Merge branch 'main' into update-contributors

.github/renovate.json

@@ -0,0 +1,38 @@
+{
+  "baseBranches": ["main"],
+  "username": "renovate-release",
+  "gitAuthor": "Renovate Bot <bot@renovateapp.com>",
+  "branchPrefix": "renovateaction/",
+  "onboarding": false,
+  "extends": ["config:base", ":rebaseStalePrs"],
+  "ignorePresets": [":prHourlyLimit2"],
+  "enabledManagers": ["dockerfile", "gomod", "github-actions","regex" ],
+  "includeForks": true,
+  "repositories": ["juanfont/headscale"],
+  "platform": "github",
+  "packageRules": [
+    {
+        "matchDatasources": ["go"],
+        "groupName": "Go modules",
+        "groupSlug": "gomod",
+        "separateMajorMinor": false
+    },
+    {
+        "matchDatasources": ["docker"],
+        "groupName": "Dockerfiles",
+        "groupSlug": "dockerfiles"
+    } 
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": [
+          ".github/workflows/.*.yml$"
+      ],
+      "matchStrings": [
+        "\\s*go-version:\\s*\"?(?<currentValue>.*?)\"?\\n"
+      ],
+      "datasourceTemplate": "golang-version",
+      "depNameTemplate": "actions/go-version"
+    }
+  ]
+}

.github/workflows/renovatebot.yml

@@ -0,0 +1,27 @@
+---
+name: Renovate
+on:
+  schedule:
+    - cron: "* * 5,20 * *" # Every 5th and 20th of the month
+  workflow_dispatch:
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get token
+        id: get_token
+        uses: machine-learning-apps/actions-app-token@master
+        with:
+          APP_PEM: ${{ secrets.RENOVATEBOT_SECRET }}
+          APP_ID: ${{ secrets.RENOVATEBOT_APP_ID }}
+
+      - name: Checkout
+        uses: actions/checkout@v2.0.0
+
+      - name: Self-hosted Renovate
+        uses: renovatebot/github-action@v31.81.3
+        with:
+          configurationFile: .github/renovate.json
+          token: "x-access-token:${{ steps.get_token.outputs.app_token }}"
+        # env:
+        #  LOG_LEVEL: "debug"

machine.go

@@ -167,21 +167,6 @@ func getFilteredByACLPeers(
 	peers := make(map[uint64]Machine)
 	// Aclfilter peers here. We are itering through machines in all namespaces and search through the computed aclRules
 	// for match between rule SrcIPs and DstPorts. If the rule is a match we allow the machine to be viewable.
-
-	// FIXME: On official control plane if a rule allow user A to talk to user B but NO rule allows user B to talk to
-	// user A. The behaviour is the following
-	//
-	// On official tailscale control plane:
-	//   on first `tailscale status`` on node A we can see node B. The `tailscale status` command on node B doesn't show node A
-	//   We can successfully establish a communication from A to B. When it's done, if we run the `tailscale status` command
-	//   on node B again we can now see node A. It's not possible to establish a communication from node B to node A.
-	// On this implementation of the feature
-	//   on any `tailscale status` command on node A we can see node B. The `tailscale status` command on node B DOES show A.
-	//
-	// I couldn't find a way to not clutter the output of `tailscale status` with all nodes that we could be talking to.
-	// In order to do this we would need to be able to identify that node A want to talk to node B but that Node B doesn't know
-	// how to talk to node A and then add the peering resource.
-
 	for _, peer := range machines {
 		if peer.ID == machine.ID {
 			continue