From 4c7f54020b3f7ca54b7f69acf2282eaefb023e9f Mon Sep 17 00:00:00 2001 From: azz Date: Tue, 16 Aug 2022 08:50:30 +0100 Subject: [PATCH 1/5] feat: add support for TLS with Postgres --- app.go | 5 ++++- config.go | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/app.go b/app.go index 3e00120..6665c27 100644 --- a/app.go +++ b/app.go @@ -129,13 +129,16 @@ func NewHeadscale(cfg *Config) (*Headscale, error) { switch cfg.DBtype { case Postgres: dbString = fmt.Sprintf( - "host=%s port=%d dbname=%s user=%s password=%s sslmode=disable", + "host=%s port=%d dbname=%s user=%s password=%s", cfg.DBhost, cfg.DBport, cfg.DBname, cfg.DBuser, cfg.DBpass, ) + if !cfg.DBssl { + dbString = dbString + " sslmode=disable" + } case Sqlite: dbString = cfg.DBpath default: diff --git a/config.go b/config.go index 6935840..3c241b2 100644 --- a/config.go +++ b/config.go @@ -47,6 +47,7 @@ type Config struct { DBname string DBuser string DBpass string + DBssl bool TLS TLSConfig @@ -506,6 +507,7 @@ func GetHeadscaleConfig() (*Config, error) { DBname: viper.GetString("db_name"), DBuser: viper.GetString("db_user"), DBpass: viper.GetString("db_pass"), + DBssl: viper.GetBool("db_ssl"), TLS: GetTLSConfig(), From 0cc14d0acaee833fd297faf84948acbb757939ff Mon Sep 17 00:00:00 2001 From: azz Date: Tue, 16 Aug 2022 09:02:51 +0100 Subject: [PATCH 2/5] feat: added `db_ssl` to config-example.yaml --- config-example.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/config-example.yaml b/config-example.yaml index ed447f9..b369029 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -121,6 +121,7 @@ db_path: /var/lib/headscale/db.sqlite # db_name: headscale # db_user: foo # db_pass: bar +# db_ssl: false ### TLS configuration # From 701ad3e017d9eb99ba0a6e415e5415888df37510 Mon Sep 17 00:00:00 2001 From: azz Date: Tue, 16 Aug 2022 09:09:28 +0100 Subject: [PATCH 3/5] chore: update CHANGELOG.md --- CHANGELOG.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be9e845..37b9d7f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## 0.17.0 (2022-XX-XX) +- Add ability to connect to PostgreSQL over TLS/SSL [#745](https://github.com/juanfont/headscale/pull/745) + ## 0.16.2 (2022-08-14) ### Changes @@ -125,7 +127,7 @@ This is a part of aligning `headscale`'s behaviour with Tailscale's upstream beh - OpenID Connect users will be mapped per namespaces - Each user will get its own namespace, created if it does not exist - `oidc.domain_map` option has been removed - - `strip_email_domain` option has been added (see [config-example.yaml](./config_example.yaml)) + - `strip_email_domain` option has been added (see [config-example.yaml](./config-example.yaml)) ### Changes From c316f53e23a9fd7df0ba231c545d3a6796bde795 Mon Sep 17 00:00:00 2001 From: Azz Date: Wed, 17 Aug 2022 19:32:20 +0100 Subject: [PATCH 4/5] fix: ci happy now? --- app.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app.go b/app.go index bca01b5..5838890 100644 --- a/app.go +++ b/app.go @@ -129,7 +129,6 @@ func NewHeadscale(cfg *Config) (*Headscale, error) { switch cfg.DBtype { case Postgres: dbString = fmt.Sprintf( - "host=%s port=%d dbname=%s user=%s password=%s", "host=%s dbname=%s user=%s", cfg.DBhost, cfg.DBname, @@ -138,7 +137,7 @@ func NewHeadscale(cfg *Config) (*Headscale, error) { if !cfg.DBssl { dbString = dbString + " sslmode=disable" - } + } if cfg.DBport != 0 { dbString += fmt.Sprintf(" port=%d", cfg.DBport) From 7e06abdca2a866263603f7a38cb5068538edc3bb Mon Sep 17 00:00:00 2001 From: Azz Date: Wed, 17 Aug 2022 20:12:45 +0100 Subject: [PATCH 5/5] chore: azz forgot how to write code --- app.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app.go b/app.go index 5838890..7ed9d2e 100644 --- a/app.go +++ b/app.go @@ -136,7 +136,7 @@ func NewHeadscale(cfg *Config) (*Headscale, error) { ) if !cfg.DBssl { - dbString = dbString + " sslmode=disable" + dbString += " sslmode=disable" } if cfg.DBport != 0 {