From c63c259d319fe3b03535cf4989e9c9039ec87134 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Fri, 26 Nov 2021 23:28:06 +0000 Subject: [PATCH] Switch wgkey for types/key We dont seem to need the wireguard key anymore, we generate a key on startup based on the new library and the users fetch it from /key. Clean up app.go and update docs --- app.go | 21 ++++++--------------- config-example.yaml | 3 --- docs/Configuration.md | 6 ------ docs/DNS.md | 1 - k8s/postgres/deployment.yaml | 2 -- k8s/sqlite/statefulset.yaml | 2 -- 6 files changed, 6 insertions(+), 29 deletions(-) diff --git a/app.go b/app.go index 0d3332d..874bedf 100644 --- a/app.go +++ b/app.go @@ -43,7 +43,7 @@ import ( "inet.af/netaddr" "tailscale.com/tailcfg" "tailscale.com/types/dnstype" - "tailscale.com/types/wgkey" + "tailscale.com/types/key" ) const ( @@ -66,7 +66,6 @@ const ( type Config struct { ServerURL string Addr string - PrivateKeyPath string EphemeralNodeInactivityTimeout time.Duration IPPrefix netaddr.IPPrefix BaseDomain string @@ -129,8 +128,8 @@ type Headscale struct { dbString string dbType string dbDebug bool - publicKey *wgkey.Key - privateKey *wgkey.Private + publicKey *key.MachinePublic + privateKey *key.MachinePrivate DERPMap *tailcfg.DERPMap @@ -148,15 +147,7 @@ type Headscale struct { // NewHeadscale returns the Headscale app. func NewHeadscale(cfg Config) (*Headscale, error) { - content, err := os.ReadFile(cfg.PrivateKeyPath) - if err != nil { - return nil, err - } - - privKey, err := wgkey.ParsePrivate(string(content)) - if err != nil { - return nil, err - } + privKey := key.NewMachine() pubKey := privKey.Public() var dbString string @@ -185,13 +176,13 @@ func NewHeadscale(cfg Config) (*Headscale, error) { cfg: cfg, dbType: cfg.DBtype, dbString: dbString, - privateKey: privKey, + privateKey: &privKey, publicKey: &pubKey, aclRules: tailcfg.FilterAllowAll, // default allowall requestedExpiryCache: requestedExpiryCache, } - err = app.initDB() + err := app.initDB() if err != nil { return nil, err } diff --git a/config-example.yaml b/config-example.yaml index 6036930..dc4bd57 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -6,9 +6,6 @@ server_url: http://127.0.0.1:8080 # Address to listen to / bind to on the server listen_addr: 0.0.0.0:8080 -# Path to WireGuard private key file -private_key_path: private.key - derp: # List of externally available DERP maps encoded in JSON urls: diff --git a/docs/Configuration.md b/docs/Configuration.md index fa76642..f5e8c3f 100644 --- a/docs/Configuration.md +++ b/docs/Configuration.md @@ -21,12 +21,6 @@ log_level: debug `log_level` can be used to set the Log level for Headscale, it defaults to `debug`, and the available levels are: `trace`, `debug`, `info`, `warn` and `error`. -```yaml -private_key_path: private.key -``` - -`private_key_path` is the path to the Wireguard private key. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from. - ```yaml derp_map_path: derp.yaml ``` diff --git a/docs/DNS.md b/docs/DNS.md index e51feaf..5310652 100644 --- a/docs/DNS.md +++ b/docs/DNS.md @@ -15,7 +15,6 @@ The setup is done via the `config.yaml` file, under the `dns_config` key. ```yaml server_url: http://127.0.0.1:8001 listen_addr: 0.0.0.0:8001 -private_key_path: private.key dns_config: nameservers: - 1.1.1.1 diff --git a/k8s/postgres/deployment.yaml b/k8s/postgres/deployment.yaml index 661d87e..75e6444 100644 --- a/k8s/postgres/deployment.yaml +++ b/k8s/postgres/deployment.yaml @@ -25,8 +25,6 @@ spec: configMapKeyRef: name: headscale-config key: listen_addr - - name: PRIVATE_KEY_PATH - value: /vol/secret/private-key - name: DERP_MAP_PATH value: /vol/config/derp.yaml - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT diff --git a/k8s/sqlite/statefulset.yaml b/k8s/sqlite/statefulset.yaml index 71077da..050bf76 100644 --- a/k8s/sqlite/statefulset.yaml +++ b/k8s/sqlite/statefulset.yaml @@ -26,8 +26,6 @@ spec: configMapKeyRef: name: headscale-config key: listen_addr - - name: PRIVATE_KEY_PATH - value: /vol/secret/private-key - name: DERP_MAP_PATH value: /vol/config/derp.yaml - name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT