Merge pull request #98 from kradalby/initial-dns-server-exit-node
This commit is contained in:
commit
123f0fa185
7 changed files with 100 additions and 9 deletions
|
@ -25,8 +25,9 @@ Headscale implements this coordination server.
|
||||||
- [X] JSON-formatted output
|
- [X] JSON-formatted output
|
||||||
- [X] ACLs
|
- [X] ACLs
|
||||||
- [X] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
|
- [X] Support for alternative IP ranges in the tailnets (default Tailscale's 100.64.0.0/10)
|
||||||
|
- [X] DNS (passing DNS servers to nodes)
|
||||||
- [ ] Share nodes between ~~users~~ namespaces
|
- [ ] Share nodes between ~~users~~ namespaces
|
||||||
- [ ] DNS
|
- [ ] MagicDNS / Smart DNS
|
||||||
|
|
||||||
|
|
||||||
## Roadmap 🤷
|
## Roadmap 🤷
|
||||||
|
|
14
api.go
14
api.go
|
@ -14,7 +14,6 @@ import (
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"github.com/klauspost/compress/zstd"
|
"github.com/klauspost/compress/zstd"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
"inet.af/netaddr"
|
|
||||||
"tailscale.com/tailcfg"
|
"tailscale.com/tailcfg"
|
||||||
"tailscale.com/types/wgkey"
|
"tailscale.com/types/wgkey"
|
||||||
)
|
)
|
||||||
|
@ -245,10 +244,15 @@ func (h *Headscale) getMapResponse(mKey wgkey.Key, req tailcfg.MapRequest, m Mac
|
||||||
}
|
}
|
||||||
|
|
||||||
resp := tailcfg.MapResponse{
|
resp := tailcfg.MapResponse{
|
||||||
KeepAlive: false,
|
KeepAlive: false,
|
||||||
Node: node,
|
Node: node,
|
||||||
Peers: *peers,
|
Peers: *peers,
|
||||||
DNS: []netaddr.IP{},
|
//TODO(kradalby): As per tailscale docs, if DNSConfig is nil,
|
||||||
|
// it means its not updated, maybe we can have some logic
|
||||||
|
// to check and only pass updates when its updates.
|
||||||
|
// This is probably more relevant if we try to implement
|
||||||
|
// "MagicDNS"
|
||||||
|
DNSConfig: h.cfg.DNSConfig,
|
||||||
SearchPaths: []string{},
|
SearchPaths: []string{},
|
||||||
Domain: "headscale.net",
|
Domain: "headscale.net",
|
||||||
PacketFilter: *h.aclRules,
|
PacketFilter: *h.aclRules,
|
||||||
|
|
2
app.go
2
app.go
|
@ -43,6 +43,8 @@ type Config struct {
|
||||||
|
|
||||||
TLSCertPath string
|
TLSCertPath string
|
||||||
TLSKeyPath string
|
TLSKeyPath string
|
||||||
|
|
||||||
|
DNSConfig *tailcfg.DNSConfig
|
||||||
}
|
}
|
||||||
|
|
||||||
// Headscale represents the base app of the service
|
// Headscale represents the base app of the service
|
||||||
|
|
|
@ -41,6 +41,8 @@ func LoadConfig(path string) error {
|
||||||
|
|
||||||
viper.SetDefault("log_level", "info")
|
viper.SetDefault("log_level", "info")
|
||||||
|
|
||||||
|
viper.SetDefault("dns_config", nil)
|
||||||
|
|
||||||
err := viper.ReadInConfig()
|
err := viper.ReadInConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Fatal error reading config file: %s \n", err)
|
return fmt.Errorf("Fatal error reading config file: %s \n", err)
|
||||||
|
@ -70,6 +72,45 @@ func LoadConfig(path string) error {
|
||||||
} else {
|
} else {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
func GetDNSConfig() *tailcfg.DNSConfig {
|
||||||
|
if viper.IsSet("dns_config") {
|
||||||
|
dnsConfig := &tailcfg.DNSConfig{}
|
||||||
|
|
||||||
|
if viper.IsSet("dns_config.nameservers") {
|
||||||
|
nameserversStr := viper.GetStringSlice("dns_config.nameservers")
|
||||||
|
|
||||||
|
nameservers := make([]netaddr.IP, len(nameserversStr))
|
||||||
|
resolvers := make([]tailcfg.DNSResolver, len(nameserversStr))
|
||||||
|
|
||||||
|
for index, nameserverStr := range nameserversStr {
|
||||||
|
nameserver, err := netaddr.ParseIP(nameserverStr)
|
||||||
|
if err != nil {
|
||||||
|
log.Error().
|
||||||
|
Str("func", "getDNSConfig").
|
||||||
|
Err(err).
|
||||||
|
Msgf("Could not parse nameserver IP: %s", nameserverStr)
|
||||||
|
}
|
||||||
|
|
||||||
|
nameservers[index] = nameserver
|
||||||
|
resolvers[index] = tailcfg.DNSResolver{
|
||||||
|
Addr: nameserver.String(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
dnsConfig.Nameservers = nameservers
|
||||||
|
dnsConfig.Resolvers = resolvers
|
||||||
|
}
|
||||||
|
if viper.IsSet("dns_config.domains") {
|
||||||
|
dnsConfig.Domains = viper.GetStringSlice("dns_config.domains")
|
||||||
|
}
|
||||||
|
|
||||||
|
return dnsConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func absPath(path string) string {
|
func absPath(path string) string {
|
||||||
|
@ -126,6 +167,8 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
|
||||||
|
|
||||||
TLSCertPath: absPath(viper.GetString("tls_cert_path")),
|
TLSCertPath: absPath(viper.GetString("tls_cert_path")),
|
||||||
TLSKeyPath: absPath(viper.GetString("tls_key_path")),
|
TLSKeyPath: absPath(viper.GetString("tls_key_path")),
|
||||||
|
|
||||||
|
DNSConfig: GetDNSConfig(),
|
||||||
}
|
}
|
||||||
|
|
||||||
h, err := headscale.NewHeadscale(cfg)
|
h, err := headscale.NewHeadscale(cfg)
|
||||||
|
|
|
@ -58,7 +58,7 @@ func (*Suite) TestPostgresConfigLoading(c *check.C) {
|
||||||
c.Assert(viper.GetString("db_port"), check.Equals, "5432")
|
c.Assert(viper.GetString("db_port"), check.Equals, "5432")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
|
c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*Suite) TestSqliteConfigLoading(c *check.C) {
|
func (*Suite) TestSqliteConfigLoading(c *check.C) {
|
||||||
|
@ -92,6 +92,37 @@ func (*Suite) TestSqliteConfigLoading(c *check.C) {
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
|
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
|
||||||
|
c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (*Suite) TestDNSConfigLoading(c *check.C) {
|
||||||
|
tmpDir, err := ioutil.TempDir("", "headscale")
|
||||||
|
if err != nil {
|
||||||
|
c.Fatal(err)
|
||||||
|
}
|
||||||
|
defer os.RemoveAll(tmpDir)
|
||||||
|
|
||||||
|
path, err := os.Getwd()
|
||||||
|
if err != nil {
|
||||||
|
c.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Symlink the example config file
|
||||||
|
err = os.Symlink(filepath.Clean(path+"/../../config.json.sqlite.example"), filepath.Join(tmpDir, "config.json"))
|
||||||
|
if err != nil {
|
||||||
|
c.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Load example config, it should load without validation errors
|
||||||
|
err = cli.LoadConfig(tmpDir)
|
||||||
|
c.Assert(err, check.IsNil)
|
||||||
|
|
||||||
|
dnsConfig := cli.GetDNSConfig()
|
||||||
|
fmt.Println(dnsConfig)
|
||||||
|
|
||||||
|
c.Assert(dnsConfig.Nameservers[0].String(), check.Equals, "1.1.1.1")
|
||||||
|
|
||||||
|
c.Assert(dnsConfig.Resolvers[0].Addr, check.Equals, "1.1.1.1")
|
||||||
}
|
}
|
||||||
|
|
||||||
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
|
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
|
||||||
|
|
|
@ -16,5 +16,10 @@
|
||||||
"tls_letsencrypt_challenge_type": "HTTP-01",
|
"tls_letsencrypt_challenge_type": "HTTP-01",
|
||||||
"tls_cert_path": "",
|
"tls_cert_path": "",
|
||||||
"tls_key_path": "",
|
"tls_key_path": "",
|
||||||
"acl_policy_path": ""
|
"acl_policy_path": "",
|
||||||
|
"dns_config": {
|
||||||
|
"nameservers": [
|
||||||
|
"1.1.1.1"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,5 +12,10 @@
|
||||||
"tls_letsencrypt_challenge_type": "HTTP-01",
|
"tls_letsencrypt_challenge_type": "HTTP-01",
|
||||||
"tls_cert_path": "",
|
"tls_cert_path": "",
|
||||||
"tls_key_path": "",
|
"tls_key_path": "",
|
||||||
"acl_policy_path": ""
|
"acl_policy_path": "",
|
||||||
|
"dns_config": {
|
||||||
|
"nameservers": [
|
||||||
|
"1.1.1.1"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue