Switch wgkey for types/key

We dont seem to need the wireguard key anymore, we generate a key on
startup based on the new library and the users fetch it from /key.

Clean up app.go and update docs
This commit is contained in:
Kristoffer Dalby 2021-11-26 23:28:06 +00:00
parent 50b47adaa3
commit c63c259d31
6 changed files with 6 additions and 29 deletions

21
app.go
View file

@ -43,7 +43,7 @@ import (
"inet.af/netaddr" "inet.af/netaddr"
"tailscale.com/tailcfg" "tailscale.com/tailcfg"
"tailscale.com/types/dnstype" "tailscale.com/types/dnstype"
"tailscale.com/types/wgkey" "tailscale.com/types/key"
) )
const ( const (
@ -66,7 +66,6 @@ const (
type Config struct { type Config struct {
ServerURL string ServerURL string
Addr string Addr string
PrivateKeyPath string
EphemeralNodeInactivityTimeout time.Duration EphemeralNodeInactivityTimeout time.Duration
IPPrefix netaddr.IPPrefix IPPrefix netaddr.IPPrefix
BaseDomain string BaseDomain string
@ -129,8 +128,8 @@ type Headscale struct {
dbString string dbString string
dbType string dbType string
dbDebug bool dbDebug bool
publicKey *wgkey.Key publicKey *key.MachinePublic
privateKey *wgkey.Private privateKey *key.MachinePrivate
DERPMap *tailcfg.DERPMap DERPMap *tailcfg.DERPMap
@ -148,15 +147,7 @@ type Headscale struct {
// NewHeadscale returns the Headscale app. // NewHeadscale returns the Headscale app.
func NewHeadscale(cfg Config) (*Headscale, error) { func NewHeadscale(cfg Config) (*Headscale, error) {
content, err := os.ReadFile(cfg.PrivateKeyPath) privKey := key.NewMachine()
if err != nil {
return nil, err
}
privKey, err := wgkey.ParsePrivate(string(content))
if err != nil {
return nil, err
}
pubKey := privKey.Public() pubKey := privKey.Public()
var dbString string var dbString string
@ -185,13 +176,13 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
cfg: cfg, cfg: cfg,
dbType: cfg.DBtype, dbType: cfg.DBtype,
dbString: dbString, dbString: dbString,
privateKey: privKey, privateKey: &privKey,
publicKey: &pubKey, publicKey: &pubKey,
aclRules: tailcfg.FilterAllowAll, // default allowall aclRules: tailcfg.FilterAllowAll, // default allowall
requestedExpiryCache: requestedExpiryCache, requestedExpiryCache: requestedExpiryCache,
} }
err = app.initDB() err := app.initDB()
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -6,9 +6,6 @@ server_url: http://127.0.0.1:8080
# Address to listen to / bind to on the server # Address to listen to / bind to on the server
listen_addr: 0.0.0.0:8080 listen_addr: 0.0.0.0:8080
# Path to WireGuard private key file
private_key_path: private.key
derp: derp:
# List of externally available DERP maps encoded in JSON # List of externally available DERP maps encoded in JSON
urls: urls:

View file

@ -21,12 +21,6 @@ log_level: debug
`log_level` can be used to set the Log level for Headscale, it defaults to `debug`, and the available levels are: `trace`, `debug`, `info`, `warn` and `error`. `log_level` can be used to set the Log level for Headscale, it defaults to `debug`, and the available levels are: `trace`, `debug`, `info`, `warn` and `error`.
```yaml
private_key_path: private.key
```
`private_key_path` is the path to the Wireguard private key. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
```yaml ```yaml
derp_map_path: derp.yaml derp_map_path: derp.yaml
``` ```

View file

@ -15,7 +15,6 @@ The setup is done via the `config.yaml` file, under the `dns_config` key.
```yaml ```yaml
server_url: http://127.0.0.1:8001 server_url: http://127.0.0.1:8001
listen_addr: 0.0.0.0:8001 listen_addr: 0.0.0.0:8001
private_key_path: private.key
dns_config: dns_config:
nameservers: nameservers:
- 1.1.1.1 - 1.1.1.1

View file

@ -25,8 +25,6 @@ spec:
configMapKeyRef: configMapKeyRef:
name: headscale-config name: headscale-config
key: listen_addr key: listen_addr
- name: PRIVATE_KEY_PATH
value: /vol/secret/private-key
- name: DERP_MAP_PATH - name: DERP_MAP_PATH
value: /vol/config/derp.yaml value: /vol/config/derp.yaml
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT

View file

@ -26,8 +26,6 @@ spec:
configMapKeyRef: configMapKeyRef:
name: headscale-config name: headscale-config
key: listen_addr key: listen_addr
- name: PRIVATE_KEY_PATH
value: /vol/secret/private-key
- name: DERP_MAP_PATH - name: DERP_MAP_PATH
value: /vol/config/derp.yaml value: /vol/config/derp.yaml
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT