failed to parse oidc.expiry, defaulting back to 180 days")
 						return defaultOIDCExpiryTime
 					}
 					return time.Duration(expiry)
 				}
 			}(),
 			UseExpiryFromToken: viper.GetBool("oidc.use_expiry_from_token"),
 		},
 		LogTail:             logConfig,
--- a/db.go
+++ b/db.go
@@ -48,9 +48,6 @@ func (h *Headscale) initDB() error {
 		return err
 	}
 	_ = db.Migrator().RenameColumn(&Machine{}, "namespace_id", "user_id")
 	_ = db.Migrator().RenameColumn(&PreAuthKey{}, "namespace_id", "user_id")
 	_ = db.Migrator().RenameColumn(&Machine{}, "ip_address", "ip_addresses")
 	_ = db.Migrator().RenameColumn(&Machine{}, "name", "hostname")
--- a/derp.go
+++ b/derp.go
@@ -10,7 +10,7 @@ import (
 	"time"
 	"github.com/rs/zerolog/log"
-	"gopkg.in/yaml.v3"
+	"gopkg.in/yaml.v2"
 	"tailscale.com/tailcfg"
 )
--- a/derp_server.go
+++ b/derp_server.go
@@ -157,14 +157,14 @@ func (h *Headscale) DERPHandler(
 	if !fastStart {
 		pubKey := h.privateKey.Public()
-		pubKeyStr, _ := pubKey.MarshalText() //nolint
+		pubKeyStr := pubKey.UntypedHexString() //nolint
 		fmt.Fprintf(conn, "HTTP/1.1 101 Switching Protocols\r\n"+
 			"Upgrade: DERP\r\n"+
 			"Connection: Upgrade\r\n"+
 			"Derp-Version: %v\r\n"+
 			"Derp-Public-Key: %s\r\n\r\n",
 			derp.ProtocolVersion,
-			string(pubKeyStr))
+			pubKeyStr)
 	}
 	h.DERPServer.tailscaleDERP.Accept(req.Context(), netConn, conn, netConn.RemoteAddr().String())
--- a/docs/README.md
+++ b/docs/README.md
@@ -0,0 +1,56 @@
 # headscale documentation
 This page contains the official and community contributed documentation for `headscale`.
 If you are having trouble with following the documentation or get unexpected results,
 please ask on [Discord](https://discord.gg/c84AZQhmpx) instead of opening an Issue.
 ## Official documentation
 ### How-to
 - [Running headscale on Linux](running-headscale-linux.md)
 - [Control headscale remotely](remote-cli.md)
 - [Using a Windows client with headscale](windows-client.md)
 - [Configuring OIDC](oidc.md)
 ### References
 - [Configuration](../config-example.yaml)
 - [Glossary](glossary.md)
 - [TLS](tls.md)
 ## Community documentation
 Community documentation is not actively maintained by the headscale authors and is
 written by community members. It is _not_ verified by `headscale` developers.
 **It might be outdated and it might miss necessary steps**.
 - [Running headscale in a container](running-headscale-container.md)
 - [Running headscale on OpenBSD](running-headscale-openbsd.md)
 - [Running headscale behind a reverse proxy](reverse-proxy.md)
 - [Set Custom DNS records](dns-records.md)
 ## Misc
 ### Policy ACLs
 Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.
 For instance, instead of referring to users when defining groups you must
 use users (which are the equivalent to user/logins in Tailscale.com).
 Please check https://tailscale.com/kb/1018/acls/, and `./tests/acls/` in this repo for working examples.
 When using ACL's the User borders are no longer applied. All machines
 whichever the User have the ability to communicate with other hosts as
 long as the ACL's permits this exchange.
 The [ACLs](acls.md) document should help understand a fictional case of setting
 up ACLs in a small company. All concepts presented in this document could be
 applied outside of business oriented usage.
 ### Apple devices
 An endpoint with information on how to connect your Apple devices (currently macOS only) is available at `/apple` on your running instance.
--- a/docs/acls.md
+++ b/docs/acls.md
@@ -1,15 +1,4 @@
-Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment.
+# ACLs use case example
 For instance, instead of referring to users when defining groups you must
 use users (which are the equivalent to user/logins in Tailscale.com).
 Please check https://tailscale.com/kb/1018/acls/, and `./tests/acls/` in this repo for working examples.
 When using ACL's the User borders are no longer applied. All machines
 whichever the User have the ability to communicate with other hosts as
 long as the ACL's permits this exchange.
 ## ACLs use case example
 Let's build an example use case for a small business (It may be the place where
 ACL's are the most useful).
@@ -53,8 +42,6 @@ a server they can register, the check of the tags is done on headscale server
 and only valid tags are applied. A tag is valid if the user that is
 registering it is allowed to do it.
 To use ACLs in headscale, you must edit your config.yaml file. In there you will find a `acl_policy_path: ""` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).
 Here are the ACL's to implement the same permissions as above:
 ```json
--- a/docs/dns-records.md
+++ b/docs/dns-records.md
@@ -1,12 +1,5 @@
 # Setting custom DNS records
 !!! warning "Community documentation"
    This page is not actively maintained by the headscale authors and is
    written by community members. It is _not_ verified by `headscale` developers.
    **It might be outdated and it might miss necessary steps**.
 ## Goal
 This documentation has the goal of showing how a user can set custom DNS records with `headscale`s magic dns.
--- a/docs/examples/README.md
+++ b/docs/examples/README.md
--- a/docs/examples/kustomize/.gitignore
+++ b/docs/examples/kustomize/.gitignore
--- a/docs/examples/kustomize/README.md
+++ b/docs/examples/kustomize/README.md
--- a/docs/examples/kustomize/base/configmap.yaml
+++ b/docs/examples/kustomize/base/configmap.yaml
--- a/docs/examples/kustomize/base/ingress.yaml
+++ b/docs/examples/kustomize/base/ingress.yaml
--- a/docs/examples/kustomize/base/kustomization.yaml
+++ b/docs/examples/kustomize/base/kustomization.yaml
--- a/docs/examples/kustomize/base/service.yaml
+++ b/docs/examples/kustomize/base/service.yaml
--- a/docs/examples/kustomize/headscale.bash
+++ b/docs/examples/kustomize/headscale.bash
--- a/docs/examples/kustomize/init.bash
+++ b/docs/examples/kustomize/init.bash
--- a/docs/examples/kustomize/install-cert-manager.bash
+++ b/docs/examples/kustomize/install-cert-manager.bash
--- a/docs/examples/kustomize/postgres/deployment.yaml
+++ b/docs/examples/kustomize/postgres/deployment.yaml
--- a/docs/examples/kustomize/postgres/kustomization.yaml
+++ b/docs/examples/kustomize/postgres/kustomization.yaml
--- a/docs/examples/kustomize/postgres/postgres-service.yaml
+++ b/docs/examples/kustomize/postgres/postgres-service.yaml
--- a/docs/examples/kustomize/postgres/postgres-statefulset.yaml
+++ b/docs/examples/kustomize/postgres/postgres-statefulset.yaml
--- a/docs/examples/kustomize/production-tls/ingress-patch.yaml
+++ b/docs/examples/kustomize/production-tls/ingress-patch.yaml
--- a/docs/examples/kustomize/production-tls/kustomization.yaml
+++ b/docs/examples/kustomize/production-tls/kustomization.yaml
--- a/docs/examples/kustomize/production-tls/production-issuer.yaml
+++ b/docs/examples/kustomize/production-tls/production-issuer.yaml
--- a/docs/examples/kustomize/sqlite/kustomization.yaml
+++ b/docs/examples/kustomize/sqlite/kustomization.yaml
--- a/docs/examples/kustomize/sqlite/statefulset.yaml
+++ b/docs/examples/kustomize/sqlite/statefulset.yaml
--- a/docs/examples/kustomize/staging-tls/ingress-patch.yaml
+++ b/docs/examples/kustomize/staging-tls/ingress-patch.yaml
--- a/docs/examples/kustomize/staging-tls/kustomization.yaml
+++ b/docs/examples/kustomize/staging-tls/kustomization.yaml
--- a/docs/examples/kustomize/staging-tls/staging-issuer.yaml
+++ b/docs/examples/kustomize/staging-tls/staging-issuer.yaml
--- a/docs/exit-node.md
+++ b/docs/exit-node.md
@@ -1,47 +0,0 @@
 # Exit Nodes
 ## On the node
 Register the node and make it advertise itself as an exit node:
 ```console
 $ sudo tailscale up --login-server https://my-server.com --advertise-exit-node
 ```
 If the node is already registered, it can advertise exit capabilities like this:
 ```console
 $ sudo tailscale set --advertise-exit-node
 ```
 ## On the control server
 ```console
 $ # list nodes
 $ headscale routes list
 ID | Machine | Prefix    | Advertised | Enabled | Primary
 1  |         | 0.0.0.0/0 | false      | false   | -
 2  |         | ::/0      | false      | false   | -
 3  | phobos  | 0.0.0.0/0 | true       | false   | -
 4  | phobos  | ::/0      | true       | false   | -
 $ # enable routes for phobos
 $ headscale routes enable -r 3
 $ headscale routes enable -r 4
 $ # Check node list again. The routes are now enabled.
 $ headscale routes list
 ID | Machine | Prefix    | Advertised | Enabled | Primary
 1  |         | 0.0.0.0/0 | false      | false   | -
 2  |         | ::/0      | false      | false   | -
 3  | phobos  | 0.0.0.0/0 | true       | true    | -
 4  | phobos  | ::/0      | true       | true    | -
 ```
 ## On the client
 The exit node can now be used with:
 ```console
 $ sudo tailscale set --exit-node phobos
 ```
 Check the official [Tailscale documentation](https://tailscale.com/kb/1103/exit-nodes/?q=exit#step-3-use-the-exit-node) for how to do it on your device.
--- a/docs/iOS-client.md
+++ b/docs/iOS-client.md
@@ -1,30 +0,0 @@
 # Connecting an iOS client
 ## Goal
 This documentation has the goal of showing how a user can use the official iOS [Tailscale](https://tailscale.com) client with `headscale`.
 ## Installation
 Install the official Tailscale iOS client from the [App Store](https://apps.apple.com/app/tailscale/id1470499037).
 Ensure that the installed version is at least 1.38.1, as that is the first release to support alternate control servers.
 ## Configuring the headscale URL
 !!! info "Apple devices"
    An endpoint with information on how to connect your Apple devices
    (currently macOS only) is available at `/apple` on your running instance.
 Ensure that the tailscale app is logged out before proceeding.
 Go to iOS settings, scroll down past game center and tv provider to the tailscale app and select it. The headscale URL can be entered into the _"ALTERNATE COORDINATION SERVER URL"_ box.
 > **Note**
 >
 > If the app was previously logged into tailscale, toggle on the _Reset Keychain_ switch.
 Restart the app by closing it from the iOS app switcher, open the app and select the regular _Sign in_ option (non-SSO), and it should open up to the headscale authentication page.
 Enter your credentials and log in. Headscale should now be working on your iOS device.
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,12 +0,0 @@
 ---
 hide:
  - navigation
  - toc
 ---
 # headscale documentation
 This site contains the official and community contributed documentation for `headscale`.
 If you are having trouble with following the documentation or get unexpected results,
 please ask on [Discord](https://discord.gg/c84AZQhmpx) instead of opening an Issue.
--- a/docs/logo/headscale3-dots.svg
+++ b/docs/logo/headscale3-dots.svg
@@ -1 +0,0 @@
 <svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2" viewBox="0 0 1280 640"><circle cx="141.023" cy="338.36" r="117.472" style="fill:#f8b5cb" transform="matrix(.997276 0 0 1.00556 10.0024 -14.823)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 -3.15847 0)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 -3.15847 115.914)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 148.43 115.914)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 148.851 0)"/><circle cx="805.557" cy="336.915" r="118.199" style="fill:#8d8d8d" transform="matrix(.99196 0 0 1 3.36978 -10.2458)"/><circle cx="805.557" cy="336.915" r="118.199" style="fill:#8d8d8d" transform="matrix(.99196 0 0 1 255.633 -10.2458)"/><path d="M680.282 124.808h-68.093v390.325h68.081v-28.23H640V153.228h40.282v-28.42Z" style="fill:#303030"/><path d="M680.282 124.808h-68.093v390.325h68.081v-28.23H640V153.228h40.282v-28.42Z" style="fill:#303030" transform="matrix(-1 0 0 1 1857.19 0)"/></svg>
--- a/docs/logo/headscale3_header_stacked_left.svg
+++ b/docs/logo/headscale3_header_stacked_left.svg
--- a/docs/oidc.md
+++ b/docs/oidc.md
@@ -139,34 +139,3 @@ oidc:
    # Optional: Force the Azure AD account picker
    prompt: select_account
 ```
 ## Google OAuth Example
 In order to integrate Headscale with Google, you'll need to have a [Google Cloud Console](https://console.cloud.google.com) account.
 Google OAuth has a [verification process](https://support.google.com/cloud/answer/9110914?hl=en) if you need to have users authenticate who are outside of your domain. If you only need to authenticate users from your domain name (ie `@example.com`), you don't need to go through the verification process.
 However if you don't have a domain, or need to add users outside of your domain, you can manually add emails via Google Console.
 ### Steps
 1. Go to [Google Console](https://console.cloud.google.com) and login or create an account if you don't have one.
 2. Create a project (if you don't already have one).
 3. On the left hand menu, go to `APIs and services` -> `Credentials`
 4. Click `Create Credentials` -> `OAuth client ID`
 5. Under `Application Type`, choose `Web Application`
 6. For `Name`, enter whatever you like
 7. Under `Authorised redirect URIs`, use `https://example.com/oidc/callback`, replacing example.com with your Headscale URL.
 8. Click `Save` at the bottom of the form
 9. Take note of the `Client ID` and `Client secret`, you can also download it for reference if you need it.
 10. Edit your headscale config, under `oidc`, filling in your `client_id` and `client_secret`:
 ```yaml
 oidc:
  issuer: "https://accounts.google.com"
  client_id: ""
  client_secret: ""
  scope: ["openid", "profile", "email"]
 ```
 You can also use `allowed_domains` and `allowed_users` to restrict the users who can authenticate.
--- a/docs/packaging/README.md
+++ b/docs/packaging/README.md
@@ -1,5 +0,0 @@
 # Packaging
 We use [nFPM](https://nfpm.goreleaser.com/) for making `.deb`, `.rpm` and `.apk`.
 This folder contains files we need to package with these releases.
--- a/docs/packaging/headscale.systemd.service
+++ b/docs/packaging/headscale.systemd.service
@@ -1,52 +0,0 @@
 [Unit]
 After=syslog.target
 After=network.target
 Description=headscale coordination server for Tailscale
 X-Restart-Triggers=/etc/headscale/config.yaml
 [Service]
 Type=simple
 User=headscale
 Group=headscale
 ExecStart=/usr/bin/headscale serve
 Restart=always
 RestartSec=5
 WorkingDirectory=/var/lib/headscale
 ReadWritePaths=/var/lib/headscale /var/run
 AmbientCapabilities=CAP_NET_BIND_SERVICE CAP_CHOWN
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
 LockPersonality=true
 NoNewPrivileges=true
 PrivateDevices=true
 PrivateMounts=true
 PrivateTmp=true
 ProcSubset=pid
 ProtectClock=true
 ProtectControlGroups=true
 ProtectHome=true
 ProtectHome=yes
 ProtectHostname=true
 ProtectKernelLogs=true
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectProc=invisible
 ProtectSystem=strict
 RemoveIPC=true
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=true
 RestrictRealtime=true
 RestrictSUIDSGID=true
 RuntimeDirectory=headscale
 RuntimeDirectoryMode=0750
 StateDirectory=headscale
 StateDirectoryMode=0750
 SystemCallArchitectures=native
 SystemCallFilter=@chown
 SystemCallFilter=@system-service
 SystemCallFilter=~@privileged
 UMask=0077
 [Install]
 WantedBy=multi-user.target
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			<svg xmlns="http://www.w3.org/2000/svg" xml:space="preserve" style="fill-rule:evenodd;clip-rule:evenodd;stroke-linejoin:round;stroke-miterlimit:2" viewBox="0 0 1280 640"><circle cx="141.023" cy="338.36" r="117.472" style="fill:#f8b5cb" transform="matrix(.997276 0 0 1.00556 10.0024 -14.823)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 -3.15847 0)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 -3.15847 115.914)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 148.43 115.914)"/><circle cx="352.014" cy="268.302" r="33.095" style="fill:#a2a2a2" transform="matrix(1.01749 0 0 1 148.851 0)"/><circle cx="805.557" cy="336.915" r="118.199" style="fill:#8d8d8d" transform="matrix(.99196 0 0 1 3.36978 -10.2458)"/><circle cx="805.557" cy="336.915" r="118.199" style="fill:#8d8d8d" transform="matrix(.99196 0 0 1 255.633 -10.2458)"/><path d="M680.282 124.808h-68.093v390.325h68.081v-28.23H640V153.228h40.282v-28.42Z" style="fill:#303030"/><path d="M680.282 124.808h-68.093v390.325h68.081v-28.23H640V153.228h40.282v-28.42Z" style="fill:#303030" transform="matrix(-1 0 0 1 1857.19 0)"/></svg>