Kristoffer Dalby
7bf2a91dd0
Merge branch 'main' into configurable-mtls
2022-02-20 14:33:23 +00:00
Justin Angel
385dd9cc34
refactoring
2022-02-20 09:06:14 -05:00
Kristoffer Dalby
4e54796384
Allow gRPC server to run insecure
2022-02-13 09:08:46 +00:00
Kristoffer Dalby
c3b68adfed
Fix lint
2022-02-13 08:46:35 +00:00
Kristoffer Dalby
0018a78d5a
Add insecure option
...
Add option to not _validate_ if the certificate served from headscale is
trusted.
2022-02-13 08:41:49 +00:00
Kristoffer Dalby
315ff9daf0
Remove insecure, only allow valid certs
2022-02-12 19:35:55 +00:00
Kristoffer Dalby
e18078d7f8
Rename j
2022-02-12 19:08:41 +00:00
Kristoffer Dalby
c73b57e7dc
Use undeprecated method for insecure
2022-02-12 19:08:33 +00:00
Kristoffer Dalby
811d3d510c
Add grpc_listen_addr config option
2022-02-12 16:14:33 +00:00
Kristoffer Dalby
168b1bd579
Merge branch 'main' into configurable-mtls
2022-01-31 12:28:00 +00:00
Justin Angel
9de5c7f8b8
updating default
2022-01-31 07:22:17 -05:00
Kristoffer Dalby
6f6018bad5
Merge branch 'main' into ipv6
2022-01-30 08:21:11 +00:00
Kristoffer Dalby
0609c97459
Merge branch 'main' into configurable-mtls
2022-01-29 20:15:58 +00:00
Justin Angel
c98a559b4d
linting/formatting
2022-01-29 14:15:33 -05:00
Justin Angel
5935b13b67
refining
2022-01-29 13:35:08 -05:00
Justin Angel
9e619fc020
Making client authentication mode configurable
2022-01-29 12:59:31 -05:00
Csaba Sarkadi
45bcf39894
fixup! fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config
2022-01-29 16:52:27 +01:00
Csaba Sarkadi
0a1db89d33
fixup! cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config
2022-01-29 16:27:36 +01:00
Csaba Sarkadi
e66f8b0eeb
cmd/headscale/cli/utils: merge ip_prefix with ip_prefixes in config
2022-01-29 16:04:15 +01:00
Kristoffer Dalby
b4f8961e44
Make Unix socket permissions configurable
2022-01-28 18:58:22 +00:00
Kristoffer Dalby
6e14fdf0d3
More reusable stuff in cli
2022-01-25 22:11:15 +00:00
Csaba Sarkadi
1a6e5d8770
Add support for multiple IP prefixes
2022-01-16 14:18:22 +01:00
Kristoffer Dalby
34f4109fbd
Add back privatekey, but automatically generate it if it does not exist
2021-11-28 09:17:18 +00:00
Kristoffer Dalby
07418140a2
Remove config loading of private key path
2021-11-26 23:29:41 +00:00
Kristoffer Dalby
6a9dd2029e
Remove expiry logic, this needs to be redone
2021-11-19 09:02:49 +00:00
Kristoffer Dalby
d6739386a0
Get rid of dynamic errors
2021-11-15 19:18:14 +00:00
Kristoffer Dalby
db8be91d8b
Add and fix forbidigo
2021-11-15 18:36:02 +00:00
Kristoffer Dalby
715542ac1c
Add and fix stylecheck (golint replacement)
2021-11-15 17:24:24 +00:00
Kristoffer Dalby
0c45f8d252
Add and fix errorlint
2021-11-15 16:26:41 +00:00
Kristoffer Dalby
471c0b4993
Initial work eliminating one/two letter variables
2021-11-14 20:32:03 +01:00
Kristoffer Dalby
796072a5a4
Add and fix ifshort
2021-11-14 18:09:22 +01:00
Kristoffer Dalby
89eb13c6cb
Add and fix nlreturn (new line return)
2021-11-14 16:46:09 +01:00
Kristoffer Dalby
2634215f12
golangci-lint --fix
2021-11-13 08:39:04 +00:00
Kristoffer Dalby
03b7ec62ca
Go format with shorter lines
2021-11-13 08:36:45 +00:00
Kristoffer Dalby
2dfd42f80c
Attempt to dry up CLI client, add proepr config
...
This commit is trying to DRY up the initiation of the gRPC client in
each command:
It renames the function to CLI instead of GRPC as it actually set up a
CLI client, not a generic grpc client
It also moves the configuration of address, timeout (which is now
consistent) and api to use Viper, allowing users to set it via env vars
and configuration file
2021-11-07 09:41:14 +00:00
Kristoffer Dalby
cd34a5d6f3
Expand json output to support yaml, make more generic
2021-11-04 22:31:47 +00:00
Kristoffer Dalby
12f2a7cee0
Move context per cure's suggestion
2021-10-31 16:26:51 +00:00
Kristoffer Dalby
264e5964f6
Resolve merge conflict
2021-10-31 09:40:43 +00:00
Kristoffer Dalby
cbf3f5d640
Resolve merge conflict
2021-10-30 15:33:01 +00:00
Kristoffer Dalby
434fac52b7
Fix lint error
2021-10-30 14:29:03 +00:00
Kristoffer Dalby
6aacada852
Switch from gRPC localhost to socket
...
This commit changes the way CLI and grpc-gateway communicates with the
gRPC backend to socket, instead of localhost. Unauthenticated access now
goes on the socket, while the network interface will require API key (in
the future).
2021-10-30 14:08:16 +00:00
Kristoffer Dalby
72fd2a2780
Fix lint error
2021-10-29 17:36:11 +00:00
Kristoffer Dalby
81b8610dff
Add helper function to setup grpc client for cli
2021-10-29 17:15:52 +00:00
Kristoffer Dalby
eefd82a574
Move config loading out of the headscale app setup
2021-10-29 17:09:06 +00:00
Kristoffer Dalby
002b5c1dad
Add grpc token auth struct
2021-10-29 17:08:21 +00:00
Raal Goff
2d252da221
suggested documentation and comments
2021-10-29 21:35:07 +08:00
Kristoffer Dalby
57f46ded83
Split derp into its own config struct
2021-10-22 16:55:14 +00:00
Juan Font
41c5a0ddf5
Apply suggestions from code review
...
Co-authored-by: Kristoffer Dalby <kradalby@kradalby.no>
2021-10-20 09:35:56 +02:00
Juan Font Alonso
18b00b5d8d
Add support for Split DNS (implements #179 )
2021-10-19 20:51:43 +02:00
Kristoffer Dalby
677bd9b657
Implement namespace matching
2021-10-18 19:27:52 +00:00
Raal Goff
d0cd5af419
fix incorrect merge
2021-10-16 22:34:11 +08:00
unreality
afbfc1d370
Merge branch 'main' into main
2021-10-16 22:31:37 +08:00
Juan Font Alonso
27947c6746
This commit disables the version checker when JSON output ( #153 )
2021-10-13 00:18:55 +02:00
Raal Goff
74e6c1479e
updates from code review
2021-10-10 17:22:42 +08:00
Kristoffer Dalby
2997f4d251
Merge branch 'main' into main
2021-10-08 22:21:41 +01:00
Raal Goff
e407d423d4
updates from code review
2021-10-08 17:43:52 +08:00
Raal Goff
c487591437
use go-oidc instead of verifying and extracting tokens ourselves, rename oidc_endpoint to oidc_issuer to be more inline with spec
2021-10-06 17:19:15 +08:00
Juan Font Alonso
da4a9dadd5
Warn users when MagicDNS is set with no DNS servers
2021-10-04 22:16:53 +02:00
Juan Font
040a18e6f8
Merge branch 'main' into magic-dns-support
2021-10-04 19:45:12 +02:00
Juan Font Alonso
ec911981c2
Do not allow magicdns if not nameservers set up
2021-10-04 19:43:58 +02:00
Aaron Bieber
817cc1e567
these are not files!
2021-10-03 14:02:44 -06:00
Aaron Bieber
8fa0fe65ba
Add the ability to specify registration ACME email and ACME URL.
2021-10-03 12:26:38 -06:00
Juan Font Alonso
19492650d4
Fixed error on assign
2021-10-02 13:03:08 +02:00
Juan Font Alonso
656237e167
Propagate dns config vales across Headscale
2021-10-02 11:20:42 +02:00
Juan Font Alonso
3f3cfedffa
Add support for MagicDNS
2021-09-28 00:22:29 +02:00
Raal Goff
e7a2501fe8
initial work on OIDC (SSO) integration
2021-09-26 16:53:05 +08:00
Juan Font
5840f88251
Update tailscale dependencies to v1.14
2021-09-14 23:46:16 +02:00
Kristoffer Dalby
8735e5675c
Add a test for the getdnsconfig function
2021-08-25 19:03:04 +01:00
Kristoffer Dalby
3f5e06a0f8
Dont add the portnumber to the ip
2021-08-25 18:43:13 +01:00
Kristoffer Dalby
b3732e7fb9
Add nameserver as resolver aswell
2021-08-25 07:04:48 +01:00
Kristoffer Dalby
987bbee1db
Add DNSConfig field to configuration
2021-08-24 07:09:47 +01:00
Kristoffer Dalby
d93a7f2e02
Make Info default log level
2021-08-20 17:15:07 +01:00
Kristoffer Dalby
a8c8a358d0
Make log keys lowercase
2021-08-05 20:57:47 +01:00
Kristoffer Dalby
cd2ca137c0
Make log_level user configurable
2021-08-05 19:19:25 +01:00
Kristoffer Dalby
b1200140b8
Convert cli/utils.go
2021-08-05 18:26:49 +01:00
Kristoffer Dalby
309f868a21
Make IP prefix configurable
...
This commit makes the IP prefix used to generate addresses configurable
to users. This can be useful if you would like to use a smaller range or
if your current setup is overlapping with the current range.
The current range is left as a default
2021-08-02 20:06:26 +01:00
Aaron Bieber
69d77f6e9d
Add a 'tls_letsencrypt_listen' config option
...
Currently the default (and non-configurable) Let's Encrypt listener will
bind to all IPs. This isn't ideal if we want to run headscale on a specific
IP only.
This also allows for one to set the listener to something other than
port 80. This is useful for OSs like OpenBSD which only allow root to
bind the lower port ranges (and don't have `setcap`) as we can now run
`headscale` as a non-privileged user while still using the baked in ACME
magic. Obviously this configuration would also require a reverse proxy
or firewall rule to redirect traffic. I attempted to outline that in the
README change.
2021-07-23 16:12:01 -06:00
Ward Vandewege
9a24340bd4
Turn the combination of TLS-ALPN-01 and listen_addr on a port other than
...
443 into a warning, not an error, refs #53 .
2021-07-16 22:02:05 -04:00
Juan Font Alonso
7d46dfe012
Only load ACLs if a path is present
2021-07-11 15:10:11 +02:00
Juan Font
19443669bf
Fixed linting issues
2021-07-04 13:33:00 +02:00
Juan Font
202d6b506f
Load ACL policy on headscale startup
2021-07-04 13:24:05 +02:00
Juan Font Alonso
0fcd92fcce
Minor fix to help testing
2021-06-05 11:13:28 +02:00
Ward Vandewege
41f6740ddd
Add support for ephemeral nodes via a special type of pre-auth key. Add
...
tests for that feature.
Other fixes: clean up a few typos in comments. Fix a bug that caused the
tests to run four times each. Be more consistent in the use of log
rather than fmt to print errors and notices.
2021-05-22 20:18:29 -04:00
Juan Font Alonso
5a42bace67
Use OS-independent paths for the abs method
2021-05-18 23:33:08 +02:00
Juan Font Alonso
460a23cf2b
Check for abs/rel path in db_path
2021-05-19 01:28:47 +02:00
Juan Font Alonso
216c6d85b2
Added support for sqlite as database backend
2021-05-15 14:32:26 +02:00
Juan Font Alonso
8ad366f977
Use JsonOutput in version too
2021-05-08 17:06:36 +02:00
Juan Font Alonso
3b34f715ce
Adding support for JSON-formatted output 1/n
2021-05-08 13:28:22 +02:00
Juan Font Alonso
77e5255fdd
Move the CLI functiontionality to the CLI package
2021-04-28 16:15:45 +02:00