devproje/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2024-11-27 01:13:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
2280 commits 53 branches 130 tags 30 MiB
Commit graph

340 commits

Author SHA1 Message Date
Antoine POPINEAU
7cc58af932
Allow more configuration over the OIDC flow. 
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
 2022-05-02 17:11:07 +02:00
Igor Perepilitsyn
12d8f0f4b0 remove redundant lines of code, fix response when output is not plain text 2022-05-02 14:00:00 +04:00
Igor Perepilitsyn
1b3a7bbf03 apply styling fixes 2022-05-02 08:32:33 +04:00
Igor Perepilitsyn
bc055edf12 add command for moving node between namespaces 2022-05-01 17:55:34 +04:00
Adrien Raffin-Caboisse
fec8cda16a
fix: fix linting issue on my computer 2022-04-25 22:33:53 +02:00
Adrien Raffin-Caboisse
2c448d4a5c
chore: apply linting 2022-04-25 22:27:44 +02:00
Adrien Raffin-Caboisse
8061abe279 refact: use generics for contains functions 2022-04-25 22:17:23 +02:00
Adrien Raffin-Caboisse
cc9eeda889 feat: updating cli to match the set command 2022-04-25 22:17:23 +02:00
Kristoffer Dalby
79704dc9b0 Update command with new fields 2022-04-24 20:57:15 +01:00
Kristoffer Dalby
8845938881
Merge branch 'main' into main 2022-04-24 09:48:00 +02:00
Adrien Raffin-Caboisse
f53bb63b2d
fix: move tag command to subcommand of nodes 2022-04-21 23:43:20 +02:00
Adrien Raffin-Caboisse
4651c44dde
feat: print tags in nodes list 2022-04-16 13:32:00 +02:00
Adrien Raffin-Caboisse
98f54c9f7f
chore: apply format and lint 2022-04-15 18:27:57 +02:00
Adrien Raffin-Caboisse
9de9bc23f8
feat(cli): add tag subcommand to add and remove tags 2022-04-15 16:12:35 +02:00
Nico Rey
6e08241712 Exit Headscale if ACL policy file cannot be parsed 2022-04-06 11:05:08 -03:00
henning mueller
b2ae9b6cac
fix: Remove days from expiry option value examples 2022-04-05 18:45:29 +02:00
Kristoffer Dalby
c8aa653275
Merge branch 'main' into main 2022-03-19 09:36:36 +00:00
Juan Font Alonso
2e6687209b Make STUN server mandatory if DERP embedded is enabled 2022-03-18 12:58:00 +01:00
Juan Font Alonso
b8aad5451d Make STUN run by default when embedded DERP is enabled 
This commit also allows to set an external STUN server, while running the embedded DERP server (without embedded STUN)
 2022-03-15 13:22:25 +01:00
bravechamp
9901d6b2e7 Ability to clear nickname 2022-03-13 21:10:41 +00:00
bravechamp
663e8384a3 Nickname support 2022-03-13 21:03:20 +00:00
Juan Font Alonso
de2ea83b3b Linting here and there 2022-03-06 17:35:54 +01:00
Juan Font Alonso
eb06054a7b Make DERP Region configurable 2022-03-06 17:25:21 +01:00
Juan Font Alonso
eb500155e8 Make STUN server configurable 2022-03-06 17:00:56 +01:00
Juan Font Alonso
dc909ba6d7 Improved logging on startup 2022-03-06 16:54:19 +01:00
Juan Font Alonso
df37d1a639 Do not offer the option to be DERP insecure 
Websockets, in which DERP is based, requires a TLS certificate. At the same time,
if we use a certificate it must be valid... otherwise Tailscale wont connect (does not
have an Insecure option). So there is no option to expose insecure here
 2022-03-05 19:19:21 +01:00
Juan Font Alonso
758b1ba1cb Renamed configuration items of the DERP server 2022-03-05 16:22:02 +01:00
Juan Font Alonso
23cde8445f Merge branch 'main' into embedded-derp 2022-03-04 00:04:59 +01:00
Juan Font Alonso
897d480f4d Add an embedded DERP server to Headscale 
This series of commit will be adding an embedded DERP server (and STUN) to Headscale,
thus making it completely self-contained and not dependant in other infrastructure.
 2022-03-04 00:01:31 +01:00
Kristoffer Dalby
b61500670c
Merge branch 'main' into metrics-listen 2022-03-02 11:35:33 +00:00
zakaria
12b3b5f8f1 feat(aliases): add aliases for preauthkeys command 
- `preauthkey`, `authkey`, `pre` are aliases for `preauthkey` command
- `ls`, `show` are aliases for `list` subcommand
- `c`, `new` are aliases for `create` subcommand
- `revoke`, `exp`, `e` are aliases for `expire` subcommand
 2022-03-02 15:42:12 +10:00
zakaria
052dbfe440 feat(aliases): add aliases for apikeys command 
- `apikey`, `api` are aliases for `apikeys` command
- `ls`, `show` are aliases for `list` subcommand
- `c`, `new` are aliases for `create` subcommand
- `revoke`, `exp`, `e` are aliases for the `expire` subcommand
 2022-03-02 15:32:35 +10:00
zakaria
5310f8692b feat(aliases): add aliases for namespaces command 
- `namespace`, `ns`, `user`, `users` are aliases for `namespaces`
   command
- `c`, `new` are aliases for the `create` subcommand
- `delete` is an alias for the `destroy` subcommand
- `mv` is an alias for the `rename` subcommand
- `ls`, `show` are aliases for the `list` subcommand
 2022-03-02 14:35:20 +10:00
zakaria
aff6b84250 feat(aliases): add 'gen' alias for 'generate' command 2022-03-02 14:29:33 +10:00
zakaria
21eee912a3 feat(aliases): add aliases for nodes command 
- `node`, `machine`, `machines` are aliases for `nodes` command
- `ls`, `show` aliases for `list` subcommand
- `logout`, `exp`, `e` are aliases for `expire` subcommand
- `del` is an alias for `delete` subcommand
 2022-03-02 14:28:03 +10:00
zakaria
dbb2af0238 feat(aliases): add aliases for route command 
- `r` is alias for `route` command
- `ls`, or `show` is alias for `list` subcommand
 2022-03-02 14:27:56 +10:00
Nico Rey
9a61725e9f Metrics: Disable toggle. Set default port to 9090 2022-02-28 10:40:02 -03:00
Kristoffer Dalby
6126d6d9b5
Merge branch 'main' into metrics-listen 2022-02-28 14:24:25 +01:00
Nico Rey
06e6c29a5b metrics: make metrics endpoint toggleable 2022-02-25 18:36:03 -03:00
Nico Rey
a9122c3de3 prometheus: replace default port by a port between the recommended prometheus range 2022-02-25 18:21:20 -03:00
Adrien Raffin-Caboisse
b39faa124a
Merge remote-tracking branch 'origin/main' into feat-oidc-login-as-namespace 2022-02-25 11:28:17 +01:00
Nico
d55c79e75b
Merge branch 'main' into metrics-listen 2022-02-24 10:41:07 -03:00
Kristoffer Dalby
aa506503e2
Merge branch 'main' into feat-oidc-login-as-namespace 2022-02-24 11:40:34 +00:00
Kristoffer Dalby
9c2c09fce7
Merge branch 'main' into remove-shared 2022-02-24 11:39:44 +00:00
Kristoffer Dalby
8c33907655 Sort lint 2022-02-24 11:10:40 +00:00
Adrien Raffin-Caboisse
4f1f235a2e feat: add strip_email_domain to normalization of namespace 2022-02-23 14:03:07 +01:00
Adrien Raffin-Caboisse
717250adb3 feat: removing matchmap from headscale 2022-02-22 20:58:08 +01:00
Kristoffer Dalby
9ceac5c0fc Remove CLI and tests for Shared node 2022-02-21 22:44:08 +00:00
Nico Rey
fbc1843889 metrics/tests: update tests 2022-02-21 12:51:05 -03:00
Nico Rey
45d5ab30ff metrics/cfg: add a new entry for the Prometheus listen address 2022-02-21 12:50:44 -03:00
Justin Angel
daa75da277 Linting and updating tests 2022-02-21 10:09:23 -05:00
Kristoffer Dalby
7bf2a91dd0
Merge branch 'main' into configurable-mtls 2022-02-20 14:33:23 +00:00
Justin Angel
385dd9cc34 refactoring 2022-02-20 09:06:14 -05:00
Kristoffer Dalby
4e54796384 Allow gRPC server to run insecure 2022-02-13 09:08:46 +00:00
Kristoffer Dalby
c3b68adfed Fix lint 2022-02-13 08:46:35 +00:00
Kristoffer Dalby
0018a78d5a Add insecure option 
Add option to not _validate_ if the certificate served from headscale is
trusted.
 2022-02-13 08:41:49 +00:00
Kristoffer Dalby
ead8b68a03 Fix lint 2022-02-12 19:42:55 +00:00
Kristoffer Dalby
315ff9daf0 Remove insecure, only allow valid certs 2022-02-12 19:35:55 +00:00
Kristoffer Dalby
e18078d7f8 Rename j 2022-02-12 19:08:41 +00:00
Kristoffer Dalby
c73b57e7dc Use undeprecated method for insecure 2022-02-12 19:08:33 +00:00
Kristoffer Dalby
811d3d510c Add grpc_listen_addr config option 2022-02-12 16:14:33 +00:00
Kristoffer Dalby
168b1bd579
Merge branch 'main' into configurable-mtls 2022-01-31 12:28:00 +00:00
Justin Angel
9de5c7f8b8 updating default 2022-01-31 07:22:17 -05:00
Kristoffer Dalby
6f6018bad5
Merge branch 'main' into ipv6 2022-01-30 08:21:11 +00:00
Kristoffer Dalby
0609c97459
Merge branch 'main' into configurable-mtls 2022-01-29 20:15:58 +00:00
Kristoffer Dalby
cd0df1e46f
Merge branch 'main' into socket-permission 2022-01-29 19:30:49 +00:00
Justin Angel
c98a559b4d linting/formatting 2022-01-29 14:15:33 -05:00
Justin Angel
5935b13b67 refining 2022-01-29 13:35:08 -05:00
Justin Angel
9e619fc020 Making client authentication mode configurable 2022-01-29 12:59:31 -05:00
Csaba Sarkadi
45bcf39894 fixup! fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:52:27 +01:00
Csaba Sarkadi
0a1db89d33 fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:27:36 +01:00
Csaba Sarkadi
e66f8b0eeb cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config 2022-01-29 16:04:15 +01:00
Kristoffer Dalby
b4f8961e44 Make Unix socket permissions configurable 2022-01-28 18:58:22 +00:00
Kristoffer Dalby
126e694f26 Add generate private-key command 
This commit adds a command to generate a private key for headscale.

Mostly useful for systems were you drive the deployment from another
machine and use a secret management system.
 2022-01-28 18:08:52 +00:00
Kristoffer Dalby
05db1b7109 Formatting and improving logs for config loading 2022-01-25 22:11:15 +00:00
Kristoffer Dalby
6e14fdf0d3 More reusable stuff in cli 2022-01-25 22:11:15 +00:00
Kristoffer Dalby
1fd57a3375 Add apikeys command to create, list and expire 2022-01-25 22:11:15 +00:00
Kristoffer Dalby
b4259fcd79 Add helper function for colouring expiries 2022-01-25 22:11:15 +00:00
Csaba Sarkadi
1a6e5d8770 Add support for multiple IP prefixes 2022-01-16 14:18:22 +01:00
Kristoffer Dalby
25b5eb8d7f Update tests to aline with new config example 2022-01-02 23:17:42 +00:00
Kristoffer Dalby
8932133ae7
Merge branch 'main' into kradalby-patch-2 2021-11-28 09:28:32 +00:00
Kristoffer Dalby
34f4109fbd Add back privatekey, but automatically generate it if it does not exist 2021-11-28 09:17:18 +00:00
Kristoffer Dalby
ef81845deb
Merge branch 'main' into kradalby-patch-2 2021-11-27 20:30:27 +00:00
Kristoffer Dalby
59aeaa8476 Ensure we always have the key prefix when needed 2021-11-27 20:25:12 +00:00
Ward Vandewege
cb2ea300ad Fix linter errors. 2021-11-27 13:59:39 -05:00
Kristoffer Dalby
c38f00fab8 Unmarshal keys in the non-deprecated way 2021-11-26 23:50:42 +00:00
Kristoffer Dalby
cfd53bc4aa Factor wgkey to types/key 
This commit converts all the uses of wgkey to the new key interfaces.

It now has specific  machine, node and discovery keys and we now should
use them correctly.

Please note the new logic which strips a key prefix (in utils.go) that
is now standard inside tailscale.

In theory we could put it in the database, but to preserve backwards
compatibility and not spend a lot of resources on accounting for both,
we just strip them.
 2021-11-26 23:30:42 +00:00
Kristoffer Dalby
07418140a2 Remove config loading of private key path 2021-11-26 23:29:41 +00:00
Ward Vandewege
b6ae60cc44 The create-node subcommand under debug needs a 64 character key. 2021-11-26 14:49:51 -05:00
Ward Vandewege
c7f3e0632b When creating a preauthkey, the default expiration was passed through as 
a nil value, instead of the default value (1h). This resulted in the
preauthkey being created with expiration key '0001-01-01 00:00:00',
which meant the key would not work, because it was already expired.

This commit applies the default expiration time (1h) when a preauthkey
is created without a specific expiration. It also updates an integration
test to make sure this bug does not reoccur.
 2021-11-26 10:04:26 -05:00
Kristoffer Dalby
e8faff4fe2 Use uint64 straight instead of converting 2021-11-22 17:22:22 +00:00
Kristoffer Dalby
fac33e46e1
Add long description for expire 2021-11-21 21:35:36 +00:00
Kristoffer Dalby
b152e53b13
Use correct type for nodes command 2021-11-21 21:34:03 +00:00
Kristoffer Dalby
a2b9f3bede Add expire (logout) machine command 2021-11-21 13:40:44 +00:00
Kristoffer Dalby
f85a77edb5 Remove println statement 2021-11-21 09:48:59 +00:00
Kristoffer Dalby
1c7aff5dd9 Add expired column to machine list command 2021-11-21 09:44:38 +00:00
Kristoffer Dalby
6a9dd2029e Remove expiry logic, this needs to be redone 2021-11-19 09:02:49 +00:00
Kristoffer Dalby
d6739386a0
Get rid of dynamic errors 2021-11-15 19:18:14 +00:00
Kristoffer Dalby
db8be91d8b
Add and fix forbidigo 2021-11-15 18:36:02 +00:00
Kristoffer Dalby
c4d4c9c4e4
Add and fix gosec 2021-11-15 18:31:52 +00:00