Mirrors/juanfont.headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-02-07 20:04:00 +01:00
Code Issues Projects Releases Wiki Activity

Commit Graph

  • ea8c967dcd
         Merge 5132ecc2ed into 20dff82f95 racterub 2026-02-07 16:52:43 +0000
  • 5132ecc2ed chore: update CHANGELOG.md Racter Liu 2026-01-25 05:22:25 +0800
  • df5814fe20 test: add integration tests for TLS certificate reload on SIGHUP Racter Liu 2026-01-25 05:17:27 +0800
  • 480b0a3292 chore: add tls test Racter Liu 2026-01-23 02:18:32 +0800
  • c9a60ac0d0 chore: refine log entry Racter Liu 2026-01-22 23:56:01 +0800
  • 3f5eb0854d feat: reload certificate on sighup reload Racter Liu 2026-01-22 23:53:32 +0800
  • f9718a893c
         Merge 31bee02e46 into 20dff82f95 Janis Jansons 2026-02-07 14:14:24 +0000
  • 31bee02e46 ACL testing (#1803) Janis Jansons 2026-01-12 02:02:33 +0200
  • 903dd59389
         Merge df3a426eee into 20dff82f95 Kristoffer Dalby 2026-02-07 12:59:37 +0100
  • bd7a6c46d0
         Merge 46555ae79f into 20dff82f95 Kristoffer Dalby 2026-02-07 08:43:13 +0100
  • 46555ae79f all: upgrade to Go 1.26rc2 and modernize codebase Kristoffer Dalby 2026-02-06 21:39:35 +0000
  • b5523b2bb0
         Merge cbf3e00157 into 20dff82f95 Louis Liu 2026-02-07 08:25:15 +0100
  • 007d49ba1d
         Merge d87afe6f4b into 20dff82f95 Samuel Batista 2026-02-07 08:24:16 +0100
  • 20dff82f95 CHANGELOG: add minimum Tailscale version for 0.29.0 main Kristoffer Dalby 2026-02-06 15:35:36 +0000
  • 31c4331a91 capver: regenerate from docker tags Kristoffer Dalby 2026-02-06 15:31:32 +0000
  • d87afe6f4b
         When tailscaled restarts and sends Auth=nil, Expiry=zero, tagged nodes will correctly return early without being routed into handleLogout and having their expiry corrupted. Samuel Batista 2026-02-07 02:16:54 -0500
  • 9fd3d44a51
         Tweak whitespace Samuel Batista 2026-02-07 00:42:42 -0500
  • 7d6a7e41ea
         Set node key expiration in the far future when creating nodes with preauth keys to avoid Tailscale spinlock Samuel Batista 2026-02-07 00:37:07 -0500
  • c9c411d0d6
         Merge f0322c4ec6 into ce580f8245 Ali Mohammed 2026-02-06 22:21:13 +0100
  • a1f2d25015 CHANGELOG: add minimum Tailscale version for 0.29.0 Kristoffer Dalby 2026-02-06 15:35:36 +0000
  • 116488316b capver: regenerate from docker tags Kristoffer Dalby 2026-02-06 15:31:32 +0000
  • ce580f8245
         all: fix golangci-lint issues (#3064) Kristoffer Dalby 2026-02-06 21:45:32 +0100
  • 553193137b integration: update error message expectation in TestPolicyBrokenConfigCommand Kristoffer Dalby 2026-02-06 14:25:06 +0000
  • 5d42a5936f Fix typos Lisandro Damián Nicanor Pérez Meyer 2026-02-06 10:29:45 -0300
  • fa70e6836a flake.nix: update vendorHash for go modules Kristoffer Dalby 2026-02-06 12:56:02 +0000
  • cf3742b608 all: add remaining noinlineerr nolint directives Kristoffer Dalby 2026-02-06 12:29:17 +0000
  • d2aca10195 all: apply golangci-lint fixes Kristoffer Dalby 2026-02-06 12:27:04 +0000
  • 4c210b9219 all: fix easy golangci-lint issues Kristoffer Dalby 2026-02-06 11:54:32 +0000
  • 08646a39cb all: fix recvcheck issues Kristoffer Dalby 2026-02-06 11:39:07 +0000
  • 4b0fc9c164 cmd/hi: fix contextcheck issues Kristoffer Dalby 2026-02-06 11:38:54 +0000
  • 8583994c97
         Merge 7478d75012 into bfb6fd80df Shourya Gautam 2026-02-06 04:59:28 -0500
  • 164a7c9dbd all: fix golangci-lint issues (noctx, unused, unparam, goconst, prealloc, predeclared, gocritic) Kristoffer Dalby 2026-02-06 09:37:22 +0000
  • 28b52bff58
         Merge 7d504c619e into bfb6fd80df Kristoffer Dalby 2026-02-06 10:17:55 +0100
  • d29a47adaa hscontrol/mapper: fix remaining copylocks issues in tests Kristoffer Dalby 2026-02-06 08:55:07 +0000
  • 698ef4272c hscontrol/mapper: fix copylocks issues in test code Kristoffer Dalby 2026-02-06 08:51:36 +0000
  • 02636a14d3 all: fix staticcheck issues Kristoffer Dalby 2026-02-06 08:49:00 +0000
  • f131372ecf tests: update error message expectations to match new format Kristoffer Dalby 2026-02-06 08:46:14 +0000
  • f0322c4ec6 feat: add client version to node list Aliexe 2026-02-06 10:22:08 +0200
  • 16d20c50f3 all: fix prealloc lint issues Kristoffer Dalby 2026-02-06 08:18:17 +0000
  • 19b06f2b78 integration: fix remaining errchkjson lint issues Kristoffer Dalby 2026-02-06 08:15:48 +0000
  • 215030b570 all: fix errchkjson, contextcheck, containedctx, embeddedstructfieldcheck Kristoffer Dalby 2026-02-06 08:15:01 +0000
  • 7e1d0289fd all: fix exhaustive, forcetypeassert, durationcheck lint issues Kristoffer Dalby 2026-02-06 08:13:12 +0000
  • 92ffc364b6 all: fix errcheck lint issues Kristoffer Dalby 2026-02-06 08:10:29 +0000
  • 43349553f2 integration: add nolint:err113 comments for test infrastructure Kristoffer Dalby 2026-02-06 08:05:21 +0000
  • 9b250543c8
         Merge a8077c1a13 into bfb6fd80df Ángel 2026-02-06 09:04:31 +0100
  • 3c3e39c737 cmd,hscontrol: fix err113 lint issues (batch 8) Kristoffer Dalby 2026-02-06 08:01:58 +0000
  • 0cb49ab343 hscontrol: fix err113 lint issues (batch 7) Kristoffer Dalby 2026-02-06 07:59:27 +0000
  • c164b15503 hscontrol: fix err113 lint issues (batch 6) Kristoffer Dalby 2026-02-06 07:54:16 +0000
  • 744ba66131 hscontrol/policy/v2: fix err113 lint issues (batch 5) Kristoffer Dalby 2026-02-06 07:34:30 +0000
  • 71b1a43b6e all: fix err113 and nilnil lint issues (batch 4) Kristoffer Dalby 2026-02-06 07:24:16 +0000
  • 6533ec9637 hscontrol/types: fix wastedassign and unused lint issues Kristoffer Dalby 2026-02-06 07:20:42 +0000
  • ac194ec055 all: suppress unused code lint warnings (batch 3) Kristoffer Dalby 2026-02-06 07:18:29 +0000
  • 08c9196545 all: fix errcheck lint issues (batch 2) Kristoffer Dalby 2026-02-06 07:16:08 +0000
  • 03ca9e926a all: fix golangci-lint issues (batch 1) Kristoffer Dalby 2026-02-06 07:13:22 +0000
  • f068ed49b4 all: apply golangci-lint fixes Kristoffer Dalby 2026-02-06 06:54:44 +0000
  • bfb6fd80df integration: fixup test Kristoffer Dalby 2026-02-05 16:35:18 +0000
  • 3acce2da87 errors: rewrite errors to follow go best practices Kristoffer Dalby 2026-02-05 16:29:54 +0000
  • 4a9a329339 all: use lowercase log messages Kristoffer Dalby 2026-02-05 13:59:26 +0000
  • dd16567c52 hscontrol/state,db: use zf constants for logging Kristoffer Dalby 2026-02-05 11:55:20 +0000
  • e0a436cefc hscontrol/util/zlog/zf: add tag, authkey, and route constants Kristoffer Dalby 2026-02-05 11:54:33 +0000
  • 53cdeff129 hscontrol/mapper: use sub-loggers and zf constants Kristoffer Dalby 2026-02-05 11:04:54 +0000
  • 7148a690d0 hscontrol/grpcv1: use EmbedObject and zf constants Kristoffer Dalby 2026-02-05 11:01:41 +0000
  • 4e73133b9f hscontrol/routes: use sub-logger and zf constants Kristoffer Dalby 2026-02-05 11:01:23 +0000
  • 4f8724151e hscontrol/poll: use sub-logger pattern for mapSession Kristoffer Dalby 2026-02-05 11:00:49 +0000
  • 91730e2a1d hscontrol: use EmbedObject for node logging Kristoffer Dalby 2026-02-05 09:44:23 +0000
  • b5090a01ec cmd: use zf constants for zerolog field names Kristoffer Dalby 2026-01-28 14:39:34 +0000
  • 27f5641341 golangci: add forbidigo rule for zerolog field constants Kristoffer Dalby 2026-01-28 14:05:46 +0000
  • cf3d30b6f6 types: add MarshalZerologObject to domain types Kristoffer Dalby 2026-01-28 13:37:48 +0000
  • 58020696fe zlog: add utility package for safe and consistent logging Kristoffer Dalby 2026-01-28 13:37:22 +0000
  • e44b402fe4 integration: update TestSubnetRouteACL for filter merging and IPProto Kristoffer Dalby 2026-02-03 09:01:30 +0000
  • 835b7eb960 policy: autogroup:internet does not generate packet filters Kristoffer Dalby 2026-01-28 13:08:38 +0000
  • 95b1fd636e policy: fix wildcard DstPorts format and proto:icmp handling Kristoffer Dalby 2026-01-28 12:05:08 +0000
  • 834ac27779 policy/v2: add subnet routes and exit node compatibility tests Kristoffer Dalby 2026-01-28 12:04:52 +0000
  • 4a4032a4b0 changelog: document filter rule merging Kristoffer Dalby 2026-01-24 07:49:51 +0000
  • 29aa08df0e policy: update test expectations for merged filter rules Kristoffer Dalby 2026-01-24 07:49:39 +0000
  • 0b1727c337 policy: merge filter rules with identical SrcIPs and IPProto Kristoffer Dalby 2026-01-24 07:49:21 +0000
  • 08fe2e4d6c policy: use CIDR format for autogroup:self destinations Kristoffer Dalby 2026-01-23 21:05:00 +0000
  • cb29cade46 docs: add compatibility test documentation Kristoffer Dalby 2026-01-23 20:58:38 +0000
  • f27298c759 changelog: document wildcard CGNAT range change Add breaking change entry for the wildcard resolution change to use CGNAT/ULA ranges instead of all IPs. Updates #3036 Kristoffer Dalby 2026-01-23 20:52:50 +0000
  • 8baa14ef4a policy: use CGNAT/ULA ranges for wildcard resolution Change Asterix.Resolve() to use Tailscale's CGNAT range (100.64.0.0/10) and ULA range (fd7a:115c:a1e0::/48) instead of all IPs (0.0.0.0/0 and ::/0). This better matches Tailscale's security model where wildcard (*) means "any node in the tailnet" rather than literally "any IP address on the internet". Updates #3036 Kristoffer Dalby 2026-01-23 20:52:35 +0000
  • ebdbe03639 policy: validate autogroup:self sources in ACL rules Tailscale validates that autogroup:self destinations in ACL rules can only be used when ALL sources are users, groups, autogroup:member, or wildcard (*). Previously, Headscale only performed this validation for SSH rules. Add validateACLSrcDstCombination() to enforce that tags, autogroup:tagged, hosts, and raw IPs cannot be used as sources with autogroup:self destinations. Invalid policies like tag:client → autogroup:self:* are now rejected at validation time, matching Tailscale behavior. Wildcard (*) is allowed because autogroup:self evaluation narrows it per-node to only the node's own IPs. Kristoffer Dalby 2026-01-23 20:37:27 +0000
  • f735502eae policy: add ICMP protocols to default and export constants When ACL rules don't specify a protocol, Headscale now defaults to [TCP, UDP, ICMP, ICMPv6] instead of just [TCP, UDP], matching Tailscale's behavior. Also export protocol number constants (ProtocolTCP, ProtocolUDP, etc.) for use in external test packages, renaming the string protocol constants to ProtoNameTCP, ProtoNameUDP, etc. to avoid conflicts. This resolves 78 ICMP-related TODOs in the Tailscale compatibility tests, reducing the total from 165 to 87. Kristoffer Dalby 2026-01-23 20:16:02 +0000
  • 53d17aa321 policy: add comprehensive Tailscale ACL compatibility tests Add extensive test coverage verifying Headscale's ACL policy behavior matches Tailscale's coordination server. Tests cover: - Source/destination resolution for users, groups, tags, hosts, IPs - autogroup:member, autogroup:tagged, autogroup:self behavior - Filter rule deduplication and merging semantics - Multi-rule interaction patterns - Error case validation Key behavioral differences documented: - Headscale creates separate filter entries per ACL rule; Tailscale merges rules with identical sources - Headscale deduplicates Dsts within a rule; Tailscale does not - Headscale does not validate autogroup:self source restrictions for ACL rules (only SSH rules); Tailscale rejects invalid sources Tests are based on real Tailscale coordination server responses captured from a test environment with 5 nodes (1 user-owned, 4 tagged). Kristoffer Dalby 2026-01-23 19:36:17 +0000
  • 14f833bdb9 policy: fix autogroup:self handling for tagged nodes Skip autogroup:self destination processing for tagged nodes since they can never match autogroup:self (which only applies to user-owned nodes). Also reorder the IsTagged() check to short-circuit before accessing User() to avoid potential nil pointer access on tagged nodes. Kristoffer Dalby 2026-01-23 19:35:42 +0000
  • 5e898b5e11 integration: update TestSubnetRouteACL for filter merging and IPProto Kristoffer Dalby 2026-02-03 09:01:30 +0000
  • 9008ce77fb policy: autogroup:internet does not generate packet filters Kristoffer Dalby 2026-01-28 13:08:38 +0000
  • 4996ce5cc2 policy: fix wildcard DstPorts format and proto:icmp handling Kristoffer Dalby 2026-01-28 12:05:08 +0000
  • 3577b48f31 policy/v2: add subnet routes and exit node compatibility tests Kristoffer Dalby 2026-01-28 12:04:52 +0000
  • e387c81cbd changelog: document filter rule merging Kristoffer Dalby 2026-01-24 07:49:51 +0000
  • 5678717e7c policy: update test expectations for merged filter rules Kristoffer Dalby 2026-01-24 07:49:39 +0000
  • 2dfccfa86f policy: merge filter rules with identical SrcIPs and IPProto Kristoffer Dalby 2026-01-24 07:49:21 +0000
  • cfef5c4105 policy: use CIDR format for autogroup:self destinations Kristoffer Dalby 2026-01-23 21:05:00 +0000
  • 56b67ca372 docs: add compatibility test documentation Kristoffer Dalby 2026-01-23 20:58:38 +0000
  • 73bf7f5b29 changelog: document wildcard CGNAT range change Add breaking change entry for the wildcard resolution change to use CGNAT/ULA ranges instead of all IPs. Updates #3036 Kristoffer Dalby 2026-01-23 20:52:50 +0000
  • 936a6b5678 policy: use CGNAT/ULA ranges for wildcard resolution Change Asterix.Resolve() to use Tailscale's CGNAT range (100.64.0.0/10) and ULA range (fd7a:115c:a1e0::/48) instead of all IPs (0.0.0.0/0 and ::/0). This better matches Tailscale's security model where wildcard (*) means "any node in the tailnet" rather than literally "any IP address on the internet". Updates #3036 Kristoffer Dalby 2026-01-23 20:52:35 +0000
  • a0aa643b6f policy: validate autogroup:self sources in ACL rules Tailscale validates that autogroup:self destinations in ACL rules can only be used when ALL sources are users, groups, autogroup:member, or wildcard (*). Previously, Headscale only performed this validation for SSH rules. Add validateACLSrcDstCombination() to enforce that tags, autogroup:tagged, hosts, and raw IPs cannot be used as sources with autogroup:self destinations. Invalid policies like tag:client → autogroup:self:* are now rejected at validation time, matching Tailscale behavior. Wildcard (*) is allowed because autogroup:self evaluation narrows it per-node to only the node's own IPs. Kristoffer Dalby 2026-01-23 20:37:27 +0000
  • 8c8413d0a3 policy: add ICMP protocols to default and export constants When ACL rules don't specify a protocol, Headscale now defaults to [TCP, UDP, ICMP, ICMPv6] instead of just [TCP, UDP], matching Tailscale's behavior. Also export protocol number constants (ProtocolTCP, ProtocolUDP, etc.) for use in external test packages, renaming the string protocol constants to ProtoNameTCP, ProtoNameUDP, etc. to avoid conflicts. This resolves 78 ICMP-related TODOs in the Tailscale compatibility tests, reducing the total from 165 to 87. Kristoffer Dalby 2026-01-23 20:16:02 +0000
  • d63f6a46eb integration: fixup test Kristoffer Dalby 2026-02-05 16:35:18 +0000
  • 00c272e92a errors: rewrite errors to follow go best practices Kristoffer Dalby 2026-02-05 16:29:54 +0000
  • 2ad2b10b33 all: use lowercase log messages Kristoffer Dalby 2026-02-05 13:59:26 +0000