From b85adbc40a5119b202f2312e0ac8dd2a3e1a3716 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 22 Oct 2021 18:14:29 +0100 Subject: [PATCH 1/4] Remove the need for multiple config files This commit removes the almost a 100% redundant tests (two fields were checked differently) and makes a single example configuration for users. --- cmd/headscale/headscale_test.go | 62 ++++++------------- ...yaml.sqlite.example => config-example.yaml | 20 ++++-- config.yaml.postgres.example | 30 --------- 3 files changed, 34 insertions(+), 78 deletions(-) rename config.yaml.sqlite.example => config-example.yaml (67%) delete mode 100644 config.yaml.postgres.example diff --git a/cmd/headscale/headscale_test.go b/cmd/headscale/headscale_test.go index 0c3add6..e4a2043 100644 --- a/cmd/headscale/headscale_test.go +++ b/cmd/headscale/headscale_test.go @@ -25,40 +25,6 @@ func (s *Suite) SetUpSuite(c *check.C) { } func (s *Suite) TearDownSuite(c *check.C) { - -} - -func (*Suite) TestPostgresConfigLoading(c *check.C) { - tmpDir, err := ioutil.TempDir("", "headscale") - if err != nil { - c.Fatal(err) - } - defer os.RemoveAll(tmpDir) - - path, err := os.Getwd() - if err != nil { - c.Fatal(err) - } - - // Symlink the example config file - err = os.Symlink(filepath.Clean(path+"/../../config.yaml.postgres.example"), filepath.Join(tmpDir, "config.yaml")) - if err != nil { - c.Fatal(err) - } - - // Load example config, it should load without validation errors - err = cli.LoadConfig(tmpDir) - c.Assert(err, check.IsNil) - - // Test that config file was interpreted correctly - c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080") - c.Assert(viper.GetString("listen_addr"), check.Equals, "0.0.0.0:8080") - c.Assert(viper.GetString("derp_map_path"), check.Equals, "derp.yaml") - c.Assert(viper.GetString("db_type"), check.Equals, "postgres") - c.Assert(viper.GetString("db_port"), check.Equals, "5432") - c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "") - c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http") - c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1") } func (*Suite) TestSqliteConfigLoading(c *check.C) { @@ -74,7 +40,7 @@ func (*Suite) TestSqliteConfigLoading(c *check.C) { } // Symlink the example config file - err = os.Symlink(filepath.Clean(path+"/../../config.yaml.sqlite.example"), filepath.Join(tmpDir, "config.yaml")) + err = os.Symlink(filepath.Clean(path+"/../../config-example.yaml"), filepath.Join(tmpDir, "config.yaml")) if err != nil { c.Fatal(err) } @@ -108,7 +74,7 @@ func (*Suite) TestDNSConfigLoading(c *check.C) { } // Symlink the example config file - err = os.Symlink(filepath.Clean(path+"/../../config.yaml.sqlite.example"), filepath.Join(tmpDir, "config.yaml")) + err = os.Symlink(filepath.Clean(path+"/../../config-example.yaml"), filepath.Join(tmpDir, "config.yaml")) if err != nil { c.Fatal(err) } @@ -128,7 +94,7 @@ func (*Suite) TestDNSConfigLoading(c *check.C) { func writeConfig(c *check.C, tmpDir string, configYaml []byte) { // Populate a custom config file configFile := filepath.Join(tmpDir, "config.yaml") - err := ioutil.WriteFile(configFile, configYaml, 0644) + err := ioutil.WriteFile(configFile, configYaml, 0o644) if err != nil { c.Fatalf("Couldn't write file %s", configFile) } @@ -139,10 +105,12 @@ func (*Suite) TestTLSConfigValidation(c *check.C) { if err != nil { c.Fatal(err) } - //defer os.RemoveAll(tmpDir) + // defer os.RemoveAll(tmpDir) fmt.Println(tmpDir) - configYaml := []byte("---\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"\"\ntls_cert_path: \"abc.pem\"") + configYaml := []byte( + "---\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"\"\ntls_cert_path: \"abc.pem\"", + ) writeConfig(c, tmpDir, configYaml) // Check configuration validation errors (1) @@ -150,13 +118,23 @@ func (*Suite) TestTLSConfigValidation(c *check.C) { c.Assert(err, check.NotNil) // check.Matches can not handle multiline strings tmp := strings.ReplaceAll(err.Error(), "\n", "***") - c.Assert(tmp, check.Matches, ".*Fatal config error: set either tls_letsencrypt_hostname or tls_cert_path/tls_key_path, not both.*") - c.Assert(tmp, check.Matches, ".*Fatal config error: the only supported values for tls_letsencrypt_challenge_type are.*") + c.Assert( + tmp, + check.Matches, + ".*Fatal config error: set either tls_letsencrypt_hostname or tls_cert_path/tls_key_path, not both.*", + ) + c.Assert( + tmp, + check.Matches, + ".*Fatal config error: the only supported values for tls_letsencrypt_challenge_type are.*", + ) c.Assert(tmp, check.Matches, ".*Fatal config error: server_url must start with https:// or http://.*") fmt.Println(tmp) // Check configuration validation errors (2) - configYaml = []byte("---\nserver_url: \"http://127.0.0.1:8080\"\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"TLS-ALPN-01\"") + configYaml = []byte( + "---\nserver_url: \"http://127.0.0.1:8080\"\ntls_letsencrypt_hostname: \"example.com\"\ntls_letsencrypt_challenge_type: \"TLS-ALPN-01\"", + ) writeConfig(c, tmpDir, configYaml) err = cli.LoadConfig(tmpDir) c.Assert(err, check.IsNil) diff --git a/config.yaml.sqlite.example b/config-example.yaml similarity index 67% rename from config.yaml.sqlite.example rename to config-example.yaml index 158b1e5..494121b 100644 --- a/config.yaml.sqlite.example +++ b/config-example.yaml @@ -9,18 +9,26 @@ ephemeral_node_inactivity_timeout: 30m db_type: sqlite3 db_path: db.sqlite +# # Postgres config +# db_type: postgres +# db_host: localhost +# db_port: 5432 +# db_name: headscale +# db_user: foo +# db_pass: bar + acme_url: https://acme-v02.api.letsencrypt.org/directory -acme_email: '' -tls_letsencrypt_hostname: '' +acme_email: "" +tls_letsencrypt_hostname: "" tls_letsencrypt_listen: ":http" tls_letsencrypt_cache_dir: ".cache" tls_letsencrypt_challenge_type: HTTP-01 -tls_cert_path: '' -tls_key_path: '' -acl_policy_path: '' +tls_cert_path: "" +tls_key_path: "" +acl_policy_path: "" dns_config: nameservers: - - 1.1.1.1 + - 1.1.1.1 domains: [] magic_dns: true base_domain: example.com diff --git a/config.yaml.postgres.example b/config.yaml.postgres.example deleted file mode 100644 index 569b42a..0000000 --- a/config.yaml.postgres.example +++ /dev/null @@ -1,30 +0,0 @@ ---- -server_url: http://127.0.0.1:8080 -listen_addr: 0.0.0.0:8080 -private_key_path: private.key -derp_map_path: derp.yaml -ephemeral_node_inactivity_timeout: 30m - -# Postgres config -db_type: postgres -db_host: localhost -db_port: 5432 -db_name: headscale -db_user: foo -db_pass: bar - -acme_url: https://acme-v02.api.letsencrypt.org/directory -acme_email: '' -tls_letsencrypt_hostname: '' -tls_letsencrypt_listen: ":http" -tls_letsencrypt_cache_dir: ".cache" -tls_letsencrypt_challenge_type: HTTP-01 -tls_cert_path: '' -tls_key_path: '' -acl_policy_path: '' -dns_config: - nameservers: - - 1.1.1.1 - domains: [] - magic_dns: true - base_domain: example.com From 4d4d0de356d47f1e19c22b92d0ae0b8ef2fcc196 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 22 Oct 2021 18:27:11 +0100 Subject: [PATCH 2/4] Start adding comments to config --- config-example.yaml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/config-example.yaml b/config-example.yaml index 494121b..d0b0bb6 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -1,11 +1,20 @@ --- +# The url clients will connect to. +# Typically this will be a domain. server_url: http://127.0.0.1:8080 + +# Address to listen to / bind to on the server listen_addr: 0.0.0.0:8080 + +# Path to WireGuard private key file private_key_path: private.key + +# Path to a file containing a map of DERP nodes. derp_map_path: derp.yaml + ephemeral_node_inactivity_timeout: 30m -# SQLite config (uncomment it if you want to use SQLite) +# SQLite config db_type: sqlite3 db_path: db.sqlite @@ -19,16 +28,23 @@ db_path: db.sqlite acme_url: https://acme-v02.api.letsencrypt.org/directory acme_email: "" + tls_letsencrypt_hostname: "" tls_letsencrypt_listen: ":http" tls_letsencrypt_cache_dir: ".cache" tls_letsencrypt_challenge_type: HTTP-01 + tls_cert_path: "" tls_key_path: "" + +# Path to a file containg ACL policies. acl_policy_path: "" + dns_config: + # Upstream DNS servers nameservers: - 1.1.1.1 domains: [] + magic_dns: true base_domain: example.com From 8853315dcca2b8e7c43a14fec4f7a50e6ed61d89 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Sat, 23 Oct 2021 10:40:15 +0100 Subject: [PATCH 3/4] Update config-example.yaml Co-authored-by: Juan Font --- config-example.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/config-example.yaml b/config-example.yaml index d0b0bb6..54e78f4 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -12,6 +12,8 @@ private_key_path: private.key # Path to a file containing a map of DERP nodes. derp_map_path: derp.yaml +# Disables the automatic check for updates on startup +disable_check_updates: false ephemeral_node_inactivity_timeout: 30m # SQLite config From 746d4037da46ff1e6682b6d8a79579f7dfb87c94 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Sun, 24 Oct 2021 21:30:51 +0100 Subject: [PATCH 4/4] Fix config and tests --- config-example.yaml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/config-example.yaml b/config-example.yaml index 54e78f4..59370eb 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -9,8 +9,22 @@ listen_addr: 0.0.0.0:8080 # Path to WireGuard private key file private_key_path: private.key -# Path to a file containing a map of DERP nodes. -derp_map_path: derp.yaml +derp: + # List of externally available DERP maps encoded in JSON + urls: + - https://controlplane.tailscale.com/derpmap/default + + # Locally available DERP map files encoded in YAML + paths: + - derp-example.yaml + + # If enabled, a worker will be set up to periodically + # refresh the given sources and update the derpmap + # will be set up. + auto_update_enabled: true + + # How often should we check for updates? + update_frequency: 24h # Disables the automatic check for updates on startup disable_check_updates: false