Switch wgkey for types/key
We dont seem to need the wireguard key anymore, we generate a key on startup based on the new library and the users fetch it from /key. Clean up app.go and update docs
This commit is contained in:
parent
50b47adaa3
commit
c63c259d31
6 changed files with 6 additions and 29 deletions
21
app.go
21
app.go
|
@ -43,7 +43,7 @@ import (
|
||||||
"inet.af/netaddr"
|
"inet.af/netaddr"
|
||||||
"tailscale.com/tailcfg"
|
"tailscale.com/tailcfg"
|
||||||
"tailscale.com/types/dnstype"
|
"tailscale.com/types/dnstype"
|
||||||
"tailscale.com/types/wgkey"
|
"tailscale.com/types/key"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -66,7 +66,6 @@ const (
|
||||||
type Config struct {
|
type Config struct {
|
||||||
ServerURL string
|
ServerURL string
|
||||||
Addr string
|
Addr string
|
||||||
PrivateKeyPath string
|
|
||||||
EphemeralNodeInactivityTimeout time.Duration
|
EphemeralNodeInactivityTimeout time.Duration
|
||||||
IPPrefix netaddr.IPPrefix
|
IPPrefix netaddr.IPPrefix
|
||||||
BaseDomain string
|
BaseDomain string
|
||||||
|
@ -129,8 +128,8 @@ type Headscale struct {
|
||||||
dbString string
|
dbString string
|
||||||
dbType string
|
dbType string
|
||||||
dbDebug bool
|
dbDebug bool
|
||||||
publicKey *wgkey.Key
|
publicKey *key.MachinePublic
|
||||||
privateKey *wgkey.Private
|
privateKey *key.MachinePrivate
|
||||||
|
|
||||||
DERPMap *tailcfg.DERPMap
|
DERPMap *tailcfg.DERPMap
|
||||||
|
|
||||||
|
@ -148,15 +147,7 @@ type Headscale struct {
|
||||||
|
|
||||||
// NewHeadscale returns the Headscale app.
|
// NewHeadscale returns the Headscale app.
|
||||||
func NewHeadscale(cfg Config) (*Headscale, error) {
|
func NewHeadscale(cfg Config) (*Headscale, error) {
|
||||||
content, err := os.ReadFile(cfg.PrivateKeyPath)
|
privKey := key.NewMachine()
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
privKey, err := wgkey.ParsePrivate(string(content))
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
pubKey := privKey.Public()
|
pubKey := privKey.Public()
|
||||||
|
|
||||||
var dbString string
|
var dbString string
|
||||||
|
@ -185,13 +176,13 @@ func NewHeadscale(cfg Config) (*Headscale, error) {
|
||||||
cfg: cfg,
|
cfg: cfg,
|
||||||
dbType: cfg.DBtype,
|
dbType: cfg.DBtype,
|
||||||
dbString: dbString,
|
dbString: dbString,
|
||||||
privateKey: privKey,
|
privateKey: &privKey,
|
||||||
publicKey: &pubKey,
|
publicKey: &pubKey,
|
||||||
aclRules: tailcfg.FilterAllowAll, // default allowall
|
aclRules: tailcfg.FilterAllowAll, // default allowall
|
||||||
requestedExpiryCache: requestedExpiryCache,
|
requestedExpiryCache: requestedExpiryCache,
|
||||||
}
|
}
|
||||||
|
|
||||||
err = app.initDB()
|
err := app.initDB()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,9 +6,6 @@ server_url: http://127.0.0.1:8080
|
||||||
# Address to listen to / bind to on the server
|
# Address to listen to / bind to on the server
|
||||||
listen_addr: 0.0.0.0:8080
|
listen_addr: 0.0.0.0:8080
|
||||||
|
|
||||||
# Path to WireGuard private key file
|
|
||||||
private_key_path: private.key
|
|
||||||
|
|
||||||
derp:
|
derp:
|
||||||
# List of externally available DERP maps encoded in JSON
|
# List of externally available DERP maps encoded in JSON
|
||||||
urls:
|
urls:
|
||||||
|
|
|
@ -21,12 +21,6 @@ log_level: debug
|
||||||
|
|
||||||
`log_level` can be used to set the Log level for Headscale, it defaults to `debug`, and the available levels are: `trace`, `debug`, `info`, `warn` and `error`.
|
`log_level` can be used to set the Log level for Headscale, it defaults to `debug`, and the available levels are: `trace`, `debug`, `info`, `warn` and `error`.
|
||||||
|
|
||||||
```yaml
|
|
||||||
private_key_path: private.key
|
|
||||||
```
|
|
||||||
|
|
||||||
`private_key_path` is the path to the Wireguard private key. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
|
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
derp_map_path: derp.yaml
|
derp_map_path: derp.yaml
|
||||||
```
|
```
|
||||||
|
|
|
@ -15,7 +15,6 @@ The setup is done via the `config.yaml` file, under the `dns_config` key.
|
||||||
```yaml
|
```yaml
|
||||||
server_url: http://127.0.0.1:8001
|
server_url: http://127.0.0.1:8001
|
||||||
listen_addr: 0.0.0.0:8001
|
listen_addr: 0.0.0.0:8001
|
||||||
private_key_path: private.key
|
|
||||||
dns_config:
|
dns_config:
|
||||||
nameservers:
|
nameservers:
|
||||||
- 1.1.1.1
|
- 1.1.1.1
|
||||||
|
|
|
@ -25,8 +25,6 @@ spec:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: headscale-config
|
name: headscale-config
|
||||||
key: listen_addr
|
key: listen_addr
|
||||||
- name: PRIVATE_KEY_PATH
|
|
||||||
value: /vol/secret/private-key
|
|
||||||
- name: DERP_MAP_PATH
|
- name: DERP_MAP_PATH
|
||||||
value: /vol/config/derp.yaml
|
value: /vol/config/derp.yaml
|
||||||
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
|
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
|
||||||
|
|
|
@ -26,8 +26,6 @@ spec:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: headscale-config
|
name: headscale-config
|
||||||
key: listen_addr
|
key: listen_addr
|
||||||
- name: PRIVATE_KEY_PATH
|
|
||||||
value: /vol/secret/private-key
|
|
||||||
- name: DERP_MAP_PATH
|
- name: DERP_MAP_PATH
|
||||||
value: /vol/config/derp.yaml
|
value: /vol/config/derp.yaml
|
||||||
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
|
- name: EPHEMERAL_NODE_INACTIVITY_TIMEOUT
|
||||||
|
|
Loading…
Reference in a new issue