From 7f665023d82fd74984486a6872d2e679dc609521 Mon Sep 17 00:00:00 2001
From: Kristoffer Dalby <kristoffer@tailscale.com>
Date: Sun, 27 Oct 2024 11:50:47 -0400
Subject: [PATCH] fix nil pointer in oidc for policy

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
---
 hscontrol/app.go | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/hscontrol/app.go b/hscontrol/app.go
index 7c63f389..eea7315b 100644
--- a/hscontrol/app.go
+++ b/hscontrol/app.go
@@ -154,6 +154,10 @@ func NewHeadscale(cfg *types.Config) (*Headscale, error) {
 		}
 	})
 
+	if err = app.loadPolicyManager(); err != nil {
+		return nil, fmt.Errorf("failed to load ACL policy: %w", err)
+	}
+
 	var authProvider AuthProvider
 	authProvider = NewAuthProviderWeb(cfg.ServerURL)
 	if cfg.OIDC.Issuer != "" {
@@ -531,11 +535,6 @@ func (h *Headscale) Serve() error {
 		}
 	}
 
-	var err error
-	if err = h.loadPolicyManager(); err != nil {
-		return fmt.Errorf("failed to load ACL policy: %w", err)
-	}
-
 	if dumpConfig {
 		spew.Dump(h.cfg)
 	}