diff --git a/config-example.yaml b/config-example.yaml index b4539f4..7b4398d 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -258,7 +258,7 @@ dns_config: # Defines the base domain to create the hostnames for MagicDNS. # `base_domain` must be a FQDNs, without the trailing dot. # The FQDN of the hosts will be - # `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_). + # `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_). base_domain: example.com # Unix socket used for the CLI to connect without authentication @@ -301,9 +301,9 @@ unix_socket_permission: "0770" # - alice@example.com # # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. -# This will transform `first-name.last-name@example.com` to the namespace `first-name.last-name` +# This will transform `first-name.last-name@example.com` to the user `first-name.last-name` # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following -# namespace: `first-name.last-name.example.com` +# user: `first-name.last-name.example.com` # # strip_email_domain: true diff --git a/docs/README.md b/docs/README.md index fcf819b..843c450 100644 --- a/docs/README.md +++ b/docs/README.md @@ -39,12 +39,12 @@ written by community members. It is _not_ verified by `headscale` developers. Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-hosted environment. For instance, instead of referring to users when defining groups you must -use namespaces (which are the equivalent to user/logins in Tailscale.com). +use users (which are the equivalent to user/logins in Tailscale.com). Please check https://tailscale.com/kb/1018/acls/, and `./tests/acls/` in this repo for working examples. -When using ACL's the Namespace borders are no longer applied. All machines -whichever the Namespace have the ability to communicate with other hosts as +When using ACL's the User borders are no longer applied. All machines +whichever the User have the ability to communicate with other hosts as long as the ACL's permits this exchange. The [ACLs](acls.md) document should help understand a fictional case of setting diff --git a/docs/acls.md b/docs/acls.md index 148f973..20e073a 100644 --- a/docs/acls.md +++ b/docs/acls.md @@ -29,17 +29,17 @@ servers. ## ACL setup -Note: Namespaces will be created automatically when users authenticate with the +Note: Users will be created automatically when users authenticate with the Headscale server. ACLs could be written either on [huJSON](https://github.com/tailscale/hujson) or YAML. Check the [test ACLs](../tests/acls) for further information. When registering the servers we will need to add the flag -`--advertise-tags=tag:,tag:`, and the user (namespace) that is +`--advertise-tags=tag:,tag:`, and the user that is registering the server should be allowed to do it. Since anyone can add tags to a server they can register, the check of the tags is done on headscale server -and only valid tags are applied. A tag is valid if the namespace that is +and only valid tags are applied. A tag is valid if the user that is registering it is allowed to do it. Here are the ACL's to implement the same permissions as above: @@ -164,8 +164,8 @@ Here are the ACL's to implement the same permissions as above: "dst": ["tag:dev-app-servers:80,443"] }, - // We still have to allow internal namespaces communications since nothing guarantees that each user have - // their own namespaces. + // We still have to allow internal users communications since nothing guarantees that each user have + // their own users. { "action": "accept", "src": ["boss"], "dst": ["boss:*"] }, { "action": "accept", "src": ["dev1"], "dst": ["dev1:*"] }, { "action": "accept", "src": ["dev2"], "dst": ["dev2:*"] }, diff --git a/docs/glossary.md b/docs/glossary.md index c38060d..f42941a 100644 --- a/docs/glossary.md +++ b/docs/glossary.md @@ -1,6 +1,6 @@ # Glossary -| Term | Description | -| --------- | --------------------------------------------------------------------------------------------------------------------- | -| Machine | A machine is a single entity connected to `headscale`, typically an installation of Tailscale. Also known as **Node** | -| Namespace | A namespace is a logical grouping of machines "owned" by the same entity, in Tailscale, this is typically a User | +| Term | Description | +| --------- | ------------------------------------------------------------------------------------------------------------------------------------------- | +| Machine | A machine is a single entity connected to `headscale`, typically an installation of Tailscale. Also known as **Node** | +| Namespace | A namespace was a logical grouping of machines "owned" by the same entity, in Tailscale, this is typically a User (This is now called user) | diff --git a/docs/oidc.md b/docs/oidc.md index 59651b6..6c02541 100644 --- a/docs/oidc.md +++ b/docs/oidc.md @@ -44,9 +44,9 @@ oidc: - alice@example.com # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. - # This will transform `first-name.last-name@example.com` to the namespace `first-name.last-name` + # This will transform `first-name.last-name@example.com` to the user `first-name.last-name` # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following - # namespace: `first-name.last-name.example.com` + # user: `first-name.last-name.example.com` strip_email_domain: true ``` diff --git a/docs/running-headscale-container.md b/docs/running-headscale-container.md index 4e55e0f..ef4afe7 100644 --- a/docs/running-headscale-container.md +++ b/docs/running-headscale-container.md @@ -101,11 +101,11 @@ Verify `headscale` is available: curl http://127.0.0.1:9090/metrics ``` -6. Create a namespace ([tailnet](https://tailscale.com/kb/1136/tailnet/)): +6. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)): ```shell docker exec headscale \ - headscale namespaces create myfirstnamespace + headscale users create myfirstuser ``` ### Register a machine (normal login) @@ -120,7 +120,7 @@ To register a machine when running `headscale` in a container, take the headscal ```shell docker exec headscale \ - headscale --namespace myfirstnamespace nodes register --key + headscale --user myfirstuser nodes register --key ``` ### Register machine using a pre authenticated key @@ -129,7 +129,7 @@ Generate a key using the command line: ```shell docker exec headscale \ - headscale --namespace myfirstnamespace preauthkeys create --reusable --expiration 24h + headscale --user myfirstuser preauthkeys create --reusable --expiration 24h ``` This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command: diff --git a/docs/running-headscale-linux.md b/docs/running-headscale-linux.md index 89d02e8..10f4a51 100644 --- a/docs/running-headscale-linux.md +++ b/docs/running-headscale-linux.md @@ -78,10 +78,10 @@ Verify `headscale` is available: curl http://127.0.0.1:9090/metrics ``` -8. Create a namespace ([tailnet](https://tailscale.com/kb/1136/tailnet/)): +8. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)): ```shell -headscale namespaces create myfirstnamespace +headscale users create myfirstuser ``` ### Register a machine (normal login) @@ -95,7 +95,7 @@ tailscale up --login-server YOUR_HEADSCALE_URL Register the machine: ```shell -headscale --namespace myfirstnamespace nodes register --key +headscale --user myfirstuser nodes register --key ``` ### Register machine using a pre authenticated key @@ -103,7 +103,7 @@ headscale --namespace myfirstnamespace nodes register --key Generate a key using the command line: ```shell -headscale --namespace myfirstnamespace preauthkeys create --reusable --expiration 24h +headscale --user myfirstuser preauthkeys create --reusable --expiration 24h ``` This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command: diff --git a/docs/running-headscale-openbsd.md b/docs/running-headscale-openbsd.md index 7ab486b..8594196 100644 --- a/docs/running-headscale-openbsd.md +++ b/docs/running-headscale-openbsd.md @@ -116,10 +116,10 @@ Verify `headscale` is available: curl http://127.0.0.1:9090/metrics ``` -6. Create a namespace ([tailnet](https://tailscale.com/kb/1136/tailnet/)): +6. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)): ```shell -headscale namespaces create myfirstnamespace +headscale users create myfirstuser ``` ### Register a machine (normal login) @@ -133,7 +133,7 @@ tailscale up --login-server YOUR_HEADSCALE_URL Register the machine: ```shell -headscale --namespace myfirstnamespace nodes register --key +headscale --user myfirstuser nodes register --key ``` ### Register machine using a pre authenticated key @@ -141,7 +141,7 @@ headscale --namespace myfirstnamespace nodes register --key Generate a key using the command line: ```shell -headscale --namespace myfirstnamespace preauthkeys create --reusable --expiration 24h +headscale --user myfirstuser preauthkeys create --reusable --expiration 24h ``` This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command: