ipn,types/persist: store disallowed TKA's in prefs, lock local-disable

Signed-off-by: Tom DNetto <tom@tailscale.com>
2025-08-14 23:17:29 +00:00 · 2022-11-28 16:39:03 -08:00
parent 659e7837c6
commit f1130421f0
10 changed files with 220 additions and 4 deletions
--- a/cmd/tailscale/cli/network-lock.go
+++ b/cmd/tailscale/cli/network-lock.go
@@ -37,6 +37,7 @@ var netlockCmd = &ffcli.Command{
 		nlDisableCmd,
 		nlDisablementKDFCmd,
 		nlLogCmd,
+		nlLocalDisableCmd,
 	},
 	Exec: runNetworkLockStatus,
 }
@@ -348,6 +349,17 @@ func runNetworkLockDisable(ctx context.Context, args []string) error {
 	return localClient.NetworkLockDisable(ctx, secrets[0])
 }

+var nlLocalDisableCmd = &ffcli.Command{
+	Name:       "local-disable",
+	ShortUsage: "local-disable",
+	ShortHelp:  "Disables the currently-active tailnet lock for this node",
+	Exec:       runNetworkLockLocalDisable,
+}
+
+func runNetworkLockLocalDisable(ctx context.Context, args []string) error {
+	return localClient.NetworkLockForceLocalDisable(ctx)
+}
+
 var nlDisablementKDFCmd = &ffcli.Command{
 	Name:       "disablement-kdf",
 	ShortUsage: "disablement-kdf <hex-encoded-disablement-secret>",