Compare commits
156 commits
22355c4705
...
46b481b102
Author | SHA1 | Date | |
---|---|---|---|
46b481b102 | |||
|
f368ed01ed | ||
|
adc084f20f | ||
|
42d2c27853 | ||
|
1c34101e72 | ||
|
6609f60938 | ||
|
35bfe7ced0 | ||
|
e43d6a0361 | ||
|
f039caf134 | ||
|
d66c5e144f | ||
|
3101f895a7 | ||
|
aa0f3d43cc | ||
|
ed71d230eb | ||
|
976cbfa630 | ||
|
a9a1a07e37 | ||
|
1193a50e9e | ||
|
cb0e2e4476 | ||
|
2b5e52b08b | ||
|
fffd9d7ee9 | ||
|
76515d12d6 | ||
|
34361c6f82 | ||
|
f4427dd29e | ||
|
cf6a606d74 | ||
|
827e3e83ae | ||
|
9c4c286696 | ||
|
a68854ac33 | ||
|
9bed76d481 | ||
|
84cb5d0aed | ||
|
f99497340b | ||
|
fdc034e8ae | ||
|
ac8491efec | ||
|
022fb24cd9 | ||
|
fcd1183805 | ||
|
ece907d878 | ||
|
948d53f934 | ||
|
06f07053eb | ||
|
4ad3f3c484 | ||
|
db7a4358e9 | ||
|
b799245f1e | ||
|
8571513e3c | ||
|
ca47d6f353 | ||
|
11fde62b8c | ||
|
9e523d4687 | ||
|
7e62031444 | ||
|
58bd38a609 | ||
|
00ff288f0c | ||
|
8823778d05 | ||
|
74d27ee5fa | ||
|
3f60ab23a6 | ||
|
eb1591df35 | ||
|
89ada557bc | ||
|
14a3f94f0c | ||
|
4a34cfc4a6 | ||
|
8f8f469c0a | ||
|
69c33658f6 | ||
|
99e91a9d8a | ||
|
dfc089ed6a | ||
|
51676c668b | ||
|
1f4b59566a | ||
|
5f9c26930c | ||
|
5a4e52b727 | ||
|
51b56ba447 | ||
|
c8ebbede54 | ||
|
8185a70dc7 | ||
|
2dc62e981e | ||
|
39b34ad1cb | ||
|
5ad0aa44cb | ||
|
723a0408a3 | ||
|
901613a24b | ||
|
d211b930ee | ||
|
30986c29cd | ||
|
faa57ddc28 | ||
|
fff229f4f6 | ||
|
fd4f921281 | ||
|
151f224a98 | ||
|
a9763c9692 | ||
|
7fd2485000 | ||
|
1e128fc854 | ||
|
bd78f564b9 | ||
|
77c6bcacca | ||
|
51a257b700 | ||
|
890d6e73fb | ||
|
2bac80cfbf | ||
|
93a915c096 | ||
|
622aa82da2 | ||
|
a9c568c801 | ||
|
1c6bfc503c | ||
|
55b35f4160 | ||
|
d5ed8bc074 | ||
|
87e2ae4d52 | ||
|
ff427ccb78 | ||
|
39277844dd | ||
|
50a7d15769 | ||
|
d740ee489e | ||
|
10e37ec28d | ||
|
cb0b495ea9 | ||
|
fef8261339 | ||
|
c62d5570f2 | ||
|
318d5d2b21 | ||
|
9229d17bbe | ||
|
aba4b36030 | ||
|
bd047928f7 | ||
|
9375b09206 | ||
|
ba614a5e6c | ||
|
7d8178406d | ||
|
8394208856 | ||
|
803269a64c | ||
|
d6ec31c4e0 | ||
|
68503581a0 | ||
|
e2afd30b1c | ||
|
c906aaf927 | ||
|
580f96ce83 | ||
|
c4c8cfe5ea | ||
|
40953727cf | ||
|
d4af0c386c | ||
|
2ce23df45a | ||
|
85cef84e17 | ||
|
7d62e9fce5 | ||
|
60f0cf908c | ||
|
1704977e76 | ||
|
bf4fd078fc | ||
|
58c94d2bd3 | ||
|
dd693c444c | ||
|
2858ab402a | ||
|
7bea885b8c | ||
|
84de1854f8 | ||
|
6efc50789d | ||
|
0fcfd643fa | ||
|
bdf54e802e | ||
|
dbe32829a1 | ||
|
2fb7428ba9 | ||
|
8a8e25a8d1 | ||
|
4d9021047f | ||
|
74ff14eb30 | ||
|
c1d4fef194 | ||
|
785b150467 | ||
|
20bf3777d3 | ||
|
c29eddded3 | ||
|
b477e5f366 | ||
|
95004de5e8 | ||
|
ef26f58085 | ||
|
1d3eae8861 | ||
|
a244eabd03 | ||
|
e15a08326c | ||
|
c9966ba6c2 | ||
|
7a920ee701 | ||
|
8b2c31aabc | ||
|
5dbd59ca55 | ||
|
3f162c212c | ||
|
384ca03208 | ||
|
f581d4d9c0 | ||
|
b60ee9db54 | ||
|
c73e8476b9 | ||
|
6055d0b397 | ||
|
1904d79e90 | ||
|
1b01b9e14f |
239 changed files with 12785 additions and 11250 deletions
15
.coderabbit.yaml
Normal file
15
.coderabbit.yaml
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
|
||||||
|
language: "en-GB"
|
||||||
|
early_access: false
|
||||||
|
reviews:
|
||||||
|
profile: "chill"
|
||||||
|
request_changes_workflow: false
|
||||||
|
high_level_summary: true
|
||||||
|
poem: true
|
||||||
|
review_status: true
|
||||||
|
collapse_walkthrough: false
|
||||||
|
auto_review:
|
||||||
|
enabled: true
|
||||||
|
drafts: true
|
||||||
|
chat:
|
||||||
|
auto_reply: true
|
65
.github/ISSUE_TEMPLATE/bug_report.md
vendored
65
.github/ISSUE_TEMPLATE/bug_report.md
vendored
|
@ -1,65 +0,0 @@
|
||||||
---
|
|
||||||
name: "Bug report"
|
|
||||||
about: "Create a bug report to help us improve"
|
|
||||||
title: ""
|
|
||||||
labels: ["bug"]
|
|
||||||
assignees: ""
|
|
||||||
---
|
|
||||||
|
|
||||||
<!--
|
|
||||||
Before posting a bug report, discuss the behaviour you are expecting with the Discord community
|
|
||||||
to make sure that it is truly a bug.
|
|
||||||
The issue tracker is not the place to ask for support or how to set up Headscale.
|
|
||||||
|
|
||||||
Bug reports without the sufficient information will be closed.
|
|
||||||
|
|
||||||
Headscale is a multinational community across the globe. Our language is English.
|
|
||||||
All bug reports needs to be in English.
|
|
||||||
-->
|
|
||||||
|
|
||||||
## Bug description
|
|
||||||
|
|
||||||
<!-- A clear and concise description of what the bug is. Describe the expected bahavior
|
|
||||||
and how it is currently different. If you are unsure if it is a bug, consider discussing
|
|
||||||
it on our Discord server first. -->
|
|
||||||
|
|
||||||
## Environment
|
|
||||||
|
|
||||||
<!-- Please add relevant information about your system. For example:
|
|
||||||
- Version of headscale used
|
|
||||||
- Version of tailscale client
|
|
||||||
- OS (e.g. Linux, Mac, Cygwin, WSL, etc.) and version
|
|
||||||
- Kernel version
|
|
||||||
- The relevant config parameters you used
|
|
||||||
- Log output
|
|
||||||
-->
|
|
||||||
|
|
||||||
- OS:
|
|
||||||
- Headscale version:
|
|
||||||
- Tailscale version:
|
|
||||||
|
|
||||||
<!--
|
|
||||||
We do not support running Headscale in a container nor behind a (reverse) proxy.
|
|
||||||
If either of these are true for your environment, ask the community in Discord
|
|
||||||
instead of filing a bug report.
|
|
||||||
-->
|
|
||||||
|
|
||||||
- [ ] Headscale is behind a (reverse) proxy
|
|
||||||
- [ ] Headscale runs in a container
|
|
||||||
|
|
||||||
## To Reproduce
|
|
||||||
|
|
||||||
<!-- Steps to reproduce the behavior. -->
|
|
||||||
|
|
||||||
## Logs and attachments
|
|
||||||
|
|
||||||
<!-- Please attach files with:
|
|
||||||
- Client netmap dump (see below)
|
|
||||||
- ACL configuration
|
|
||||||
- Headscale configuration
|
|
||||||
|
|
||||||
Dump the netmap of tailscale clients:
|
|
||||||
`tailscale debug netmap > DESCRIPTIVE_NAME.json`
|
|
||||||
|
|
||||||
Please provide information describing the netmap, which client, which headscale version etc.
|
|
||||||
-->
|
|
83
.github/ISSUE_TEMPLATE/bug_report.yaml
vendored
Normal file
83
.github/ISSUE_TEMPLATE/bug_report.yaml
vendored
Normal file
|
@ -0,0 +1,83 @@
|
||||||
|
name: 🐞 Bug
|
||||||
|
description: File a bug/issue
|
||||||
|
title: "[Bug] <title>"
|
||||||
|
labels: ["bug", "needs triage"]
|
||||||
|
body:
|
||||||
|
- type: checkboxes
|
||||||
|
attributes:
|
||||||
|
label: Is this a support request?
|
||||||
|
description: This issue tracker is for bugs and feature requests only. If you need help, please use ask in our Discord community
|
||||||
|
options:
|
||||||
|
- label: This is not a support request
|
||||||
|
required: true
|
||||||
|
- type: checkboxes
|
||||||
|
attributes:
|
||||||
|
label: Is there an existing issue for this?
|
||||||
|
description: Please search to see if an issue already exists for the bug you encountered.
|
||||||
|
options:
|
||||||
|
- label: I have searched the existing issues
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: Current Behavior
|
||||||
|
description: A concise description of what you're experiencing.
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: Expected Behavior
|
||||||
|
description: A concise description of what you expected to happen.
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: Steps To Reproduce
|
||||||
|
description: Steps to reproduce the behavior.
|
||||||
|
placeholder: |
|
||||||
|
1. In this environment...
|
||||||
|
1. With this config...
|
||||||
|
1. Run '...'
|
||||||
|
1. See error...
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: Environment
|
||||||
|
description: |
|
||||||
|
examples:
|
||||||
|
- **OS**: Ubuntu 20.04
|
||||||
|
- **Headscale version**: 0.22.3
|
||||||
|
- **Tailscale version**: 1.64.0
|
||||||
|
value: |
|
||||||
|
- OS:
|
||||||
|
- Headscale version:
|
||||||
|
- Tailscale version:
|
||||||
|
render: markdown
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: checkboxes
|
||||||
|
attributes:
|
||||||
|
label: Runtime environment
|
||||||
|
options:
|
||||||
|
- label: Headscale is behind a (reverse) proxy
|
||||||
|
required: false
|
||||||
|
- label: Headscale runs in a container
|
||||||
|
required: false
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: Anything else?
|
||||||
|
description: |
|
||||||
|
Links? References? Anything that will give us more context about the issue you are encountering!
|
||||||
|
|
||||||
|
- Client netmap dump (see below)
|
||||||
|
- ACL configuration
|
||||||
|
- Headscale configuration
|
||||||
|
|
||||||
|
Dump the netmap of tailscale clients:
|
||||||
|
`tailscale debug netmap > DESCRIPTIVE_NAME.json`
|
||||||
|
|
||||||
|
Please provide information describing the netmap, which client, which headscale version etc.
|
||||||
|
|
||||||
|
Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
|
||||||
|
validations:
|
||||||
|
required: false
|
26
.github/ISSUE_TEMPLATE/feature_request.md
vendored
26
.github/ISSUE_TEMPLATE/feature_request.md
vendored
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
name: "Feature request"
|
|
||||||
about: "Suggest an idea for headscale"
|
|
||||||
title: ""
|
|
||||||
labels: ["enhancement"]
|
|
||||||
assignees: ""
|
|
||||||
---
|
|
||||||
|
|
||||||
<!--
|
|
||||||
We typically have a clear roadmap for what we want to improve and reserve the right
|
|
||||||
to close feature requests that does not fit in the roadmap, or fit with the scope
|
|
||||||
of the project, or we actually want to implement ourselves.
|
|
||||||
|
|
||||||
Headscale is a multinational community across the globe. Our language is English.
|
|
||||||
All bug reports needs to be in English.
|
|
||||||
-->
|
|
||||||
|
|
||||||
## Why
|
|
||||||
|
|
||||||
<!-- Include the reason, why you would need the feature. E.g. what problem
|
|
||||||
does it solve? Or which workflow is currently frustrating and will be improved by
|
|
||||||
this? -->
|
|
||||||
|
|
||||||
## Description
|
|
||||||
|
|
||||||
<!-- A clear and precise description of what new or changed feature you want. -->
|
|
36
.github/ISSUE_TEMPLATE/feature_request.yaml
vendored
Normal file
36
.github/ISSUE_TEMPLATE/feature_request.yaml
vendored
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
name: 🚀 Feature Request
|
||||||
|
description: Suggest an idea for Headscale
|
||||||
|
title: "[Feature] <title>"
|
||||||
|
labels: [enhancement]
|
||||||
|
body:
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: Use case
|
||||||
|
description: Please describe the use case for this feature.
|
||||||
|
placeholder: |
|
||||||
|
<!-- Include the reason, why you would need the feature. E.g. what problem
|
||||||
|
does it solve? Or which workflow is currently frustrating and will be improved by
|
||||||
|
this? -->
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: Description
|
||||||
|
description: A clear and precise description of what new or changed feature you want.
|
||||||
|
validations:
|
||||||
|
required: true
|
||||||
|
- type: checkboxes
|
||||||
|
attributes:
|
||||||
|
label: Contribution
|
||||||
|
description: Are you willing to contribute to the implementation of this feature?
|
||||||
|
options:
|
||||||
|
- label: I can write the design doc for this feature
|
||||||
|
required: false
|
||||||
|
- label: I can contribute this feature
|
||||||
|
required: false
|
||||||
|
- type: textarea
|
||||||
|
attributes:
|
||||||
|
label: How can it be implemented?
|
||||||
|
description: Free text for your ideas on how this feature could be implemented.
|
||||||
|
validations:
|
||||||
|
required: false
|
2
.github/pull_request_template.md
vendored
2
.github/pull_request_template.md
vendored
|
@ -12,7 +12,7 @@ If you find mistakes in the documentation, please submit a fix to the documentat
|
||||||
|
|
||||||
<!-- Please tick if the following things apply. You… -->
|
<!-- Please tick if the following things apply. You… -->
|
||||||
|
|
||||||
- [ ] read the [CONTRIBUTING guidelines](README.md#contributing)
|
- [ ] have read the [CONTRIBUTING.md](./CONTRIBUTING.md) file
|
||||||
- [ ] raised a GitHub issue or discussed it on the projects chat beforehand
|
- [ ] raised a GitHub issue or discussed it on the projects chat beforehand
|
||||||
- [ ] added unit tests
|
- [ ] added unit tests
|
||||||
- [ ] added integration tests
|
- [ ] added integration tests
|
||||||
|
|
30
.github/workflows/build.yml
vendored
30
.github/workflows/build.yml
vendored
|
@ -16,31 +16,29 @@ jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
permissions: write-all
|
permissions: write-all
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
|
|
||||||
- name: Get changed files
|
- name: Get changed files
|
||||||
id: changed-files
|
id: changed-files
|
||||||
uses: tj-actions/changed-files@v34
|
uses: dorny/paths-filter@v3
|
||||||
with:
|
with:
|
||||||
files: |
|
filters: |
|
||||||
*.nix
|
files:
|
||||||
go.*
|
- '*.nix'
|
||||||
**/*.go
|
- 'go.*'
|
||||||
integration_test/
|
- '**/*.go'
|
||||||
config-example.yaml
|
- 'integration_test/'
|
||||||
|
- 'config-example.yaml'
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
|
||||||
- name: Run build
|
- name: Run build
|
||||||
id: build
|
id: build
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
run: |
|
run: |
|
||||||
nix build |& tee build-result
|
nix build |& tee build-result
|
||||||
BUILD_STATUS="${PIPESTATUS[0]}"
|
BUILD_STATUS="${PIPESTATUS[0]}"
|
||||||
|
@ -66,8 +64,8 @@ jobs:
|
||||||
body: 'Nix build failed with wrong gosum, please update "vendorSha256" (${{ steps.build.outputs.OLD_HASH }}) for the "headscale" package in flake.nix with the new SHA: ${{ steps.build.outputs.NEW_HASH }}'
|
body: 'Nix build failed with wrong gosum, please update "vendorSha256" (${{ steps.build.outputs.OLD_HASH }}) for the "headscale" package in flake.nix with the new SHA: ${{ steps.build.outputs.NEW_HASH }}'
|
||||||
})
|
})
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
- uses: actions/upload-artifact@v4
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
with:
|
with:
|
||||||
name: headscale-linux
|
name: headscale-linux
|
||||||
path: result/bin/headscale
|
path: result/bin/headscale
|
||||||
|
|
41
.github/workflows/check-tests.yaml
vendored
Normal file
41
.github/workflows/check-tests.yaml
vendored
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
name: Check integration tests workflow
|
||||||
|
|
||||||
|
on: [pull_request]
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
||||||
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
check-tests:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 2
|
||||||
|
- name: Get changed files
|
||||||
|
id: changed-files
|
||||||
|
uses: dorny/paths-filter@v3
|
||||||
|
with:
|
||||||
|
filters: |
|
||||||
|
files:
|
||||||
|
- '*.nix'
|
||||||
|
- 'go.*'
|
||||||
|
- '**/*.go'
|
||||||
|
- 'integration_test/'
|
||||||
|
- 'config-example.yaml'
|
||||||
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
|
||||||
|
- name: Generate and check integration tests
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
run: |
|
||||||
|
nix develop --command bash -c "cd cmd/gh-action-integration-generator/ && go generate"
|
||||||
|
git diff --exit-code .github/workflows/test-integration.yaml
|
||||||
|
|
||||||
|
- name: Show missing tests
|
||||||
|
if: failure()
|
||||||
|
run: |
|
||||||
|
git diff .github/workflows/test-integration.yaml
|
35
.github/workflows/contributors.yml
vendored
35
.github/workflows/contributors.yml
vendored
|
@ -1,35 +0,0 @@
|
||||||
name: Contributors
|
|
||||||
|
|
||||||
on:
|
|
||||||
push:
|
|
||||||
branches:
|
|
||||||
- main
|
|
||||||
workflow_dispatch:
|
|
||||||
jobs:
|
|
||||||
add-contributors:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: Delete upstream contributor branch
|
|
||||||
# Allow continue on failure to account for when the
|
|
||||||
# upstream branch is deleted or does not exist.
|
|
||||||
continue-on-error: true
|
|
||||||
run: git push origin --delete update-contributors
|
|
||||||
- name: Create up-to-date contributors branch
|
|
||||||
run: git checkout -B update-contributors
|
|
||||||
- name: Push empty contributors branch
|
|
||||||
run: git push origin update-contributors
|
|
||||||
- name: Switch back to main
|
|
||||||
run: git checkout main
|
|
||||||
- uses: BobAnkh/add-contributors@v0.2.2
|
|
||||||
with:
|
|
||||||
CONTRIBUTOR: "## Contributors"
|
|
||||||
COLUMN_PER_ROW: "6"
|
|
||||||
ACCESS_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
||||||
IMG_WIDTH: "100"
|
|
||||||
FONT_SIZE: "14"
|
|
||||||
PATH: "/README.md"
|
|
||||||
COMMIT_MESSAGE: "docs(README): update contributors"
|
|
||||||
AVATAR_SHAPE: "round"
|
|
||||||
BRANCH: "update-contributors"
|
|
||||||
PULL_REQUEST: "main"
|
|
27
.github/workflows/docs-test.yml
vendored
Normal file
27
.github/workflows/docs-test.yml
vendored
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
name: Test documentation build
|
||||||
|
|
||||||
|
on: [pull_request]
|
||||||
|
|
||||||
|
concurrency:
|
||||||
|
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
||||||
|
cancel-in-progress: true
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
steps:
|
||||||
|
- name: Checkout repository
|
||||||
|
uses: actions/checkout@v4
|
||||||
|
- name: Install python
|
||||||
|
uses: actions/setup-python@v4
|
||||||
|
with:
|
||||||
|
python-version: 3.x
|
||||||
|
- name: Setup cache
|
||||||
|
uses: actions/cache@v2
|
||||||
|
with:
|
||||||
|
key: ${{ github.ref }}
|
||||||
|
path: .cache
|
||||||
|
- name: Setup dependencies
|
||||||
|
run: pip install -r docs/requirements.txt
|
||||||
|
- name: Build docs
|
||||||
|
run: mkdocs build --strict
|
13
.github/workflows/docs.yml
vendored
13
.github/workflows/docs.yml
vendored
|
@ -1,4 +1,5 @@
|
||||||
name: Build documentation
|
name: Build documentation
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
|
@ -15,7 +16,7 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v4
|
||||||
- name: Install python
|
- name: Install python
|
||||||
uses: actions/setup-python@v4
|
uses: actions/setup-python@v4
|
||||||
with:
|
with:
|
||||||
|
@ -30,16 +31,22 @@ jobs:
|
||||||
- name: Build docs
|
- name: Build docs
|
||||||
run: mkdocs build --strict
|
run: mkdocs build --strict
|
||||||
- name: Upload artifact
|
- name: Upload artifact
|
||||||
uses: actions/upload-pages-artifact@v1
|
uses: actions/upload-pages-artifact@v3
|
||||||
with:
|
with:
|
||||||
path: ./site
|
path: ./site
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
environment:
|
environment:
|
||||||
name: github-pages
|
name: github-pages
|
||||||
url: ${{ steps.deployment.outputs.page_url }}
|
url: ${{ steps.deployment.outputs.page_url }}
|
||||||
|
permissions:
|
||||||
|
pages: write
|
||||||
|
id-token: write
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: build
|
needs: build
|
||||||
steps:
|
steps:
|
||||||
|
- name: Configure Pages
|
||||||
|
uses: actions/configure-pages@v4
|
||||||
- name: Deploy to GitHub Pages
|
- name: Deploy to GitHub Pages
|
||||||
id: deployment
|
id: deployment
|
||||||
uses: actions/deploy-pages@v1
|
uses: actions/deploy-pages@v4
|
||||||
|
|
5
.github/workflows/gh-actions-updater.yaml
vendored
5
.github/workflows/gh-actions-updater.yaml
vendored
|
@ -1,6 +1,5 @@
|
||||||
name: GitHub Actions Version Updater
|
name: GitHub Actions Version Updater
|
||||||
|
|
||||||
# Controls when the action will run.
|
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
# Automatically run on every Sunday
|
# Automatically run on every Sunday
|
||||||
|
@ -11,13 +10,13 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
# [Required] Access token with `workflow` scope.
|
# [Required] Access token with `workflow` scope.
|
||||||
token: ${{ secrets.WORKFLOW_SECRET }}
|
token: ${{ secrets.WORKFLOW_SECRET }}
|
||||||
|
|
||||||
- name: Run GitHub Actions Version Updater
|
- name: Run GitHub Actions Version Updater
|
||||||
uses: saadmk11/github-actions-version-updater@v0.7.1
|
uses: saadmk11/github-actions-version-updater@v0.8.1
|
||||||
with:
|
with:
|
||||||
# [Required] Access token with `workflow` scope.
|
# [Required] Access token with `workflow` scope.
|
||||||
token: ${{ secrets.WORKFLOW_SECRET }}
|
token: ${{ secrets.WORKFLOW_SECRET }}
|
||||||
|
|
89
.github/workflows/lint.yml
vendored
89
.github/workflows/lint.yml
vendored
|
@ -1,7 +1,6 @@
|
||||||
---
|
|
||||||
name: Lint
|
name: Lint
|
||||||
|
|
||||||
on: [push, pull_request]
|
on: [pull_request]
|
||||||
|
|
||||||
concurrency:
|
concurrency:
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
||||||
|
@ -11,70 +10,66 @@ jobs:
|
||||||
golangci-lint:
|
golangci-lint:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
|
|
||||||
- name: Get changed files
|
- name: Get changed files
|
||||||
id: changed-files
|
id: changed-files
|
||||||
uses: tj-actions/changed-files@v34
|
uses: dorny/paths-filter@v3
|
||||||
with:
|
with:
|
||||||
files: |
|
filters: |
|
||||||
*.nix
|
files:
|
||||||
go.*
|
- '*.nix'
|
||||||
**/*.go
|
- 'go.*'
|
||||||
integration_test/
|
- '**/*.go'
|
||||||
config-example.yaml
|
- 'integration_test/'
|
||||||
|
- 'config-example.yaml'
|
||||||
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
|
||||||
- name: golangci-lint
|
- name: golangci-lint
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
uses: golangci/golangci-lint-action@v2
|
run: nix develop --command -- golangci-lint run --new-from-rev=${{github.event.pull_request.base.sha}} --out-format=colored-line-number
|
||||||
with:
|
|
||||||
version: v1.51.2
|
|
||||||
|
|
||||||
# Only block PRs on new problems.
|
|
||||||
# If this is not enabled, we will end up having PRs
|
|
||||||
# blocked because new linters has appared and other
|
|
||||||
# parts of the code is affected.
|
|
||||||
only-new-issues: true
|
|
||||||
|
|
||||||
prettier-lint:
|
prettier-lint:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
|
|
||||||
- name: Get changed files
|
- name: Get changed files
|
||||||
id: changed-files
|
id: changed-files
|
||||||
uses: tj-actions/changed-files@v14.1
|
uses: dorny/paths-filter@v3
|
||||||
with:
|
with:
|
||||||
files: |
|
filters: |
|
||||||
*.nix
|
files:
|
||||||
**/*.md
|
- '*.nix'
|
||||||
**/*.yml
|
- '**/*.md'
|
||||||
**/*.yaml
|
- '**/*.yml'
|
||||||
**/*.ts
|
- '**/*.yaml'
|
||||||
**/*.js
|
- '**/*.ts'
|
||||||
**/*.sass
|
- '**/*.js'
|
||||||
**/*.css
|
- '**/*.sass'
|
||||||
**/*.scss
|
- '**/*.css'
|
||||||
**/*.html
|
- '**/*.scss'
|
||||||
|
- '**/*.html'
|
||||||
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
|
||||||
- name: Prettify code
|
- name: Prettify code
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
uses: creyD/prettier_action@v4.3
|
run: nix develop --command -- prettier --no-error-on-unmatched-pattern --ignore-unknown --check **/*.{ts,js,md,yaml,yml,sass,css,scss,html}
|
||||||
with:
|
|
||||||
prettier_options: >-
|
|
||||||
--check **/*.{ts,js,md,yaml,yml,sass,css,scss,html}
|
|
||||||
only_changed: false
|
|
||||||
dry: true
|
|
||||||
|
|
||||||
proto-lint:
|
proto-lint:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v4
|
||||||
- uses: bufbuild/buf-setup-action@v1.7.0
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
- uses: bufbuild/buf-lint-action@v1
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
with:
|
|
||||||
input: "proto"
|
- name: Buf lint
|
||||||
|
run: nix develop --command -- buf lint proto
|
||||||
|
|
6
.github/workflows/release.yml
vendored
6
.github/workflows/release.yml
vendored
|
@ -12,18 +12,18 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Login to DockerHub
|
- name: Login to DockerHub
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v3
|
||||||
with:
|
with:
|
||||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Login to GHCR
|
- name: Login to GHCR
|
||||||
uses: docker/login-action@v1
|
uses: docker/login-action@v3
|
||||||
with:
|
with:
|
||||||
registry: ghcr.io
|
registry: ghcr.io
|
||||||
username: ${{ github.repository_owner }}
|
username: ${{ github.repository_owner }}
|
||||||
|
|
4
.github/workflows/stale.yml
vendored
4
.github/workflows/stale.yml
vendored
|
@ -1,4 +1,5 @@
|
||||||
name: Close inactive issues
|
name: Close inactive issues
|
||||||
|
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: "30 1 * * *"
|
- cron: "30 1 * * *"
|
||||||
|
@ -10,7 +11,7 @@ jobs:
|
||||||
issues: write
|
issues: write
|
||||||
pull-requests: write
|
pull-requests: write
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/stale@v5
|
- uses: actions/stale@v9
|
||||||
with:
|
with:
|
||||||
days-before-issue-stale: 90
|
days-before-issue-stale: 90
|
||||||
days-before-issue-close: 7
|
days-before-issue-close: 7
|
||||||
|
@ -19,4 +20,5 @@ jobs:
|
||||||
close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
|
close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
|
||||||
days-before-pr-stale: -1
|
days-before-pr-stale: -1
|
||||||
days-before-pr-close: -1
|
days-before-pr-close: -1
|
||||||
|
exempt-issue-labels: "no-stale-bot"
|
||||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLAllowStarDst
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLAllowStarDst:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLAllowStarDst
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLAllowStarDst$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLAllowUser80Dst
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLAllowUser80Dst:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLAllowUser80Dst
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLAllowUser80Dst$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLAllowUserDst
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLAllowUserDst:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLAllowUserDst
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLAllowUserDst$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLDenyAllPort80
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLDenyAllPort80:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLDenyAllPort80
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLDenyAllPort80$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLDevice1CanAccessDevice2
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLDevice1CanAccessDevice2:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLDevice1CanAccessDevice2
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLDevice1CanAccessDevice2$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLHostsInNetMapTable
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLHostsInNetMapTable:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLHostsInNetMapTable
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLHostsInNetMapTable$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLNamedHostsCanReach
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLNamedHostsCanReach:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLNamedHostsCanReach
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLNamedHostsCanReach$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestACLNamedHostsCanReachBySubnet
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestACLNamedHostsCanReachBySubnet:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestACLNamedHostsCanReachBySubnet
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestACLNamedHostsCanReachBySubnet$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestApiKeyCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestApiKeyCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestApiKeyCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestApiKeyCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestAuthKeyLogoutAndRelogin
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestAuthKeyLogoutAndRelogin:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestAuthKeyLogoutAndRelogin
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestAuthKeyLogoutAndRelogin$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestAuthWebFlowAuthenticationPingAll
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestAuthWebFlowAuthenticationPingAll:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestAuthWebFlowAuthenticationPingAll
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestAuthWebFlowAuthenticationPingAll$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestAuthWebFlowLogoutAndRelogin
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestAuthWebFlowLogoutAndRelogin:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestAuthWebFlowLogoutAndRelogin
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestAuthWebFlowLogoutAndRelogin$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestCreateTailscale
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestCreateTailscale:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestCreateTailscale
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestCreateTailscale$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestDERPServerScenario
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestDERPServerScenario:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestDERPServerScenario
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestDERPServerScenario$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestEnableDisableAutoApprovedRoute
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestEnableDisableAutoApprovedRoute:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestEnableDisableAutoApprovedRoute
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestEnableDisableAutoApprovedRoute$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestEnablingRoutes
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestEnablingRoutes:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestEnablingRoutes
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestEnablingRoutes$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestEphemeral
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestEphemeral:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestEphemeral
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestEphemeral$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestExpireNode
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestExpireNode:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestExpireNode
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestExpireNode$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestHASubnetRouterFailover
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestHASubnetRouterFailover:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestHASubnetRouterFailover
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestHASubnetRouterFailover$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestHeadscale
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestHeadscale:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestHeadscale
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestHeadscale$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeAdvertiseTagNoACLCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeAdvertiseTagNoACLCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeAdvertiseTagNoACLCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeAdvertiseTagNoACLCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeAdvertiseTagWithACLCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeAdvertiseTagWithACLCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeAdvertiseTagWithACLCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeAdvertiseTagWithACLCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeExpireCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeExpireCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeExpireCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeExpireCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeMoveCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeMoveCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeMoveCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeMoveCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeOnlineLastSeenStatus
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeOnlineLastSeenStatus:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeOnlineLastSeenStatus
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeOnlineLastSeenStatus$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeRenameCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeRenameCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeRenameCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeRenameCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestNodeTagCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestNodeTagCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestNodeTagCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestNodeTagCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestOIDCAuthenticationPingAll
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestOIDCAuthenticationPingAll:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestOIDCAuthenticationPingAll
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestOIDCAuthenticationPingAll$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestOIDCExpireNodesBasedOnTokenExpiry
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestOIDCExpireNodesBasedOnTokenExpiry:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestOIDCExpireNodesBasedOnTokenExpiry
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestOIDCExpireNodesBasedOnTokenExpiry$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestPingAllByHostname
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestPingAllByHostname:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestPingAllByHostname
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestPingAllByHostname$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestPingAllByIP
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestPingAllByIP:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestPingAllByIP
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestPingAllByIP$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestPingAllByIPPublicDERP
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestPingAllByIPPublicDERP:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestPingAllByIPPublicDERP
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestPingAllByIPPublicDERP$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestPreAuthKeyCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestPreAuthKeyCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestPreAuthKeyCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestPreAuthKeyCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestPreAuthKeyCommandReusableEphemeral
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestPreAuthKeyCommandReusableEphemeral:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestPreAuthKeyCommandReusableEphemeral
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestPreAuthKeyCommandReusableEphemeral$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestPreAuthKeyCommandWithoutExpiry
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestPreAuthKeyCommandWithoutExpiry:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestPreAuthKeyCommandWithoutExpiry
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestPreAuthKeyCommandWithoutExpiry$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestResolveMagicDNS
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestResolveMagicDNS:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestResolveMagicDNS
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestResolveMagicDNS$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestSSHIsBlockedInACL
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestSSHIsBlockedInACL:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestSSHIsBlockedInACL
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestSSHIsBlockedInACL$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestSSHMultipleUsersAllToAll
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestSSHMultipleUsersAllToAll:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestSSHMultipleUsersAllToAll
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestSSHMultipleUsersAllToAll$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestSSHNoSSHConfigured
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestSSHNoSSHConfigured:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestSSHNoSSHConfigured
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestSSHNoSSHConfigured$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestSSHOneUserToAll
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestSSHOneUserToAll:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestSSHOneUserToAll
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestSSHOneUserToAll$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestSSHUserOnlyIsolation
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestSSHUserOnlyIsolation:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestSSHUserOnlyIsolation
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestSSHUserOnlyIsolation$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestSubnetRouteACL
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestSubnetRouteACL:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestSubnetRouteACL
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestSubnetRouteACL$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestTaildrop
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestTaildrop:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestTaildrop
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestTaildrop$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestTailscaleNodesJoiningHeadcale
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestTailscaleNodesJoiningHeadcale:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestTailscaleNodesJoiningHeadcale
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestTailscaleNodesJoiningHeadcale$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
|
@ -1,67 +0,0 @@
|
||||||
# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - TestUserCommand
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
TestUserCommand:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run TestUserCommand
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^TestUserCommand$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
122
.github/workflows/test-integration.yaml
vendored
Normal file
122
.github/workflows/test-integration.yaml
vendored
Normal file
|
@ -0,0 +1,122 @@
|
||||||
|
name: Integration Tests
|
||||||
|
on: [pull_request]
|
||||||
|
concurrency:
|
||||||
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
||||||
|
cancel-in-progress: true
|
||||||
|
jobs:
|
||||||
|
integration-test:
|
||||||
|
runs-on: ubuntu-latest
|
||||||
|
strategy:
|
||||||
|
fail-fast: false
|
||||||
|
matrix:
|
||||||
|
test:
|
||||||
|
- TestACLHostsInNetMapTable
|
||||||
|
- TestACLAllowUser80Dst
|
||||||
|
- TestACLDenyAllPort80
|
||||||
|
- TestACLAllowUserDst
|
||||||
|
- TestACLAllowStarDst
|
||||||
|
- TestACLNamedHostsCanReachBySubnet
|
||||||
|
- TestACLNamedHostsCanReach
|
||||||
|
- TestACLDevice1CanAccessDevice2
|
||||||
|
- TestPolicyUpdateWhileRunningWithCLIInDatabase
|
||||||
|
- TestOIDCAuthenticationPingAll
|
||||||
|
- TestOIDCExpireNodesBasedOnTokenExpiry
|
||||||
|
- TestAuthWebFlowAuthenticationPingAll
|
||||||
|
- TestAuthWebFlowLogoutAndRelogin
|
||||||
|
- TestUserCommand
|
||||||
|
- TestPreAuthKeyCommand
|
||||||
|
- TestPreAuthKeyCommandWithoutExpiry
|
||||||
|
- TestPreAuthKeyCommandReusableEphemeral
|
||||||
|
- TestPreAuthKeyCorrectUserLoggedInCommand
|
||||||
|
- TestApiKeyCommand
|
||||||
|
- TestNodeTagCommand
|
||||||
|
- TestNodeAdvertiseTagNoACLCommand
|
||||||
|
- TestNodeAdvertiseTagWithACLCommand
|
||||||
|
- TestNodeCommand
|
||||||
|
- TestNodeExpireCommand
|
||||||
|
- TestNodeRenameCommand
|
||||||
|
- TestNodeMoveCommand
|
||||||
|
- TestPolicyCommand
|
||||||
|
- TestPolicyBrokenConfigCommand
|
||||||
|
- TestResolveMagicDNS
|
||||||
|
- TestValidateResolvConf
|
||||||
|
- TestDERPServerScenario
|
||||||
|
- TestPingAllByIP
|
||||||
|
- TestPingAllByIPPublicDERP
|
||||||
|
- TestAuthKeyLogoutAndRelogin
|
||||||
|
- TestEphemeral
|
||||||
|
- TestEphemeralInAlternateTimezone
|
||||||
|
- TestEphemeral2006DeletedTooQuickly
|
||||||
|
- TestPingAllByHostname
|
||||||
|
- TestTaildrop
|
||||||
|
- TestExpireNode
|
||||||
|
- TestNodeOnlineStatus
|
||||||
|
- TestPingAllByIPManyUpDown
|
||||||
|
- TestEnablingRoutes
|
||||||
|
- TestHASubnetRouterFailover
|
||||||
|
- TestEnableDisableAutoApprovedRoute
|
||||||
|
- TestAutoApprovedSubRoute2068
|
||||||
|
- TestSubnetRouteACL
|
||||||
|
- TestHeadscale
|
||||||
|
- TestCreateTailscale
|
||||||
|
- TestTailscaleNodesJoiningHeadcale
|
||||||
|
- TestSSHOneUserToAll
|
||||||
|
- TestSSHMultipleUsersAllToAll
|
||||||
|
- TestSSHNoSSHConfigured
|
||||||
|
- TestSSHIsBlockedInACL
|
||||||
|
- TestSSHUserOnlyIsolation
|
||||||
|
database: [postgres, sqlite]
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 2
|
||||||
|
- name: Get changed files
|
||||||
|
id: changed-files
|
||||||
|
uses: dorny/paths-filter@v3
|
||||||
|
with:
|
||||||
|
filters: |
|
||||||
|
files:
|
||||||
|
- '*.nix'
|
||||||
|
- 'go.*'
|
||||||
|
- '**/*.go'
|
||||||
|
- 'integration_test/'
|
||||||
|
- 'config-example.yaml'
|
||||||
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
- uses: satackey/action-docker-layer-caching@main
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
continue-on-error: true
|
||||||
|
- name: Run Integration Test
|
||||||
|
uses: Wandalen/wretry.action@master
|
||||||
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
env:
|
||||||
|
USE_POSTGRES: ${{ matrix.database == 'postgres' && '1' || '0' }}
|
||||||
|
with:
|
||||||
|
attempt_limit: 5
|
||||||
|
command: |
|
||||||
|
nix develop --command -- docker run \
|
||||||
|
--tty --rm \
|
||||||
|
--volume ~/.cache/hs-integration-go:/go \
|
||||||
|
--name headscale-test-suite \
|
||||||
|
--volume $PWD:$PWD -w $PWD/integration \
|
||||||
|
--volume /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
--volume $PWD/control_logs:/tmp/control \
|
||||||
|
--env HEADSCALE_INTEGRATION_POSTGRES=${{env.USE_POSTGRES}} \
|
||||||
|
golang:1 \
|
||||||
|
go run gotest.tools/gotestsum@latest -- ./... \
|
||||||
|
-failfast \
|
||||||
|
-timeout 120m \
|
||||||
|
-parallel 1 \
|
||||||
|
-run "^${{ matrix.test }}$"
|
||||||
|
- uses: actions/upload-artifact@v4
|
||||||
|
if: always() && steps.changed-files.outputs.files == 'true'
|
||||||
|
with:
|
||||||
|
name: ${{ matrix.test }}-${{matrix.database}}-logs
|
||||||
|
path: "control_logs/*.log"
|
||||||
|
- uses: actions/upload-artifact@v4
|
||||||
|
if: always() && steps.changed-files.outputs.files == 'true'
|
||||||
|
with:
|
||||||
|
name: ${{ matrix.test }}-${{matrix.database}}-pprof
|
||||||
|
path: "control_logs/*.pprof.tar"
|
25
.github/workflows/test.yml
vendored
25
.github/workflows/test.yml
vendored
|
@ -11,26 +11,27 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
fetch-depth: 2
|
fetch-depth: 2
|
||||||
|
|
||||||
- name: Get changed files
|
- name: Get changed files
|
||||||
id: changed-files
|
id: changed-files
|
||||||
uses: tj-actions/changed-files@v34
|
uses: dorny/paths-filter@v3
|
||||||
with:
|
with:
|
||||||
files: |
|
filters: |
|
||||||
*.nix
|
files:
|
||||||
go.*
|
- '*.nix'
|
||||||
**/*.go
|
- 'go.*'
|
||||||
integration_test/
|
- '**/*.go'
|
||||||
config-example.yaml
|
- 'integration_test/'
|
||||||
|
- 'config-example.yaml'
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
- uses: DeterminateSystems/nix-installer-action@main
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
- uses: DeterminateSystems/magic-nix-cache-action@main
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
|
|
||||||
- name: Run tests
|
- name: Run tests
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
if: steps.changed-files.outputs.files == 'true'
|
||||||
run: nix develop --check
|
run: nix develop --command -- gotestsum
|
||||||
|
|
2
.github/workflows/update-flake.yml
vendored
2
.github/workflows/update-flake.yml
vendored
|
@ -9,7 +9,7 @@ jobs:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v4
|
||||||
- name: Install Nix
|
- name: Install Nix
|
||||||
uses: DeterminateSystems/nix-installer-action@main
|
uses: DeterminateSystems/nix-installer-action@main
|
||||||
- name: Update flake.lock
|
- name: Update flake.lock
|
||||||
|
|
|
@ -12,19 +12,13 @@ linters:
|
||||||
disable:
|
disable:
|
||||||
- depguard
|
- depguard
|
||||||
|
|
||||||
- exhaustivestruct
|
|
||||||
- revive
|
- revive
|
||||||
- lll
|
- lll
|
||||||
- interfacer
|
|
||||||
- scopelint
|
|
||||||
- maligned
|
|
||||||
- golint
|
|
||||||
- gofmt
|
- gofmt
|
||||||
- gochecknoglobals
|
- gochecknoglobals
|
||||||
- gochecknoinits
|
- gochecknoinits
|
||||||
- gocognit
|
- gocognit
|
||||||
- funlen
|
- funlen
|
||||||
- exhaustivestruct
|
|
||||||
- tagliatelle
|
- tagliatelle
|
||||||
- godox
|
- godox
|
||||||
- ireturn
|
- ireturn
|
||||||
|
@ -34,13 +28,6 @@ linters:
|
||||||
- musttag # causes issues with imported libs
|
- musttag # causes issues with imported libs
|
||||||
- depguard
|
- depguard
|
||||||
|
|
||||||
# deprecated
|
|
||||||
- structcheck # replaced by unused
|
|
||||||
- ifshort # deprecated by the owner
|
|
||||||
- varcheck # replaced by unused
|
|
||||||
- nosnakecase # replaced by revive
|
|
||||||
- deadcode # replaced by unused
|
|
||||||
|
|
||||||
# We should strive to enable these:
|
# We should strive to enable these:
|
||||||
- wrapcheck
|
- wrapcheck
|
||||||
- dupl
|
- dupl
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
---
|
---
|
||||||
|
version: 2
|
||||||
before:
|
before:
|
||||||
hooks:
|
hooks:
|
||||||
- go mod tidy -compat=1.22
|
- go mod tidy -compat=1.22
|
||||||
|
@ -97,13 +98,17 @@ kos:
|
||||||
- linux/arm64
|
- linux/arm64
|
||||||
- linux/arm/v7
|
- linux/arm/v7
|
||||||
tags:
|
tags:
|
||||||
- latest
|
- "{{ if not .Prerelease }}latest{{ end }}"
|
||||||
- "{{ .Tag }}"
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}.{{ .Patch }}{{ end }}"
|
||||||
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}{{ end }}"
|
||||||
- "{{ .Major }}.{{ .Minor }}"
|
- "{{ if not .Prerelease }}{{ .Major }}{{ end }}"
|
||||||
- "{{ .Major }}"
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}.{{ .Patch }}{{ end }}"
|
||||||
- "sha-{{ .ShortCommit }}"
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}v{{ .Major }}{{ end }}"
|
||||||
- "{{ if not .Prerelease }}stable{{ else }}unstable{{ end }}"
|
- "{{ if not .Prerelease }}stable{{ else }}unstable{{ end }}"
|
||||||
|
- "{{ .Tag }}"
|
||||||
|
- '{{ trimprefix .Tag "v" }}'
|
||||||
|
- "sha-{{ .ShortCommit }}"
|
||||||
|
|
||||||
- id: dockerhub
|
- id: dockerhub
|
||||||
build: headscale
|
build: headscale
|
||||||
|
@ -116,19 +121,22 @@ kos:
|
||||||
- linux/arm64
|
- linux/arm64
|
||||||
- linux/arm/v7
|
- linux/arm/v7
|
||||||
tags:
|
tags:
|
||||||
- latest
|
- "{{ if not .Prerelease }}latest{{ end }}"
|
||||||
- "{{ .Tag }}"
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}.{{ .Patch }}{{ end }}"
|
||||||
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}"
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}{{ end }}"
|
||||||
- "{{ .Major }}.{{ .Minor }}"
|
- "{{ if not .Prerelease }}{{ .Major }}{{ end }}"
|
||||||
- "{{ .Major }}"
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}.{{ .Patch }}{{ end }}"
|
||||||
- "sha-{{ .ShortCommit }}"
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}{{ end }}"
|
||||||
- "{{ if not .Prerelease }}stable{{ end }}"
|
- "{{ if not .Prerelease }}v{{ .Major }}{{ end }}"
|
||||||
- "{{ if not .Prerelease }}stable{{ else }}unstable{{ end }}"
|
- "{{ if not .Prerelease }}stable{{ else }}unstable{{ end }}"
|
||||||
|
- "{{ .Tag }}"
|
||||||
|
- '{{ trimprefix .Tag "v" }}'
|
||||||
|
- "sha-{{ .ShortCommit }}"
|
||||||
|
|
||||||
- id: ghcr-debug
|
- id: ghcr-debug
|
||||||
repository: ghcr.io/juanfont/headscale
|
repository: ghcr.io/juanfont/headscale
|
||||||
bare: true
|
bare: true
|
||||||
base_image: "debian:12"
|
base_image: gcr.io/distroless/base-debian12:debug
|
||||||
build: headscale
|
build: headscale
|
||||||
main: ./cmd/headscale
|
main: ./cmd/headscale
|
||||||
env:
|
env:
|
||||||
|
@ -139,17 +147,21 @@ kos:
|
||||||
- linux/arm64
|
- linux/arm64
|
||||||
- linux/arm/v7
|
- linux/arm/v7
|
||||||
tags:
|
tags:
|
||||||
- latest
|
- "{{ if not .Prerelease }}latest-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}{{ .Major }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}v{{ .Major }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}stable{{ else }}unstable-debug{{ end }}"
|
||||||
- "{{ .Tag }}-debug"
|
- "{{ .Tag }}-debug"
|
||||||
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug"
|
- '{{ trimprefix .Tag "v" }}-debug'
|
||||||
- "{{ .Major }}.{{ .Minor }}-debug"
|
|
||||||
- "{{ .Major }}-debug"
|
|
||||||
- "sha-{{ .ShortCommit }}-debug"
|
- "sha-{{ .ShortCommit }}-debug"
|
||||||
- "{{ if not .Prerelease }}stable{{ else }}unstable{{ end }}-debug"
|
|
||||||
|
|
||||||
- id: dockerhub-debug
|
- id: dockerhub-debug
|
||||||
build: headscale
|
build: headscale
|
||||||
base_image: "debian:12"
|
base_image: gcr.io/distroless/base-debian12:debug
|
||||||
repository: headscale/headscale
|
repository: headscale/headscale
|
||||||
bare: true
|
bare: true
|
||||||
platforms:
|
platforms:
|
||||||
|
@ -158,18 +170,22 @@ kos:
|
||||||
- linux/arm64
|
- linux/arm64
|
||||||
- linux/arm/v7
|
- linux/arm/v7
|
||||||
tags:
|
tags:
|
||||||
- latest
|
- "{{ if not .Prerelease }}latest-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}{{ .Major }}.{{ .Minor }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}{{ .Major }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}v{{ .Major }}.{{ .Minor }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}v{{ .Major }}-debug{{ end }}"
|
||||||
|
- "{{ if not .Prerelease }}stable{{ else }}unstable-debug{{ end }}"
|
||||||
- "{{ .Tag }}-debug"
|
- "{{ .Tag }}-debug"
|
||||||
- "{{ .Major }}.{{ .Minor }}.{{ .Patch }}-debug"
|
- '{{ trimprefix .Tag "v" }}-debug'
|
||||||
- "{{ .Major }}.{{ .Minor }}-debug"
|
|
||||||
- "{{ .Major }}-debug"
|
|
||||||
- "sha-{{ .ShortCommit }}-debug"
|
- "sha-{{ .ShortCommit }}-debug"
|
||||||
- "{{ if not .Prerelease }}stable{{ else }}unstable{{ end }}-debug"
|
|
||||||
|
|
||||||
checksum:
|
checksum:
|
||||||
name_template: "checksums.txt"
|
name_template: "checksums.txt"
|
||||||
snapshot:
|
snapshot:
|
||||||
name_template: "{{ .Tag }}-next"
|
version_template: "{{ .Tag }}-next"
|
||||||
changelog:
|
changelog:
|
||||||
sort: asc
|
sort: asc
|
||||||
filters:
|
filters:
|
||||||
|
|
|
@ -1 +1,6 @@
|
||||||
.github/workflows/test-integration-v2*
|
.github/workflows/test-integration-v2*
|
||||||
|
docs/dns-records.md
|
||||||
|
docs/running-headscale-container.md
|
||||||
|
docs/running-headscale-linux-manual.md
|
||||||
|
docs/running-headscale-linux.md
|
||||||
|
docs/running-headscale-openbsd.md
|
||||||
|
|
44
CHANGELOG.md
44
CHANGELOG.md
|
@ -24,13 +24,31 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
### BREAKING
|
### BREAKING
|
||||||
|
|
||||||
- Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1473](https://github.com/juanfont/headscale/pull/1473)
|
- Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1473](https://github.com/juanfont/headscale/pull/1473)
|
||||||
|
- Change the structure of database configuration, see [config-example.yaml](./config-example.yaml) for the new structure. [#1700](https://github.com/juanfont/headscale/pull/1700)
|
||||||
|
- Old structure has been remove and the configuration _must_ be converted.
|
||||||
|
- Adds additional configuration for PostgreSQL for setting max open, idle connection and idle connection lifetime.
|
||||||
- API: Machine is now Node [#1553](https://github.com/juanfont/headscale/pull/1553)
|
- API: Machine is now Node [#1553](https://github.com/juanfont/headscale/pull/1553)
|
||||||
- Remove support for older Tailscale clients [#1611](https://github.com/juanfont/headscale/pull/1611)
|
- Remove support for older Tailscale clients [#1611](https://github.com/juanfont/headscale/pull/1611)
|
||||||
- The latest supported client is 1.38
|
- The oldest supported client is 1.42
|
||||||
- Headscale checks that _at least_ one DERP is defined at start [#1564](https://github.com/juanfont/headscale/pull/1564)
|
- Headscale checks that _at least_ one DERP is defined at start [#1564](https://github.com/juanfont/headscale/pull/1564)
|
||||||
- If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
|
- If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
|
||||||
- Embedded DERP server requires a private key [#1611](https://github.com/juanfont/headscale/pull/1611)
|
- Embedded DERP server requires a private key [#1611](https://github.com/juanfont/headscale/pull/1611)
|
||||||
- Add a filepath entry to [`derp.server.private_key_path`](https://github.com/juanfont/headscale/blob/b35993981297e18393706b2c963d6db882bba6aa/config-example.yaml#L95)
|
- Add a filepath entry to [`derp.server.private_key_path`](https://github.com/juanfont/headscale/blob/b35993981297e18393706b2c963d6db882bba6aa/config-example.yaml#L95)
|
||||||
|
- Docker images are now built with goreleaser (ko) [#1716](https://github.com/juanfont/headscale/pull/1716) [#1763](https://github.com/juanfont/headscale/pull/1763)
|
||||||
|
- Entrypoint of container image has changed from shell to headscale, require change from `headscale serve` to `serve`
|
||||||
|
- `/var/lib/headscale` and `/var/run/headscale` is no longer created automatically, see [container docs](./docs/running-headscale-container.md)
|
||||||
|
- Prefixes are now defined per v4 and v6 range. [#1756](https://github.com/juanfont/headscale/pull/1756)
|
||||||
|
- `ip_prefixes` option is now `prefixes.v4` and `prefixes.v6`
|
||||||
|
- `prefixes.allocation` can be set to assign IPs at `sequential` or `random`. [#1869](https://github.com/juanfont/headscale/pull/1869)
|
||||||
|
- MagicDNS domains no longer contain usernames []()
|
||||||
|
- This is in preperation to fix Headscales implementation of tags which currently does not correctly remove the link between a tagged device and a user. As tagged devices will not have a user, this will require a change to the DNS generation, removing the username, see [#1369](https://github.com/juanfont/headscale/issues/1369) for more information.
|
||||||
|
- `use_username_in_magic_dns` can be used to turn this behaviour on again, but note that this option _will be removed_ when tags are fixed.
|
||||||
|
- dns.base_domain can no longer be the same as (or part of) server_url.
|
||||||
|
- This option brings Headscales behaviour in line with Tailscale.
|
||||||
|
- YAML files are no longer supported for headscale policy. [#1792](https://github.com/juanfont/headscale/pull/1792)
|
||||||
|
- HuJSON is now the only supported format for policy.
|
||||||
|
- DNS configuration has been restructured [#2034](https://github.com/juanfont/headscale/pull/2034)
|
||||||
|
- Please review the new [config-example.yaml](./config-example.yaml) for the new structure.
|
||||||
|
|
||||||
### Changes
|
### Changes
|
||||||
|
|
||||||
|
@ -44,10 +62,16 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
- Fix [TS-2023-006](https://tailscale.com/security-bulletins/#ts-2023-006) security UPnP issue [#1563](https://github.com/juanfont/headscale/pull/1563)
|
- Fix [TS-2023-006](https://tailscale.com/security-bulletins/#ts-2023-006) security UPnP issue [#1563](https://github.com/juanfont/headscale/pull/1563)
|
||||||
- Turn off gRPC logging [#1640](https://github.com/juanfont/headscale/pull/1640) fixes [#1259](https://github.com/juanfont/headscale/issues/1259)
|
- Turn off gRPC logging [#1640](https://github.com/juanfont/headscale/pull/1640) fixes [#1259](https://github.com/juanfont/headscale/issues/1259)
|
||||||
- Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. [#1565](https://github.com/juanfont/headscale/pull/1565)
|
- Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. [#1565](https://github.com/juanfont/headscale/pull/1565)
|
||||||
- Change the structure of database configuration, see [config-example.yaml](./config-example.yaml) for the new structure. [#1700](https://github.com/juanfont/headscale/pull/1700)
|
|
||||||
- Old structure is now considered deprecated and will be removed in the future.
|
|
||||||
- Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
|
|
||||||
- Add support for deleting api keys [#1702](https://github.com/juanfont/headscale/pull/1702)
|
- Add support for deleting api keys [#1702](https://github.com/juanfont/headscale/pull/1702)
|
||||||
|
- Add command to backfill IP addresses for nodes missing IPs from configured prefixes. [#1869](https://github.com/juanfont/headscale/pull/1869)
|
||||||
|
- Log available update as warning [#1877](https://github.com/juanfont/headscale/pull/1877)
|
||||||
|
- Add `autogroup:internet` to Policy [#1917](https://github.com/juanfont/headscale/pull/1917)
|
||||||
|
- Restore foreign keys and add constraints [#1562](https://github.com/juanfont/headscale/pull/1562)
|
||||||
|
- Make registration page easier to use on mobile devices
|
||||||
|
- Make write-ahead-log default on and configurable for SQLite [#1985](https://github.com/juanfont/headscale/pull/1985)
|
||||||
|
- Add APIs for managing headscale policy. [#1792](https://github.com/juanfont/headscale/pull/1792)
|
||||||
|
- Fix for registering nodes using preauthkeys when running on a postgres database in a non-UTC timezone. [#764](https://github.com/juanfont/headscale/issues/764)
|
||||||
|
- Make sure integration tests cover postgres for all scenarios
|
||||||
|
|
||||||
## 0.22.3 (2023-05-12)
|
## 0.22.3 (2023-05-12)
|
||||||
|
|
||||||
|
@ -60,7 +84,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
### Changes
|
### Changes
|
||||||
|
|
||||||
- Add environment flags to enable pprof (profiling) [#1382](https://github.com/juanfont/headscale/pull/1382)
|
- Add environment flags to enable pprof (profiling) [#1382](https://github.com/juanfont/headscale/pull/1382)
|
||||||
- Profiles are continously generated in our integration tests.
|
- Profiles are continuously generated in our integration tests.
|
||||||
- Fix systemd service file location in `.deb` packages [#1391](https://github.com/juanfont/headscale/pull/1391)
|
- Fix systemd service file location in `.deb` packages [#1391](https://github.com/juanfont/headscale/pull/1391)
|
||||||
- Improvements on Noise implementation [#1379](https://github.com/juanfont/headscale/pull/1379)
|
- Improvements on Noise implementation [#1379](https://github.com/juanfont/headscale/pull/1379)
|
||||||
- Replace node filter logic, ensuring nodes with access can see eachother [#1381](https://github.com/juanfont/headscale/pull/1381)
|
- Replace node filter logic, ensuring nodes with access can see eachother [#1381](https://github.com/juanfont/headscale/pull/1381)
|
||||||
|
@ -151,7 +175,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
- SSH ACLs status:
|
- SSH ACLs status:
|
||||||
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
|
- Support `accept` and `check` (SSH can be enabled and used for connecting and authentication)
|
||||||
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed**.
|
- Rejecting connections **are not supported**, meaning that if you enable SSH, then assume that _all_ `ssh` connections **will be allowed**.
|
||||||
- If you decied to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
|
- If you decided to try this feature, please carefully managed permissions by blocking port `22` with regular ACLs or do _not_ set `--ssh` on your clients.
|
||||||
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
|
- We are currently improving our testing of the SSH ACLs, help us get an overview by testing and giving feedback.
|
||||||
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
|
- This feature should be considered dangerous and it is disabled by default. Enable by setting `HEADSCALE_EXPERIMENTAL_FEATURE_SSH=1`.
|
||||||
|
|
||||||
|
@ -201,7 +225,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
### Changes
|
### Changes
|
||||||
|
|
||||||
- Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722)
|
- Updated dependencies (including the library that lacked armhf support) [#722](https://github.com/juanfont/headscale/pull/722)
|
||||||
- Fix missing group expansion in function `excludeCorretlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563)
|
- Fix missing group expansion in function `excludeCorrectlyTaggedNodes` [#563](https://github.com/juanfont/headscale/issues/563)
|
||||||
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725)
|
- Improve registration protocol implementation and switch to NodeKey as main identifier [#725](https://github.com/juanfont/headscale/pull/725)
|
||||||
- Add ability to connect to PostgreSQL via unix socket [#734](https://github.com/juanfont/headscale/pull/734)
|
- Add ability to connect to PostgreSQL via unix socket [#734](https://github.com/juanfont/headscale/pull/734)
|
||||||
|
|
||||||
|
@ -221,7 +245,7 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
- Fix send on closed channel crash in polling [#542](https://github.com/juanfont/headscale/pull/542)
|
- Fix send on closed channel crash in polling [#542](https://github.com/juanfont/headscale/pull/542)
|
||||||
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566](https://github.com/juanfont/headscale/pull/566)
|
- Fixed spurious calls to setLastStateChangeToNow from ephemeral nodes [#566](https://github.com/juanfont/headscale/pull/566)
|
||||||
- Add command for moving nodes between namespaces [#362](https://github.com/juanfont/headscale/issues/362)
|
- Add command for moving nodes between namespaces [#362](https://github.com/juanfont/headscale/issues/362)
|
||||||
- Added more configuration parameters for OpenID Connect (scopes, free-form paramters, domain and user allowlist)
|
- Added more configuration parameters for OpenID Connect (scopes, free-form parameters, domain and user allowlist)
|
||||||
- Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525)
|
- Add command to set tags on a node [#525](https://github.com/juanfont/headscale/issues/525)
|
||||||
- Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356)
|
- Add command to view tags of nodes [#356](https://github.com/juanfont/headscale/issues/356)
|
||||||
- Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360)
|
- Add --all (-a) flag to enable routes command [#360](https://github.com/juanfont/headscale/issues/360)
|
||||||
|
@ -269,10 +293,10 @@ after improving the test harness as part of adopting [#1460](https://github.com/
|
||||||
|
|
||||||
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
|
- Fix a bug were the same IP could be assigned to multiple hosts if joined in quick succession [#346](https://github.com/juanfont/headscale/pull/346)
|
||||||
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
|
- Simplify the code behind registration of machines [#366](https://github.com/juanfont/headscale/pull/366)
|
||||||
- Nodes are now only written to database if they are registrated successfully
|
- Nodes are now only written to database if they are registered successfully
|
||||||
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)
|
- Fix a limitation in the ACLs that prevented users to write rules with `*` as source [#374](https://github.com/juanfont/headscale/issues/374)
|
||||||
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371)
|
- Reduce the overhead of marshal/unmarshal for Hostinfo, routes and endpoints by using specific types in Machine [#371](https://github.com/juanfont/headscale/pull/371)
|
||||||
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve informations [#363](https://github.com/juanfont/headscale/issues/363)
|
- Apply normalization function to FQDN on hostnames when hosts registers and retrieve information [#363](https://github.com/juanfont/headscale/issues/363)
|
||||||
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508)
|
- Fix a bug that prevented the use of `tailscale logout` with OIDC [#508](https://github.com/juanfont/headscale/issues/508)
|
||||||
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513](https://github.com/juanfont/headscale/pull/513)
|
- Added Tailscale repo HEAD and unstable releases channel to the integration tests targets [#513](https://github.com/juanfont/headscale/pull/513)
|
||||||
|
|
||||||
|
|
34
CONTRIBUTING.md
Normal file
34
CONTRIBUTING.md
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# Contributing
|
||||||
|
|
||||||
|
Headscale is "Open Source, acknowledged contribution", this means that any contribution will have to be discussed with the maintainers before being added to the project.
|
||||||
|
This model has been chosen to reduce the risk of burnout by limiting the maintenance overhead of reviewing and validating third-party code.
|
||||||
|
|
||||||
|
## Why do we have this model?
|
||||||
|
|
||||||
|
Headscale has a small maintainer team that tries to balance working on the project, fixing bugs and reviewing contributions.
|
||||||
|
|
||||||
|
When we work on issues ourselves, we develop first hand knowledge of the code and it makes it possible for us to maintain and own the code as the project develops.
|
||||||
|
|
||||||
|
Code contributions are seen as a positive thing. People enjoy and engage with our project, but it also comes with some challenges; we have to understand the code, we have to understand the feature, we might have to become familiar with external libraries or services and we think about security implications. All those steps are required during the reviewing process. After the code has been merged, the feature has to be maintained. Any changes reliant on external services must be updated and expanded accordingly.
|
||||||
|
|
||||||
|
The review and day-1 maintenance adds a significant burden on the maintainers. Often we hope that the contributor will help out, but we found that most of the time, they disappear after their new feature was added.
|
||||||
|
|
||||||
|
This means that when someone contributes, we are mostly happy about it, but we do have to run it through a series of checks to establish if we actually can maintain this feature.
|
||||||
|
|
||||||
|
## What do we require?
|
||||||
|
|
||||||
|
A general description is provided here and an explicit list is provided in our pull request template.
|
||||||
|
|
||||||
|
All new features have to start out with a design document, which should be discussed on the issue tracker (not discord). It should include a use case for the feature, how it can be implemented, who will implement it and a plan for maintaining it.
|
||||||
|
|
||||||
|
All features have to be end-to-end tested (integration tests) and have good unit test coverage to ensure that they work as expected. This will also ensure that the feature continues to work as expected over time. If a change cannot be tested, a strong case for why this is not possible needs to be presented.
|
||||||
|
|
||||||
|
The contributor should help to maintain the feature over time. In case the feature is not maintained probably, the maintainers reserve themselves the right to remove features they redeem as unmaintainable. This should help to improve the quality of the software and keep it in a maintainable state.
|
||||||
|
|
||||||
|
## Bug fixes
|
||||||
|
|
||||||
|
Headscale is open to code contributions for bug fixes without discussion.
|
||||||
|
|
||||||
|
## Documentation
|
||||||
|
|
||||||
|
If you find mistakes in the documentation, please submit a fix to the documentation.
|
|
@ -2,31 +2,24 @@
|
||||||
# and are in no way endorsed by Headscale's maintainers as an
|
# and are in no way endorsed by Headscale's maintainers as an
|
||||||
# official nor supported release or distribution.
|
# official nor supported release or distribution.
|
||||||
|
|
||||||
FROM docker.io/golang:1.22-bookworm AS build
|
FROM docker.io/golang:1.23-bookworm
|
||||||
ARG VERSION=dev
|
ARG VERSION=dev
|
||||||
ENV GOPATH /go
|
ENV GOPATH /go
|
||||||
WORKDIR /go/src/headscale
|
WORKDIR /go/src/headscale
|
||||||
|
|
||||||
COPY go.mod go.sum /go/src/headscale/
|
|
||||||
RUN go mod download
|
|
||||||
|
|
||||||
COPY . .
|
|
||||||
|
|
||||||
RUN CGO_ENABLED=0 GOOS=linux go install -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale
|
|
||||||
RUN test -e /go/bin/headscale
|
|
||||||
|
|
||||||
# Debug image
|
|
||||||
FROM docker.io/golang:1.22-bookworm
|
|
||||||
|
|
||||||
COPY --from=build /go/bin/headscale /bin/headscale
|
|
||||||
ENV TZ UTC
|
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install --no-install-recommends --yes less jq \
|
&& apt-get install --no-install-recommends --yes less jq \
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
&& apt-get clean
|
&& apt-get clean
|
||||||
RUN mkdir -p /var/run/headscale
|
RUN mkdir -p /var/run/headscale
|
||||||
|
|
||||||
|
COPY go.mod go.sum /go/src/headscale/
|
||||||
|
RUN go mod download
|
||||||
|
|
||||||
|
COPY . .
|
||||||
|
|
||||||
|
RUN CGO_ENABLED=0 GOOS=linux go install -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=$VERSION" -a ./cmd/headscale && test -e /go/bin/headscale
|
||||||
|
|
||||||
# Need to reset the entrypoint or everything will run as a busybox script
|
# Need to reset the entrypoint or everything will run as a busybox script
|
||||||
ENTRYPOINT []
|
ENTRYPOINT []
|
||||||
EXPOSE 8080/tcp
|
EXPOSE 8080/tcp
|
||||||
|
|
|
@ -1,21 +1,43 @@
|
||||||
# This Dockerfile and the images produced are for testing headscale,
|
# Copyright (c) Tailscale Inc & AUTHORS
|
||||||
# and are in no way endorsed by Headscale's maintainers as an
|
# SPDX-License-Identifier: BSD-3-Clause
|
||||||
# official nor supported release or distribution.
|
|
||||||
|
|
||||||
FROM golang:latest
|
# This Dockerfile is more or less lifted from tailscale/tailscale
|
||||||
|
# to ensure a similar build process when testing the HEAD of tailscale.
|
||||||
|
|
||||||
RUN apt-get update \
|
FROM golang:1.23-alpine AS build-env
|
||||||
&& apt-get install -y dnsutils git iptables ssh ca-certificates \
|
|
||||||
&& rm -rf /var/lib/apt/lists/*
|
|
||||||
|
|
||||||
RUN useradd --shell=/bin/bash --create-home ssh-it-user
|
WORKDIR /go/src
|
||||||
|
|
||||||
|
RUN apk add --no-cache git
|
||||||
|
|
||||||
|
# Replace `RUN git...` with `COPY` and a local checked out version of Tailscale in `./tailscale`
|
||||||
|
# to test specific commits of the Tailscale client. This is useful when trying to find out why
|
||||||
|
# something specific broke between two versions of Tailscale with for example `git bisect`.
|
||||||
|
# COPY ./tailscale .
|
||||||
RUN git clone https://github.com/tailscale/tailscale.git
|
RUN git clone https://github.com/tailscale/tailscale.git
|
||||||
|
|
||||||
WORKDIR /go/tailscale
|
WORKDIR /go/src/tailscale
|
||||||
|
|
||||||
RUN git checkout main \
|
|
||||||
&& sh build_dist.sh tailscale.com/cmd/tailscale \
|
# see build_docker.sh
|
||||||
&& sh build_dist.sh tailscale.com/cmd/tailscaled \
|
ARG VERSION_LONG=""
|
||||||
&& cp tailscale /usr/local/bin/ \
|
ENV VERSION_LONG=$VERSION_LONG
|
||||||
&& cp tailscaled /usr/local/bin/
|
ARG VERSION_SHORT=""
|
||||||
|
ENV VERSION_SHORT=$VERSION_SHORT
|
||||||
|
ARG VERSION_GIT_HASH=""
|
||||||
|
ENV VERSION_GIT_HASH=$VERSION_GIT_HASH
|
||||||
|
ARG TARGETARCH
|
||||||
|
|
||||||
|
RUN GOARCH=$TARGETARCH go install -ldflags="\
|
||||||
|
-X tailscale.com/version.longStamp=$VERSION_LONG \
|
||||||
|
-X tailscale.com/version.shortStamp=$VERSION_SHORT \
|
||||||
|
-X tailscale.com/version.gitCommitStamp=$VERSION_GIT_HASH" \
|
||||||
|
-v ./cmd/tailscale ./cmd/tailscaled ./cmd/containerboot
|
||||||
|
|
||||||
|
FROM alpine:3.18
|
||||||
|
RUN apk add --no-cache ca-certificates iptables iproute2 ip6tables curl
|
||||||
|
|
||||||
|
COPY --from=build-env /go/bin/* /usr/local/bin/
|
||||||
|
# For compat with the previous run.sh, although ideally you should be
|
||||||
|
# using build_docker.sh which sets an entrypoint for the image.
|
||||||
|
RUN mkdir /tailscale && ln -s /usr/local/bin/containerboot /tailscale/run.sh
|
||||||
|
|
1
Makefile
1
Makefile
|
@ -31,6 +31,7 @@ test_integration:
|
||||||
--name headscale-test-suite \
|
--name headscale-test-suite \
|
||||||
-v $$PWD:$$PWD -w $$PWD/integration \
|
-v $$PWD:$$PWD -w $$PWD/integration \
|
||||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||||
|
-v $$PWD/control_logs:/tmp/control \
|
||||||
golang:1 \
|
golang:1 \
|
||||||
go run gotest.tools/gotestsum@latest -- -failfast ./... -timeout 120m -parallel 8
|
go run gotest.tools/gotestsum@latest -- -failfast ./... -timeout 120m -parallel 8
|
||||||
|
|
||||||
|
|
960
README.md
960
README.md
|
@ -55,7 +55,6 @@ buttons available in the repo.
|
||||||
- Taildrop (File Sharing)
|
- Taildrop (File Sharing)
|
||||||
- [Access control lists](https://tailscale.com/kb/1018/acls/)
|
- [Access control lists](https://tailscale.com/kb/1018/acls/)
|
||||||
- [MagicDNS](https://tailscale.com/kb/1081/magicdns)
|
- [MagicDNS](https://tailscale.com/kb/1081/magicdns)
|
||||||
- Support for multiple IP ranges in the tailnet
|
|
||||||
- Dual stack (IPv4 and IPv6)
|
- Dual stack (IPv4 and IPv6)
|
||||||
- Routing advertising (including exit nodes)
|
- Routing advertising (including exit nodes)
|
||||||
- Ephemeral nodes
|
- Ephemeral nodes
|
||||||
|
@ -87,24 +86,19 @@ Please have a look at the [`documentation`](https://headscale.net/).
|
||||||
|
|
||||||
## Disclaimer
|
## Disclaimer
|
||||||
|
|
||||||
1. This project is not associated with Tailscale Inc.
|
This project is not associated with Tailscale Inc.
|
||||||
2. The purpose of Headscale is maintaining a working, self-hosted Tailscale control panel.
|
|
||||||
|
However, one of the active maintainers for Headscale [is employed by Tailscale](https://tailscale.com/blog/opensource) and he is allowed to spend work hours contributing to the project. Contributions from this maintainer are reviewed by other maintainers.
|
||||||
|
|
||||||
|
The maintainers work together on setting the direction for the project. The underlying principle is to serve the community of self-hosters, enthusiasts and hobbyists - while having a sustainable project.
|
||||||
|
|
||||||
## Contributing
|
## Contributing
|
||||||
|
|
||||||
Headscale is "Open Source, acknowledged contribution", this means that any
|
Please read the [CONTRIBUTING.md](./CONTRIBUTING.md) file.
|
||||||
contribution will have to be discussed with the Maintainers before being submitted.
|
|
||||||
|
|
||||||
This model has been chosen to reduce the risk of burnout by limiting the
|
|
||||||
maintenance overhead of reviewing and validating third-party code.
|
|
||||||
|
|
||||||
Headscale is open to code contributions for bug fixes without discussion.
|
|
||||||
|
|
||||||
If you find mistakes in the documentation, please submit a fix to the documentation.
|
|
||||||
|
|
||||||
### Requirements
|
### Requirements
|
||||||
|
|
||||||
To contribute to headscale you would need the lastest version of [Go](https://golang.org)
|
To contribute to headscale you would need the latest version of [Go](https://golang.org)
|
||||||
and [Buf](https://buf.build)(Protobuf generator).
|
and [Buf](https://buf.build)(Protobuf generator).
|
||||||
|
|
||||||
We recommend using [Nix](https://nixos.org/) to setup a development environment. This can
|
We recommend using [Nix](https://nixos.org/) to setup a development environment. This can
|
||||||
|
@ -172,938 +166,8 @@ make build
|
||||||
|
|
||||||
## Contributors
|
## Contributors
|
||||||
|
|
||||||
<table>
|
<a href="https://github.com/juanfont/headscale/graphs/contributors">
|
||||||
<tr>
|
<img src="https://contrib.rocks/image?repo=juanfont/headscale" />
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
</a>
|
||||||
<a href=https://github.com/kradalby>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/98431?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Kristoffer Dalby/>
|
Made with [contrib.rocks](https://contrib.rocks).
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Kristoffer Dalby</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/juanfont>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/181059?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Juan Font/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Juan Font</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/restanrm>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/4344371?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Adrien Raffin-Caboisse/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Adrien Raffin-Caboisse</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/cure>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/149135?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Ward Vandewege/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Ward Vandewege</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/huskyii>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/5499746?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jiang Zhu/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Jiang Zhu</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/tsujamin>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2435619?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Benjamin Roberts/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Benjamin Roberts</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/reynico>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/715768?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Nico/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Nico</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/evenh>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2701536?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Even Holthe/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Even Holthe</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/e-zk>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/58356365?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=e-zk/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>e-zk</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ImpostorKeanu>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/11574161?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Justin Angel/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Justin Angel</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ItalyPaleAle>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/43508?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Alessandro (Ale) Segala/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Alessandro (Ale) Segala</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ohdearaugustin>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/14001491?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ohdearaugustin/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>ohdearaugustin</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/mpldr>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/33086936?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Moritz Poldrack/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Moritz Poldrack</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/Orhideous>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2265184?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Andriy Kushnir/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Andriy Kushnir</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/GrigoriyMikhalkin>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/3637857?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=GrigoriyMikhalkin/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>GrigoriyMikhalkin</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/christian-heusel>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/26827864?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Christian Heusel/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Christian Heusel</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/mike-lloyd03>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/49411532?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mike Lloyd/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Mike Lloyd</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/iSchluff>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1429641?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Anton Schubert/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Anton Schubert</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/Niek>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/213140?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Niek van der Maas/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Niek van der Maas</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/negbie>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/20154956?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Eugen Biegler/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Eugen Biegler</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/617a7a>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/67651251?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Azz/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Azz</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/qbit>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/68368?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Aaron Bieber/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Aaron Bieber</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/kazauwa>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/12330159?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Igor Perepilitsyn/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Igor Perepilitsyn</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/Aluxima>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/16262531?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Laurent Marchaud/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Laurent Marchaud</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/majst01>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/410110?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Stefan Majer/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Stefan Majer</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/fdelucchijr>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/69133647?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Fernando De Lucchi/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Fernando De Lucchi</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/OrvilleQ>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/21377465?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Orville Q. Song/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Orville Q. Song</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/hdhoang>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/12537?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=hdhoang/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>hdhoang</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/bravechamp>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/48980452?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=bravechamp/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>bravechamp</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/deonthomasgy>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/150036?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Deon Thomas/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Deon Thomas</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/madjam002>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/679137?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jamie Greeff/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Jamie Greeff</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/jonathanspw>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/8390543?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jonathan Wright/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Jonathan Wright</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ChibangLW>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/22293464?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ChibangLW/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>ChibangLW</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/majabojarska>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/33836570?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Maja Bojarska/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Maja Bojarska</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/mevansam>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/403630?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mevan Samaratunga/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Mevan Samaratunga</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/dragetd>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/3639577?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Michael G./>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Michael G.</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ptman>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/24669?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Paul Tötterman/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Paul Tötterman</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/samson4649>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/12725953?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Samuel Lock/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Samuel Lock</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/loprima-l>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/69201633?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=loprima-l/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>loprima-l</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/unreality>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/352522?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=unreality/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>unreality</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/vsychov>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2186303?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=MichaelKo/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>MichaelKo</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/kevin1sMe>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/6886076?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=kevinlin/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>kevinlin</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/QZAiXH>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/23068780?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Snack/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Snack</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/artemklevtsov>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/603798?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Artem Klevtsov/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Artem Klevtsov</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/cmars>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/23741?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Casey Marshall/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Casey Marshall</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/dbevacqua>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/6534306?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=dbevacqua/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>dbevacqua</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/joshuataylor>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/225131?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Josh Taylor/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Josh Taylor</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/CNLHC>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/21005146?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=LIU HANCHENG/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>LIU HANCHENG</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/motiejus>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/107720?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Motiejus Jakštys/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Motiejus Jakštys</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/pvinis>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/100233?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pavlos Vinieratos/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Pavlos Vinieratos</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/SilverBut>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/6560655?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Silver Bullet/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Silver Bullet</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/snh>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2051768?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Steven Honson/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Steven Honson</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ratsclub>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/25647735?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Victor Freire/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Victor Freire</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/qzydustin>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/44362429?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zhenyu Qi/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Zhenyu Qi</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/t56k>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/12165422?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=thomas/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>thomas</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/puzpuzpuz>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/37772591?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Andrei Pechkurov/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Andrei Pechkurov</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/linsomniac>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/466380?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Sean Reifschneider/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Sean Reifschneider</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/aberoham>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/586805?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Abraham Ingersoll/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Abraham Ingersoll</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/iFargle>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/124551390?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Albert Copeland/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Albert Copeland</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/theryecatcher>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/16442416?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Anoop Sundaresh/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Anoop Sundaresh</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/apognu>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/3017182?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Antoine POPINEAU/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Antoine POPINEAU</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/tony1661>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/5287266?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Antonio Fernandez/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Antonio Fernandez</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/aofei>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/5037285?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Aofei Sheng/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Aofei Sheng</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/arnarg>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1291396?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Arnar/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Arnar</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/awoimbee>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/22431493?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Arthur Woimbée/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Arthur Woimbée</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/avirut>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/27095602?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Avirut Mehta/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Avirut Mehta</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/winterheart>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/81112?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Azamat H. Hackimov/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Azamat H. Hackimov</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/stensonb>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/933389?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Bryan Stenson/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Bryan Stenson</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/yangchuansheng>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/15308462?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt= Carson Yang/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b> Carson Yang</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/kundel>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/10158899?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Darrell Kundel/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Darrell Kundel</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/fatih-acar>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/15028881?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=fatih-acar/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>fatih-acar</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/fkr>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/51063?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Felix Kronlage-Dammers/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Felix Kronlage-Dammers</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/felixonmars>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1006477?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Felix Yan/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Felix Yan</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/gabe565>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/7717888?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Gabe Cook/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Gabe Cook</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/JJGadgets>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/5709019?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=JJGadgets/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>JJGadgets</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/hrtkpf>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/42646788?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=hrtkpf/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>hrtkpf</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/jessebot>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2389292?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=JesseBot/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>JesseBot</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/jimt>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/180326?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jim Tittsler/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Jim Tittsler</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/jsiebens>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/499769?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Johan Siebens/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Johan Siebens</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/johnae>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/28332?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=John Axel Eriksson/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>John Axel Eriksson</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ShadowJonathan>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/22740616?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jonathan de Jong/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Jonathan de Jong</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/JulienFloris>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/20380255?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Julien Zweverink/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Julien Zweverink</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/win-t>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1589120?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Kurnia D Win/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Kurnia D Win</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/Lucalux>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/70356955?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Lucalux/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Lucalux</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/foxtrot>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/4153572?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Marc/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Marc</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/mhameed>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/447017?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mesar Hameed/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Mesar Hameed</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/mikejsavage>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/579299?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Michael Savage/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Michael Savage</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/pkrivanec>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/25530641?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Philipp Krivanec/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Philipp Krivanec</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/piec>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/781471?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pierre Carru/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Pierre Carru</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/donran>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/4838348?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pontus N/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Pontus N</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/nnsee>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/36747857?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Rasmus Moorats/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Rasmus Moorats</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/rcursaru>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/16259641?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=rcursaru/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>rcursaru</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/renovate-bot>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/25180681?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mend Renovate/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Mend Renovate</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ryanfowler>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2668821?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Ryan Fowler/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Ryan Fowler</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/muzy>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/321723?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Sebastian/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Sebastian</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/shaananc>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/2287839?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Shaanan Cohney/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Shaanan Cohney</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/6ixfalls>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/23470032?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Six/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Six</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/stefanvanburen>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/622527?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Stefan VanBuren/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Stefan VanBuren</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/sophware>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/41669?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=sophware/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>sophware</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/m-tanner-dev0>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/97977342?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tanner/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Tanner</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/Teteros>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/5067989?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Teteros/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Teteros</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/gitter-badger>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/8518239?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=The Gitter Badger/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>The Gitter Badger</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/tianon>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/161631?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tianon Gravi/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Tianon Gravi</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/thetillhoff>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/25052289?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Till Hoffmann/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Till Hoffmann</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/woudsma>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/6162978?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tjerk Woudsma/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Tjerk Woudsma</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/y0ngb1n>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/25719408?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=杨斌 Aben/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>杨斌 Aben</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/sleepymole>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/17199941?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Yujie Xia/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Yujie Xia</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/newellz2>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/52436542?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zachary Newell/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Zachary Newell</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/zekker6>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1367798?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zakhar Bessarab/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Zakhar Bessarab</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/zhzy0077>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/8717471?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zhiyuan Zheng/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Zhiyuan Zheng</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/Bpazy>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/9838749?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Ziyuan Han/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Ziyuan Han</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/caelansar>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/31852257?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=caelansar/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>caelansar</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/derelm>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/465155?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=derelm/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>derelm</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/dnaq>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1299717?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=dnaq/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>dnaq</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/nning>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/557430?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=henning mueller/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>henning mueller</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ignoramous>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/852289?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ignoramous/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>ignoramous</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/jimyag>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/69233189?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=jimyag/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>jimyag</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/magichuihui>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/10866198?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=suhelen/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>suhelen</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/lion24>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1382102?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=sharkonet/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>sharkonet</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/ma6174>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/1449133?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ma6174/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>ma6174</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/manju-rn>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/26291847?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=manju-rn/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>manju-rn</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/nicholas-yap>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/38109533?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=nicholas-yap/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>nicholas-yap</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/pernila>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/12460060?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tommi Pernila/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Tommi Pernila</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/phpmalik>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/26834645?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=phpmalik/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>phpmalik</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/Wakeful-Cloud>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/38930607?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Wakeful Cloud/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Wakeful Cloud</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/xpzouying>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/3946563?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=zy/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>zy</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
<tr>
|
|
||||||
<td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
|
|
||||||
<a href=https://github.com/atorregrosa-smd>
|
|
||||||
<img src=https://avatars.githubusercontent.com/u/78434679?v=4 width="100;" style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Àlex Torregrosa/>
|
|
||||||
<br />
|
|
||||||
<sub style="font-size:14px"><b>Àlex Torregrosa</b></sub>
|
|
||||||
</a>
|
|
||||||
</td>
|
|
||||||
</tr>
|
|
||||||
</table>
|
|
||||||
|
|
|
@ -6,108 +6,10 @@ import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"path"
|
|
||||||
"path/filepath"
|
|
||||||
"strings"
|
"strings"
|
||||||
"text/template"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
|
||||||
githubWorkflowPath = "../../.github/workflows/"
|
|
||||||
jobFileNameTemplate = `test-integration-v2-%s.yaml`
|
|
||||||
jobTemplate = template.Must(
|
|
||||||
template.New("jobTemplate").
|
|
||||||
Parse(`# DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
|
|
||||||
# To regenerate, run "go generate" in cmd/gh-action-integration-generator/
|
|
||||||
|
|
||||||
name: Integration Test v2 - {{.Name}}
|
|
||||||
|
|
||||||
on: [pull_request]
|
|
||||||
|
|
||||||
concurrency:
|
|
||||||
group: {{ "${{ github.workflow }}-$${{ github.head_ref || github.run_id }}" }}
|
|
||||||
cancel-in-progress: true
|
|
||||||
|
|
||||||
jobs:
|
|
||||||
{{.Name}}:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
with:
|
|
||||||
fetch-depth: 2
|
|
||||||
|
|
||||||
- uses: DeterminateSystems/nix-installer-action@main
|
|
||||||
- uses: DeterminateSystems/magic-nix-cache-action@main
|
|
||||||
- uses: satackey/action-docker-layer-caching@main
|
|
||||||
continue-on-error: true
|
|
||||||
|
|
||||||
- name: Get changed files
|
|
||||||
id: changed-files
|
|
||||||
uses: tj-actions/changed-files@v34
|
|
||||||
with:
|
|
||||||
files: |
|
|
||||||
*.nix
|
|
||||||
go.*
|
|
||||||
**/*.go
|
|
||||||
integration_test/
|
|
||||||
config-example.yaml
|
|
||||||
|
|
||||||
- name: Run {{.Name}}
|
|
||||||
uses: Wandalen/wretry.action@master
|
|
||||||
if: steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
attempt_limit: 5
|
|
||||||
command: |
|
|
||||||
nix develop --command -- docker run \
|
|
||||||
--tty --rm \
|
|
||||||
--volume ~/.cache/hs-integration-go:/go \
|
|
||||||
--name headscale-test-suite \
|
|
||||||
--volume $PWD:$PWD -w $PWD/integration \
|
|
||||||
--volume /var/run/docker.sock:/var/run/docker.sock \
|
|
||||||
--volume $PWD/control_logs:/tmp/control \
|
|
||||||
golang:1 \
|
|
||||||
go run gotest.tools/gotestsum@latest -- ./... \
|
|
||||||
-failfast \
|
|
||||||
-timeout 120m \
|
|
||||||
-parallel 1 \
|
|
||||||
-run "^{{.Name}}$"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: logs
|
|
||||||
path: "control_logs/*.log"
|
|
||||||
|
|
||||||
- uses: actions/upload-artifact@v3
|
|
||||||
if: always() && steps.changed-files.outputs.any_changed == 'true'
|
|
||||||
with:
|
|
||||||
name: pprof
|
|
||||||
path: "control_logs/*.pprof.tar"
|
|
||||||
`),
|
|
||||||
)
|
|
||||||
)
|
|
||||||
|
|
||||||
const workflowFilePerm = 0o600
|
|
||||||
|
|
||||||
func removeTests() {
|
|
||||||
glob := fmt.Sprintf(jobFileNameTemplate, "*")
|
|
||||||
|
|
||||||
files, err := filepath.Glob(filepath.Join(githubWorkflowPath, glob))
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("failed to find test files")
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, file := range files {
|
|
||||||
err := os.Remove(file)
|
|
||||||
if err != nil {
|
|
||||||
log.Printf("failed to remove: %s", err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func findTests() []string {
|
func findTests() []string {
|
||||||
rgBin, err := exec.LookPath("rg")
|
rgBin, err := exec.LookPath("rg")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -124,50 +26,44 @@ func findTests() []string {
|
||||||
"--no-heading",
|
"--no-heading",
|
||||||
}
|
}
|
||||||
|
|
||||||
log.Printf("executing: %s %s", rgBin, strings.Join(args, " "))
|
cmd := exec.Command(rgBin, args...)
|
||||||
|
var out bytes.Buffer
|
||||||
ripgrep := exec.Command(
|
cmd.Stdout = &out
|
||||||
rgBin,
|
err = cmd.Run()
|
||||||
args...,
|
|
||||||
)
|
|
||||||
|
|
||||||
result, err := ripgrep.CombinedOutput()
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("out: %s", result)
|
log.Fatalf("failed to run command: %s", err)
|
||||||
log.Fatalf("failed to run ripgrep: %s", err)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := strings.Split(string(result), "\n")
|
tests := strings.Split(strings.TrimSpace(out.String()), "\n")
|
||||||
tests = tests[:len(tests)-1]
|
|
||||||
|
|
||||||
return tests
|
return tests
|
||||||
}
|
}
|
||||||
|
|
||||||
func main() {
|
func updateYAML(tests []string) {
|
||||||
type testConfig struct {
|
testsForYq := fmt.Sprintf("[%s]", strings.Join(tests, ", "))
|
||||||
Name string
|
|
||||||
|
yqCommand := fmt.Sprintf(
|
||||||
|
"yq eval '.jobs.integration-test.strategy.matrix.test = %s' ../../.github/workflows/test-integration.yaml -i",
|
||||||
|
testsForYq,
|
||||||
|
)
|
||||||
|
cmd := exec.Command("bash", "-c", yqCommand)
|
||||||
|
|
||||||
|
var out bytes.Buffer
|
||||||
|
cmd.Stdout = &out
|
||||||
|
err := cmd.Run()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("failed to run yq command: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
fmt.Println("YAML file updated successfully")
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
tests := findTests()
|
tests := findTests()
|
||||||
|
|
||||||
removeTests()
|
quotedTests := make([]string, len(tests))
|
||||||
|
for i, test := range tests {
|
||||||
for _, test := range tests {
|
quotedTests[i] = fmt.Sprintf("\"%s\"", test)
|
||||||
log.Printf("generating workflow for %s", test)
|
|
||||||
|
|
||||||
var content bytes.Buffer
|
|
||||||
|
|
||||||
if err := jobTemplate.Execute(&content, testConfig{
|
|
||||||
Name: test,
|
|
||||||
}); err != nil {
|
|
||||||
log.Fatalf("failed to render template: %s", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
testPath := path.Join(githubWorkflowPath, fmt.Sprintf(jobFileNameTemplate, test))
|
|
||||||
|
|
||||||
err := os.WriteFile(testPath, content.Bytes(), workflowFilePerm)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatalf("failed to write github job: %s", err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
updateYAML(quotedTests)
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,14 +5,13 @@ import (
|
||||||
"strconv"
|
"strconv"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
||||||
|
"github.com/juanfont/headscale/hscontrol/util"
|
||||||
"github.com/prometheus/common/model"
|
"github.com/prometheus/common/model"
|
||||||
"github.com/pterm/pterm"
|
"github.com/pterm/pterm"
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"google.golang.org/protobuf/types/known/timestamppb"
|
"google.golang.org/protobuf/types/known/timestamppb"
|
||||||
|
|
||||||
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
|
||||||
"github.com/juanfont/headscale/hscontrol/util"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
|
|
@ -4,6 +4,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net/netip"
|
"net/netip"
|
||||||
|
"slices"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
@ -97,6 +98,8 @@ func init() {
|
||||||
tagCmd.Flags().
|
tagCmd.Flags().
|
||||||
StringSliceP("tags", "t", []string{}, "List of tags to add to the node")
|
StringSliceP("tags", "t", []string{}, "List of tags to add to the node")
|
||||||
nodeCmd.AddCommand(tagCmd)
|
nodeCmd.AddCommand(tagCmd)
|
||||||
|
|
||||||
|
nodeCmd.AddCommand(backfillNodeIPsCmd)
|
||||||
}
|
}
|
||||||
|
|
||||||
var nodeCmd = &cobra.Command{
|
var nodeCmd = &cobra.Command{
|
||||||
|
@ -477,6 +480,57 @@ var moveNodeCmd = &cobra.Command{
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var backfillNodeIPsCmd = &cobra.Command{
|
||||||
|
Use: "backfillips",
|
||||||
|
Short: "Backfill IPs missing from nodes",
|
||||||
|
Long: `
|
||||||
|
Backfill IPs can be used to add/remove IPs from nodes
|
||||||
|
based on the current configuration of Headscale.
|
||||||
|
|
||||||
|
If there are nodes that does not have IPv4 or IPv6
|
||||||
|
even if prefixes for both are configured in the config,
|
||||||
|
this command can be used to assign IPs of the sort to
|
||||||
|
all nodes that are missing.
|
||||||
|
|
||||||
|
If you remove IPv4 or IPv6 prefixes from the config,
|
||||||
|
it can be run to remove the IPs that should no longer
|
||||||
|
be assigned to nodes.`,
|
||||||
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
|
var err error
|
||||||
|
output, _ := cmd.Flags().GetString("output")
|
||||||
|
|
||||||
|
confirm := false
|
||||||
|
prompt := &survey.Confirm{
|
||||||
|
Message: "Are you sure that you want to assign/remove IPs to/from nodes?",
|
||||||
|
}
|
||||||
|
err = survey.AskOne(prompt, &confirm)
|
||||||
|
if err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if confirm {
|
||||||
|
ctx, client, conn, cancel := getHeadscaleCLIClient()
|
||||||
|
defer cancel()
|
||||||
|
defer conn.Close()
|
||||||
|
|
||||||
|
changes, err := client.BackfillNodeIPs(ctx, &v1.BackfillNodeIPsRequest{Confirmed: confirm})
|
||||||
|
if err != nil {
|
||||||
|
ErrorOutput(
|
||||||
|
err,
|
||||||
|
fmt.Sprintf(
|
||||||
|
"Error backfilling IPs: %s",
|
||||||
|
status.Convert(err).Message(),
|
||||||
|
),
|
||||||
|
output,
|
||||||
|
)
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
SuccessOutput(changes, "Node IPs backfilled successfully", output)
|
||||||
|
}
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
func nodesToPtables(
|
func nodesToPtables(
|
||||||
currentUser string,
|
currentUser string,
|
||||||
showTags bool,
|
showTags bool,
|
||||||
|
@ -564,14 +618,14 @@ func nodesToPtables(
|
||||||
forcedTags = strings.TrimLeft(forcedTags, ",")
|
forcedTags = strings.TrimLeft(forcedTags, ",")
|
||||||
var invalidTags string
|
var invalidTags string
|
||||||
for _, tag := range node.GetInvalidTags() {
|
for _, tag := range node.GetInvalidTags() {
|
||||||
if !contains(node.GetForcedTags(), tag) {
|
if !slices.Contains(node.GetForcedTags(), tag) {
|
||||||
invalidTags += "," + pterm.LightRed(tag)
|
invalidTags += "," + pterm.LightRed(tag)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
invalidTags = strings.TrimLeft(invalidTags, ",")
|
invalidTags = strings.TrimLeft(invalidTags, ",")
|
||||||
var validTags string
|
var validTags string
|
||||||
for _, tag := range node.GetValidTags() {
|
for _, tag := range node.GetValidTags() {
|
||||||
if !contains(node.GetForcedTags(), tag) {
|
if !slices.Contains(node.GetForcedTags(), tag) {
|
||||||
validTags += "," + pterm.LightGreen(tag)
|
validTags += "," + pterm.LightGreen(tag)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
90
cmd/headscale/cli/policy.go
Normal file
90
cmd/headscale/cli/policy.go
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
package cli
|
||||||
|
|
||||||
|
import (
|
||||||
|
"io"
|
||||||
|
"os"
|
||||||
|
|
||||||
|
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
||||||
|
"github.com/rs/zerolog/log"
|
||||||
|
"github.com/spf13/cobra"
|
||||||
|
)
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
rootCmd.AddCommand(policyCmd)
|
||||||
|
policyCmd.AddCommand(getPolicy)
|
||||||
|
|
||||||
|
setPolicy.Flags().StringP("file", "f", "", "Path to a policy file in HuJSON format")
|
||||||
|
if err := setPolicy.MarkFlagRequired("file"); err != nil {
|
||||||
|
log.Fatal().Err(err).Msg("")
|
||||||
|
}
|
||||||
|
policyCmd.AddCommand(setPolicy)
|
||||||
|
}
|
||||||
|
|
||||||
|
var policyCmd = &cobra.Command{
|
||||||
|
Use: "policy",
|
||||||
|
Short: "Manage the Headscale ACL Policy",
|
||||||
|
}
|
||||||
|
|
||||||
|
var getPolicy = &cobra.Command{
|
||||||
|
Use: "get",
|
||||||
|
Short: "Print the current ACL Policy",
|
||||||
|
Aliases: []string{"show", "view", "fetch"},
|
||||||
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
|
ctx, client, conn, cancel := getHeadscaleCLIClient()
|
||||||
|
defer cancel()
|
||||||
|
defer conn.Close()
|
||||||
|
|
||||||
|
request := &v1.GetPolicyRequest{}
|
||||||
|
|
||||||
|
response, err := client.GetPolicy(ctx, request)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal().Err(err).Msg("Failed to get the policy")
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO(pallabpain): Maybe print this better?
|
||||||
|
SuccessOutput("", response.GetPolicy(), "hujson")
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
var setPolicy = &cobra.Command{
|
||||||
|
Use: "set",
|
||||||
|
Short: "Updates the ACL Policy",
|
||||||
|
Long: `
|
||||||
|
Updates the existing ACL Policy with the provided policy. The policy must be a valid HuJSON object.
|
||||||
|
This command only works when the acl.policy_mode is set to "db", and the policy will be stored in the database.`,
|
||||||
|
Aliases: []string{"put", "update"},
|
||||||
|
Run: func(cmd *cobra.Command, args []string) {
|
||||||
|
policyPath, _ := cmd.Flags().GetString("file")
|
||||||
|
|
||||||
|
f, err := os.Open(policyPath)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal().Err(err).Msg("Error opening the policy file")
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
defer f.Close()
|
||||||
|
|
||||||
|
policyBytes, err := io.ReadAll(f)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal().Err(err).Msg("Error reading the policy file")
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
request := &v1.SetPolicyRequest{Policy: string(policyBytes)}
|
||||||
|
|
||||||
|
ctx, client, conn, cancel := getHeadscaleCLIClient()
|
||||||
|
defer cancel()
|
||||||
|
defer conn.Close()
|
||||||
|
|
||||||
|
if _, err := client.SetPolicy(ctx, request); err != nil {
|
||||||
|
log.Fatal().Err(err).Msg("Failed to set ACL Policy")
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
SuccessOutput(nil, "Policy updated.", "")
|
||||||
|
},
|
||||||
|
}
|
|
@ -107,13 +107,6 @@ var listPreAuthKeys = &cobra.Command{
|
||||||
expiration = ColourTime(key.GetExpiration().AsTime())
|
expiration = ColourTime(key.GetExpiration().AsTime())
|
||||||
}
|
}
|
||||||
|
|
||||||
var reusable string
|
|
||||||
if key.GetEphemeral() {
|
|
||||||
reusable = "N/A"
|
|
||||||
} else {
|
|
||||||
reusable = fmt.Sprintf("%v", key.GetReusable())
|
|
||||||
}
|
|
||||||
|
|
||||||
aclTags := ""
|
aclTags := ""
|
||||||
|
|
||||||
for _, tag := range key.GetAclTags() {
|
for _, tag := range key.GetAclTags() {
|
||||||
|
@ -125,7 +118,7 @@ var listPreAuthKeys = &cobra.Command{
|
||||||
tableData = append(tableData, []string{
|
tableData = append(tableData, []string{
|
||||||
key.GetId(),
|
key.GetId(),
|
||||||
key.GetKey(),
|
key.GetKey(),
|
||||||
reusable,
|
strconv.FormatBool(key.GetReusable()),
|
||||||
strconv.FormatBool(key.GetEphemeral()),
|
strconv.FormatBool(key.GetEphemeral()),
|
||||||
strconv.FormatBool(key.GetUsed()),
|
strconv.FormatBool(key.GetUsed()),
|
||||||
expiration,
|
expiration,
|
||||||
|
|
|
@ -51,13 +51,11 @@ func initConfig() {
|
||||||
|
|
||||||
cfg, err := types.GetHeadscaleConfig()
|
cfg, err := types.GetHeadscaleConfig()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal().Caller().Err(err).Msg("Failed to get headscale configuration")
|
log.Fatal().Err(err).Msg("Failed to read headscale configuration")
|
||||||
}
|
}
|
||||||
|
|
||||||
machineOutput := HasMachineOutputFlag()
|
machineOutput := HasMachineOutputFlag()
|
||||||
|
|
||||||
zerolog.SetGlobalLevel(cfg.Log.Level)
|
|
||||||
|
|
||||||
// If the user has requested a "node" readable format,
|
// If the user has requested a "node" readable format,
|
||||||
// then disable login so the output remains valid.
|
// then disable login so the output remains valid.
|
||||||
if machineOutput {
|
if machineOutput {
|
||||||
|
@ -78,7 +76,7 @@ func initConfig() {
|
||||||
res, err := latest.Check(githubTag, Version)
|
res, err := latest.Check(githubTag, Version)
|
||||||
if err == nil && res.Outdated {
|
if err == nil && res.Outdated {
|
||||||
//nolint
|
//nolint
|
||||||
fmt.Printf(
|
log.Warn().Msgf(
|
||||||
"An updated version of Headscale has been found (%s vs. your current %s). Check it out https://github.com/juanfont/headscale/releases\n",
|
"An updated version of Headscale has been found (%s vs. your current %s). Check it out https://github.com/juanfont/headscale/releases\n",
|
||||||
res.Current,
|
res.Current,
|
||||||
Version,
|
Version,
|
||||||
|
|
|
@ -6,11 +6,9 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"reflect"
|
|
||||||
|
|
||||||
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
|
||||||
"github.com/juanfont/headscale/hscontrol"
|
"github.com/juanfont/headscale/hscontrol"
|
||||||
"github.com/juanfont/headscale/hscontrol/policy"
|
|
||||||
"github.com/juanfont/headscale/hscontrol/types"
|
"github.com/juanfont/headscale/hscontrol/types"
|
||||||
"github.com/juanfont/headscale/hscontrol/util"
|
"github.com/juanfont/headscale/hscontrol/util"
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
|
@ -39,21 +37,6 @@ func getHeadscaleApp() (*hscontrol.Headscale, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
// We are doing this here, as in the future could be cool to have it also hot-reload
|
|
||||||
|
|
||||||
if cfg.ACL.PolicyPath != "" {
|
|
||||||
aclPath := util.AbsolutePathFromConfigPath(cfg.ACL.PolicyPath)
|
|
||||||
pol, err := policy.LoadACLPolicyFromPath(aclPath)
|
|
||||||
if err != nil {
|
|
||||||
log.Fatal().
|
|
||||||
Str("path", aclPath).
|
|
||||||
Err(err).
|
|
||||||
Msg("Could not load the ACL policy")
|
|
||||||
}
|
|
||||||
|
|
||||||
app.ACLPolicy = pol
|
|
||||||
}
|
|
||||||
|
|
||||||
return app, nil
|
return app, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,7 +72,7 @@ func getHeadscaleCLIClient() (context.Context, v1.HeadscaleServiceClient, *grpc.
|
||||||
|
|
||||||
// Try to give the user better feedback if we cannot write to the headscale
|
// Try to give the user better feedback if we cannot write to the headscale
|
||||||
// socket.
|
// socket.
|
||||||
socket, err := os.OpenFile(cfg.UnixSocket, os.O_WRONLY, SocketWritePermissions) //nolint
|
socket, err := os.OpenFile(cfg.UnixSocket, os.O_WRONLY, SocketWritePermissions) // nolint
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if os.IsPermission(err) {
|
if os.IsPermission(err) {
|
||||||
log.Fatal().
|
log.Fatal().
|
||||||
|
@ -167,13 +150,13 @@ func SuccessOutput(result interface{}, override string, outputFormat string) {
|
||||||
log.Fatal().Err(err).Msg("failed to unmarshal output")
|
log.Fatal().Err(err).Msg("failed to unmarshal output")
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
//nolint
|
// nolint
|
||||||
fmt.Println(override)
|
fmt.Println(override)
|
||||||
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
//nolint
|
// nolint
|
||||||
fmt.Println(string(jsonBytes))
|
fmt.Println(string(jsonBytes))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -212,13 +195,3 @@ func (t tokenAuth) GetRequestMetadata(
|
||||||
func (tokenAuth) RequireTransportSecurity() bool {
|
func (tokenAuth) RequireTransportSecurity() bool {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
func contains[T string](ts []T, t T) bool {
|
|
||||||
for _, v := range ts {
|
|
||||||
if reflect.DeepEqual(v, t) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
|
|
|
@ -4,7 +4,7 @@ import (
|
||||||
"os"
|
"os"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/efekarakus/termcolor"
|
"github.com/jagottsicher/termcolor"
|
||||||
"github.com/juanfont/headscale/cmd/headscale/cli"
|
"github.com/juanfont/headscale/cmd/headscale/cli"
|
||||||
"github.com/rs/zerolog"
|
"github.com/rs/zerolog"
|
||||||
"github.com/rs/zerolog/log"
|
"github.com/rs/zerolog/log"
|
||||||
|
|
|
@ -58,14 +58,11 @@ func (*Suite) TestConfigFileLoading(c *check.C) {
|
||||||
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
|
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
|
||||||
c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
|
c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
|
||||||
c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
|
c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
|
||||||
c.Assert(viper.GetString("db_type"), check.Equals, "sqlite")
|
|
||||||
c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
|
|
||||||
c.Assert(viper.GetString("database.type"), check.Equals, "sqlite")
|
c.Assert(viper.GetString("database.type"), check.Equals, "sqlite")
|
||||||
c.Assert(viper.GetString("database.sqlite.path"), check.Equals, "/var/lib/headscale/db.sqlite")
|
c.Assert(viper.GetString("database.sqlite.path"), check.Equals, "/var/lib/headscale/db.sqlite")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
|
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
|
||||||
c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
|
|
||||||
c.Assert(
|
c.Assert(
|
||||||
util.GetFileMode("unix_socket_permission"),
|
util.GetFileMode("unix_socket_permission"),
|
||||||
check.Equals,
|
check.Equals,
|
||||||
|
@ -103,12 +100,11 @@ func (*Suite) TestConfigLoading(c *check.C) {
|
||||||
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
|
c.Assert(viper.GetString("server_url"), check.Equals, "http://127.0.0.1:8080")
|
||||||
c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
|
c.Assert(viper.GetString("listen_addr"), check.Equals, "127.0.0.1:8080")
|
||||||
c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
|
c.Assert(viper.GetString("metrics_listen_addr"), check.Equals, "127.0.0.1:9090")
|
||||||
c.Assert(viper.GetString("db_type"), check.Equals, "sqlite")
|
c.Assert(viper.GetString("database.type"), check.Equals, "sqlite")
|
||||||
c.Assert(viper.GetString("db_path"), check.Equals, "/var/lib/headscale/db.sqlite")
|
c.Assert(viper.GetString("database.sqlite.path"), check.Equals, "/var/lib/headscale/db.sqlite")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
c.Assert(viper.GetString("tls_letsencrypt_hostname"), check.Equals, "")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
c.Assert(viper.GetString("tls_letsencrypt_listen"), check.Equals, ":http")
|
||||||
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
|
c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
|
||||||
c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
|
|
||||||
c.Assert(
|
c.Assert(
|
||||||
util.GetFileMode("unix_socket_permission"),
|
util.GetFileMode("unix_socket_permission"),
|
||||||
check.Equals,
|
check.Equals,
|
||||||
|
@ -118,39 +114,6 @@ func (*Suite) TestConfigLoading(c *check.C) {
|
||||||
c.Assert(viper.GetBool("randomize_client_port"), check.Equals, false)
|
c.Assert(viper.GetBool("randomize_client_port"), check.Equals, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (*Suite) TestDNSConfigLoading(c *check.C) {
|
|
||||||
tmpDir, err := os.MkdirTemp("", "headscale")
|
|
||||||
if err != nil {
|
|
||||||
c.Fatal(err)
|
|
||||||
}
|
|
||||||
defer os.RemoveAll(tmpDir)
|
|
||||||
|
|
||||||
path, err := os.Getwd()
|
|
||||||
if err != nil {
|
|
||||||
c.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Symlink the example config file
|
|
||||||
err = os.Symlink(
|
|
||||||
filepath.Clean(path+"/../../config-example.yaml"),
|
|
||||||
filepath.Join(tmpDir, "config.yaml"),
|
|
||||||
)
|
|
||||||
if err != nil {
|
|
||||||
c.Fatal(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
// Load example config, it should load without validation errors
|
|
||||||
err = types.LoadConfig(tmpDir, false)
|
|
||||||
c.Assert(err, check.IsNil)
|
|
||||||
|
|
||||||
dnsConfig, baseDomain := types.GetDNSConfig()
|
|
||||||
|
|
||||||
c.Assert(dnsConfig.Nameservers[0].String(), check.Equals, "1.1.1.1")
|
|
||||||
c.Assert(dnsConfig.Resolvers[0].Addr, check.Equals, "1.1.1.1")
|
|
||||||
c.Assert(dnsConfig.Proxied, check.Equals, true)
|
|
||||||
c.Assert(baseDomain, check.Equals, "example.com")
|
|
||||||
}
|
|
||||||
|
|
||||||
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
|
func writeConfig(c *check.C, tmpDir string, configYaml []byte) {
|
||||||
// Populate a custom config file
|
// Populate a custom config file
|
||||||
configFile := filepath.Join(tmpDir, "config.yaml")
|
configFile := filepath.Join(tmpDir, "config.yaml")
|
||||||
|
|
|
@ -57,9 +57,14 @@ noise:
|
||||||
# IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71
|
# IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71
|
||||||
# IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
|
# IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
|
||||||
# Any other range is NOT supported, and it will cause unexpected issues.
|
# Any other range is NOT supported, and it will cause unexpected issues.
|
||||||
ip_prefixes:
|
prefixes:
|
||||||
- fd7a:115c:a1e0::/48
|
v6: fd7a:115c:a1e0::/48
|
||||||
- 100.64.0.0/10
|
v4: 100.64.0.0/10
|
||||||
|
|
||||||
|
# Strategy used for allocation of IPs to nodes, available options:
|
||||||
|
# - sequential (default): assigns the next free IP from the previous given IP.
|
||||||
|
# - random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).
|
||||||
|
allocation: sequential
|
||||||
|
|
||||||
# DERP is a relay system that Tailscale uses when a direct
|
# DERP is a relay system that Tailscale uses when a direct
|
||||||
# connection cannot be established.
|
# connection cannot be established.
|
||||||
|
@ -100,7 +105,7 @@ derp:
|
||||||
automatically_add_embedded_derp_region: true
|
automatically_add_embedded_derp_region: true
|
||||||
|
|
||||||
# For better connection stability (especially when using an Exit-Node and DNS is not working),
|
# For better connection stability (especially when using an Exit-Node and DNS is not working),
|
||||||
# it is possible to optionall add the public IPv4 and IPv6 address to the Derp-Map using:
|
# it is possible to optionally add the public IPv4 and IPv6 address to the Derp-Map using:
|
||||||
ipv4: 1.2.3.4
|
ipv4: 1.2.3.4
|
||||||
ipv6: 2001:db8::1
|
ipv6: 2001:db8::1
|
||||||
|
|
||||||
|
@ -132,20 +137,40 @@ disable_check_updates: false
|
||||||
# Time before an inactive ephemeral node is deleted?
|
# Time before an inactive ephemeral node is deleted?
|
||||||
ephemeral_node_inactivity_timeout: 30m
|
ephemeral_node_inactivity_timeout: 30m
|
||||||
|
|
||||||
# Period to check for node updates within the tailnet. A value too low will severely affect
|
|
||||||
# CPU consumption of Headscale. A value too high (over 60s) will cause problems
|
|
||||||
# for the nodes, as they won't get updates or keep alive messages frequently enough.
|
|
||||||
# In case of doubts, do not touch the default 10s.
|
|
||||||
node_update_check_interval: 10s
|
|
||||||
|
|
||||||
database:
|
database:
|
||||||
|
# Database type. Available options: sqlite, postgres
|
||||||
|
# Please note that using Postgres is highly discouraged as it is only supported for legacy reasons.
|
||||||
|
# All new development, testing and optimisations are done with SQLite in mind.
|
||||||
type: sqlite
|
type: sqlite
|
||||||
|
|
||||||
|
# Enable debug mode. This setting requires the log.level to be set to "debug" or "trace".
|
||||||
|
debug: false
|
||||||
|
|
||||||
|
# GORM configuration settings.
|
||||||
|
gorm:
|
||||||
|
# Enable prepared statements.
|
||||||
|
prepare_stmt: true
|
||||||
|
|
||||||
|
# Enable parameterized queries.
|
||||||
|
parameterized_queries: true
|
||||||
|
|
||||||
|
# Skip logging "record not found" errors.
|
||||||
|
skip_err_record_not_found: true
|
||||||
|
|
||||||
|
# Threshold for slow queries in milliseconds.
|
||||||
|
slow_threshold: 1000
|
||||||
|
|
||||||
# SQLite config
|
# SQLite config
|
||||||
sqlite:
|
sqlite:
|
||||||
path: /var/lib/headscale/db.sqlite
|
path: /var/lib/headscale/db.sqlite
|
||||||
|
|
||||||
|
# Enable WAL mode for SQLite. This is recommended for production environments.
|
||||||
|
# https://www.sqlite.org/wal.html
|
||||||
|
write_ahead_log: true
|
||||||
|
|
||||||
# # Postgres config
|
# # Postgres config
|
||||||
|
# Please note that using Postgres is highly discouraged as it is only supported for legacy reasons.
|
||||||
|
# See database.type for more information.
|
||||||
# postgres:
|
# postgres:
|
||||||
# # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
# # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
||||||
# host: localhost
|
# host: localhost
|
||||||
|
@ -158,7 +183,7 @@ database:
|
||||||
# conn_max_idle_time_secs: 3600
|
# conn_max_idle_time_secs: 3600
|
||||||
|
|
||||||
# # If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need
|
# # If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need
|
||||||
# # in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
|
# # in the 'ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
|
||||||
# ssl: false
|
# ssl: false
|
||||||
|
|
||||||
### TLS configuration
|
### TLS configuration
|
||||||
|
@ -200,10 +225,17 @@ log:
|
||||||
format: text
|
format: text
|
||||||
level: info
|
level: info
|
||||||
|
|
||||||
# Path to a file containg ACL policies.
|
## Policy
|
||||||
# ACLs can be defined as YAML or HUJSON.
|
# headscale supports Tailscale's ACL policies.
|
||||||
# https://tailscale.com/kb/1018/acls/
|
# Please have a look to their KB to better
|
||||||
acl_policy_path: ""
|
# understand the concepts: https://tailscale.com/kb/1018/acls/
|
||||||
|
policy:
|
||||||
|
# The mode can be "file" or "database" that defines
|
||||||
|
# where the ACL policies are stored and read from.
|
||||||
|
mode: file
|
||||||
|
# If the mode is set to "file", the path to a
|
||||||
|
# HuJSON file containing ACL policies.
|
||||||
|
path: ""
|
||||||
|
|
||||||
## DNS
|
## DNS
|
||||||
#
|
#
|
||||||
|
@ -214,43 +246,60 @@ acl_policy_path: ""
|
||||||
# - https://tailscale.com/kb/1081/magicdns/
|
# - https://tailscale.com/kb/1081/magicdns/
|
||||||
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
||||||
#
|
#
|
||||||
dns_config:
|
# Please note that for the DNS configuration to have any effect,
|
||||||
# Whether to prefer using Headscale provided DNS or use local.
|
# clients must have the `--accept-dns=true` option enabled. This is the
|
||||||
override_local_dns: true
|
# default for the Tailscale client. This option is enabled by default
|
||||||
|
# in the Tailscale client.
|
||||||
|
#
|
||||||
|
# Setting _any_ of the configuration and `--accept-dns=true` on the
|
||||||
|
# clients will integrate with the DNS manager on the client or
|
||||||
|
# overwrite /etc/resolv.conf.
|
||||||
|
# https://tailscale.com/kb/1235/resolv-conf
|
||||||
|
#
|
||||||
|
# If you want stop Headscale from managing the DNS configuration
|
||||||
|
# all the fields under `dns` should be set to empty values.
|
||||||
|
dns:
|
||||||
|
# Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
|
||||||
|
# Only works if there is at least a nameserver defined.
|
||||||
|
magic_dns: true
|
||||||
|
|
||||||
|
# Defines the base domain to create the hostnames for MagicDNS.
|
||||||
|
# This domain _must_ be different from the server_url domain.
|
||||||
|
# `base_domain` must be a FQDN, without the trailing dot.
|
||||||
|
# The FQDN of the hosts will be
|
||||||
|
# `hostname.base_domain` (e.g., _myhost.example.com_).
|
||||||
|
base_domain: example.com
|
||||||
|
|
||||||
# List of DNS servers to expose to clients.
|
# List of DNS servers to expose to clients.
|
||||||
nameservers:
|
nameservers:
|
||||||
- 1.1.1.1
|
global:
|
||||||
|
- 1.1.1.1
|
||||||
|
- 1.0.0.1
|
||||||
|
- 2606:4700:4700::1111
|
||||||
|
- 2606:4700:4700::1001
|
||||||
|
|
||||||
# NextDNS (see https://tailscale.com/kb/1218/nextdns/).
|
# NextDNS (see https://tailscale.com/kb/1218/nextdns/).
|
||||||
# "abc123" is example NextDNS ID, replace with yours.
|
# "abc123" is example NextDNS ID, replace with yours.
|
||||||
#
|
# - https://dns.nextdns.io/abc123
|
||||||
# With metadata sharing:
|
|
||||||
# nameservers:
|
|
||||||
# - https://dns.nextdns.io/abc123
|
|
||||||
#
|
|
||||||
# Without metadata sharing:
|
|
||||||
# nameservers:
|
|
||||||
# - 2a07:a8c0::ab:c123
|
|
||||||
# - 2a07:a8c1::ab:c123
|
|
||||||
|
|
||||||
# Split DNS (see https://tailscale.com/kb/1054/dns/),
|
# Split DNS (see https://tailscale.com/kb/1054/dns/),
|
||||||
# list of search domains and the DNS to query for each one.
|
# a map of domains and which DNS server to use for each.
|
||||||
#
|
split:
|
||||||
# restricted_nameservers:
|
{}
|
||||||
# foo.bar.com:
|
# foo.bar.com:
|
||||||
# - 1.1.1.1
|
# - 1.1.1.1
|
||||||
# darp.headscale.net:
|
# darp.headscale.net:
|
||||||
# - 1.1.1.1
|
# - 1.1.1.1
|
||||||
# - 8.8.8.8
|
# - 8.8.8.8
|
||||||
|
|
||||||
# Search domains to inject.
|
# Set custom DNS search domains. With MagicDNS enabled,
|
||||||
domains: []
|
# your tailnet base_domain is always the first search domain.
|
||||||
|
search_domains: []
|
||||||
|
|
||||||
# Extra DNS records
|
# Extra DNS records
|
||||||
# so far only A-records are supported (on the tailscale side)
|
# so far only A-records are supported (on the tailscale side)
|
||||||
# See https://github.com/juanfont/headscale/blob/main/docs/dns-records.md#Limitations
|
# See https://github.com/juanfont/headscale/blob/main/docs/dns-records.md#Limitations
|
||||||
# extra_records:
|
extra_records: []
|
||||||
# - name: "grafana.myvpn.example.com"
|
# - name: "grafana.myvpn.example.com"
|
||||||
# type: "A"
|
# type: "A"
|
||||||
# value: "100.64.0.3"
|
# value: "100.64.0.3"
|
||||||
|
@ -258,25 +307,24 @@ dns_config:
|
||||||
# # you can also put it in one line
|
# # you can also put it in one line
|
||||||
# - { name: "prometheus.myvpn.example.com", type: "A", value: "100.64.0.3" }
|
# - { name: "prometheus.myvpn.example.com", type: "A", value: "100.64.0.3" }
|
||||||
|
|
||||||
# Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
|
# DEPRECATED
|
||||||
# Only works if there is at least a nameserver defined.
|
# Use the username as part of the DNS name for nodes, with this option enabled:
|
||||||
magic_dns: true
|
# node1.username.example.com
|
||||||
|
# while when this is disabled:
|
||||||
# Defines the base domain to create the hostnames for MagicDNS.
|
# node1.example.com
|
||||||
# `base_domain` must be a FQDNs, without the trailing dot.
|
# This is a legacy option as Headscale has have this wrongly implemented
|
||||||
# The FQDN of the hosts will be
|
# while in upstream Tailscale, the username is not included.
|
||||||
# `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
|
use_username_in_magic_dns: false
|
||||||
base_domain: example.com
|
|
||||||
|
|
||||||
# Unix socket used for the CLI to connect without authentication
|
# Unix socket used for the CLI to connect without authentication
|
||||||
# Note: for production you will want to set this to something like:
|
# Note: for production you will want to set this to something like:
|
||||||
unix_socket: /var/run/headscale/headscale.sock
|
unix_socket: /var/run/headscale/headscale.sock
|
||||||
unix_socket_permission: "0770"
|
unix_socket_permission: "0770"
|
||||||
#
|
#
|
||||||
# headscale supports experimental OpenID connect support,
|
# # headscale supports experimental OpenID connect support,
|
||||||
# it is still being tested and might have some bugs, please
|
# # it is still being tested and might have some bugs, please
|
||||||
# help us test it.
|
# # help us test it.
|
||||||
# OpenID Connect
|
# # OpenID Connect
|
||||||
# oidc:
|
# oidc:
|
||||||
# only_start_if_oidc_is_available: true
|
# only_start_if_oidc_is_available: true
|
||||||
# issuer: "https://your-oidc.issuer.com/path"
|
# issuer: "https://your-oidc.issuer.com/path"
|
||||||
|
@ -285,44 +333,60 @@ unix_socket_permission: "0770"
|
||||||
# # Alternatively, set `client_secret_path` to read the secret from the file.
|
# # Alternatively, set `client_secret_path` to read the secret from the file.
|
||||||
# # It resolves environment variables, making integration to systemd's
|
# # It resolves environment variables, making integration to systemd's
|
||||||
# # `LoadCredential` straightforward:
|
# # `LoadCredential` straightforward:
|
||||||
# client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
|
# # client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
|
||||||
# # client_secret and client_secret_path are mutually exclusive.
|
# # client_secret and client_secret_path are mutually exclusive.
|
||||||
#
|
# #
|
||||||
# # The amount of time from a node is authenticated with OpenID until it
|
|
||||||
# # expires and needs to reauthenticate.
|
|
||||||
# # Setting the value to "0" will mean no expiry.
|
|
||||||
# expiry: 180d
|
|
||||||
#
|
|
||||||
# # Use the expiry from the token received from OpenID when the user logged
|
|
||||||
# # in, this will typically lead to frequent need to reauthenticate and should
|
|
||||||
# # only been enabled if you know what you are doing.
|
|
||||||
# # Note: enabling this will cause `oidc.expiry` to be ignored.
|
|
||||||
# use_expiry_from_token: false
|
|
||||||
#
|
|
||||||
# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
|
# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
|
||||||
# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
|
# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
|
||||||
#
|
|
||||||
# scope: ["openid", "profile", "email", "custom"]
|
# scope: ["openid", "profile", "email", "custom"]
|
||||||
# extra_params:
|
# # extra_params:
|
||||||
# domain_hint: example.com
|
# # domain_hint: example.com
|
||||||
#
|
|
||||||
# # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
|
# expiry:
|
||||||
# # authentication request will be rejected.
|
# #
|
||||||
#
|
# # Use the expiry from the token received from OpenID when the user logged
|
||||||
# allowed_domains:
|
# # in, this will typically lead to frequent need to reauthenticate and should
|
||||||
# - example.com
|
# # only been enabled if you know what you are doing.
|
||||||
# # Note: Groups from keycloak have a leading '/'
|
# # Note: enabling this will cause `oidc.expiry.fixed_time` to be ignored.
|
||||||
# allowed_groups:
|
# from_token: false
|
||||||
# - /headscale
|
# #
|
||||||
# allowed_users:
|
# # The amount of time from a node is authenticated with OpenID until it
|
||||||
# - alice@example.com
|
# # expires and needs to reauthenticate.
|
||||||
#
|
# # Setting the value to "0" will mean no expiry.
|
||||||
# # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
|
# fixed_time: 180d
|
||||||
# # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
|
|
||||||
# # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
|
# # # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
|
||||||
# user: `first-name.last-name.example.com`
|
# # # authentication request will be rejected.
|
||||||
#
|
# # allowed:
|
||||||
# strip_email_domain: true
|
# # domains:
|
||||||
|
# # - example.com
|
||||||
|
# # groups:
|
||||||
|
# # - admins
|
||||||
|
# # users:
|
||||||
|
# # - admin@example.com
|
||||||
|
|
||||||
|
# # Map claims from the OIDC token to the user object
|
||||||
|
# claims_map:
|
||||||
|
# name: name
|
||||||
|
# username: email
|
||||||
|
# # username: preferred_username
|
||||||
|
# email: email
|
||||||
|
# groups: groups
|
||||||
|
|
||||||
|
|
||||||
|
# # some random configuration
|
||||||
|
# misc:
|
||||||
|
# # if the username is set to `email` then `strip_email_domain` is valid
|
||||||
|
# # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
|
||||||
|
# # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
|
||||||
|
# # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
|
||||||
|
# # user: `first-name.last-name.example.com`
|
||||||
|
# strip_email_domain: true
|
||||||
|
# # If `flatten_groups` is set to `true`, the groups claim will be flattened to a single level.
|
||||||
|
# # this is used for keycloak where the groups are nested. the groups format from keycloak is `group1/subgroup1/subgroup2`
|
||||||
|
# flatten_groups: true
|
||||||
|
# # If `flatten_splitter` is set to a string, the groups claim will be split by the string and flattened to a single level.
|
||||||
|
# flatten_splitter: "/"
|
||||||
|
|
||||||
# Logtail configuration
|
# Logtail configuration
|
||||||
# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel
|
# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel
|
||||||
|
|
|
@ -3,7 +3,7 @@ Headscale implements the same policy ACLs as Tailscale.com, adapted to the self-
|
||||||
For instance, instead of referring to users when defining groups you must
|
For instance, instead of referring to users when defining groups you must
|
||||||
use users (which are the equivalent to user/logins in Tailscale.com).
|
use users (which are the equivalent to user/logins in Tailscale.com).
|
||||||
|
|
||||||
Please check https://tailscale.com/kb/1018/acls/, and `./tests/acls/` in this repo for working examples.
|
Please check https://tailscale.com/kb/1018/acls/ for further information.
|
||||||
|
|
||||||
When using ACL's the User borders are no longer applied. All machines
|
When using ACL's the User borders are no longer applied. All machines
|
||||||
whichever the User have the ability to communicate with other hosts as
|
whichever the User have the ability to communicate with other hosts as
|
||||||
|
@ -43,8 +43,7 @@ servers.
|
||||||
Note: Users will be created automatically when users authenticate with the
|
Note: Users will be created automatically when users authenticate with the
|
||||||
Headscale server.
|
Headscale server.
|
||||||
|
|
||||||
ACLs could be written either on [huJSON](https://github.com/tailscale/hujson)
|
ACLs have to be written in [huJSON](https://github.com/tailscale/hujson).
|
||||||
or YAML. Check the [test ACLs](../tests/acls) for further information.
|
|
||||||
|
|
||||||
When registering the servers we will need to add the flag
|
When registering the servers we will need to add the flag
|
||||||
`--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user that is
|
`--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user that is
|
||||||
|
@ -53,7 +52,7 @@ a server they can register, the check of the tags is done on headscale server
|
||||||
and only valid tags are applied. A tag is valid if the user that is
|
and only valid tags are applied. A tag is valid if the user that is
|
||||||
registering it is allowed to do it.
|
registering it is allowed to do it.
|
||||||
|
|
||||||
To use ACLs in headscale, you must edit your config.yaml file. In there you will find a `acl_policy_path: ""` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).
|
To use ACLs in headscale, you must edit your `config.yaml` file. In there you will find a `policy.path` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).
|
||||||
|
|
||||||
Here are the ACL's to implement the same permissions as above:
|
Here are the ACL's to implement the same permissions as above:
|
||||||
|
|
||||||
|
|
|
@ -12,8 +12,8 @@ Ensure that the installed version is at least 1.30.0, as that is the first relea
|
||||||
|
|
||||||
## Configuring the headscale URL
|
## Configuring the headscale URL
|
||||||
|
|
||||||
After opening the app, the kebab menu icon (three dots) on the top bar on the right must be repeatedly opened and closed until the _Change server_ option appears in the menu. This is where you can enter your headscale URL.
|
After opening the app:
|
||||||
|
|
||||||
A screen recording of this process can be seen in the `tailscale-android` PR which implemented this functionality: <https://github.com/tailscale/tailscale-android/pull/55>
|
- Open setting and go into account settings
|
||||||
|
- In the kebab menu icon (three dots) on the top bar on the right select “Use an alternate server”
|
||||||
After saving and restarting the app, selecting the regular _Sign in_ option (non-SSO) should open up the headscale authentication page.
|
- Enter your server URL and follow the instructions
|
||||||
|
|
|
@ -18,23 +18,25 @@ An example use case is to serve apps on the same host via a reverse proxy like N
|
||||||
|
|
||||||
1. Change the `config.yaml` to contain the desired records like so:
|
1. Change the `config.yaml` to contain the desired records like so:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
dns_config:
|
dns:
|
||||||
...
|
...
|
||||||
extra_records:
|
extra_records:
|
||||||
- name: "prometheus.myvpn.example.com"
|
- name: "prometheus.myvpn.example.com"
|
||||||
type: "A"
|
type: "A"
|
||||||
value: "100.64.0.3"
|
value: "100.64.0.3"
|
||||||
|
|
||||||
- name: "grafana.myvpn.example.com"
|
- name: "grafana.myvpn.example.com"
|
||||||
type: "A"
|
type: "A"
|
||||||
value: "100.64.0.3"
|
value: "100.64.0.3"
|
||||||
...
|
...
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Restart your headscale instance.
|
1. Restart your headscale instance.
|
||||||
|
|
||||||
Beware of the limitations listed later on!
|
!!! warning
|
||||||
|
|
||||||
|
Beware of the limitations listed later on!
|
||||||
|
|
||||||
### 2. Verify that the records are set
|
### 2. Verify that the records are set
|
||||||
|
|
||||||
|
|
|
@ -14,28 +14,30 @@ If the node is already registered, it can advertise exit capabilities like this:
|
||||||
$ sudo tailscale set --advertise-exit-node
|
$ sudo tailscale set --advertise-exit-node
|
||||||
```
|
```
|
||||||
|
|
||||||
To use a node as an exit node, IP forwarding must be enabled on the node. Check the official [Tailscale documentation](https://tailscale.com/kb/1019/subnets/?tab=linux#enable-ip-forwarding) for how to enable IP fowarding.
|
To use a node as an exit node, IP forwarding must be enabled on the node. Check the official [Tailscale documentation](https://tailscale.com/kb/1019/subnets/?tab=linux#enable-ip-forwarding) for how to enable IP forwarding.
|
||||||
|
|
||||||
## On the control server
|
## On the control server
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ # list nodes
|
$ # list nodes
|
||||||
$ headscale routes list
|
$ headscale routes list
|
||||||
ID | Machine | Prefix | Advertised | Enabled | Primary
|
ID | Node | Prefix | Advertised | Enabled | Primary
|
||||||
1 | | 0.0.0.0/0 | false | false | -
|
1 | | 0.0.0.0/0 | false | false | -
|
||||||
2 | | ::/0 | false | false | -
|
2 | | ::/0 | false | false | -
|
||||||
3 | phobos | 0.0.0.0/0 | true | false | -
|
3 | phobos | 0.0.0.0/0 | true | false | -
|
||||||
4 | phobos | ::/0 | true | false | -
|
4 | phobos | ::/0 | true | false | -
|
||||||
|
|
||||||
$ # enable routes for phobos
|
$ # enable routes for phobos
|
||||||
$ headscale routes enable -r 3
|
$ headscale routes enable -r 3
|
||||||
$ headscale routes enable -r 4
|
$ headscale routes enable -r 4
|
||||||
|
|
||||||
$ # Check node list again. The routes are now enabled.
|
$ # Check node list again. The routes are now enabled.
|
||||||
$ headscale routes list
|
$ headscale routes list
|
||||||
ID | Machine | Prefix | Advertised | Enabled | Primary
|
ID | Node | Prefix | Advertised | Enabled | Primary
|
||||||
1 | | 0.0.0.0/0 | false | false | -
|
1 | | 0.0.0.0/0 | false | false | -
|
||||||
2 | | ::/0 | false | false | -
|
2 | | ::/0 | false | false | -
|
||||||
3 | phobos | 0.0.0.0/0 | true | true | -
|
3 | phobos | 0.0.0.0/0 | true | true | -
|
||||||
4 | phobos | ::/0 | true | true | -
|
4 | phobos | ::/0 | true | true | -
|
||||||
```
|
```
|
||||||
|
|
||||||
## On the client
|
## On the client
|
||||||
|
@ -46,4 +48,4 @@ The exit node can now be used with:
|
||||||
$ sudo tailscale set --exit-node phobos
|
$ sudo tailscale set --exit-node phobos
|
||||||
```
|
```
|
||||||
|
|
||||||
Check the official [Tailscale documentation](https://tailscale.com/kb/1103/exit-nodes/?q=exit#step-3-use-the-exit-node) for how to do it on your device.
|
Check the official [Tailscale documentation](https://tailscale.com/kb/1103/exit-nodes#use-the-exit-node) for how to do it on your device.
|
||||||
|
|
|
@ -31,12 +31,12 @@ We are more than happy to exchange emails, or to have dedicated calls before a P
|
||||||
|
|
||||||
## When/Why is Feature X going to be implemented?
|
## When/Why is Feature X going to be implemented?
|
||||||
|
|
||||||
We don't know. We might be working on it. If you want to help, please send us a PR.
|
We don't know. We might be working on it. If you're interested in contributing, please post a feature request about it.
|
||||||
|
|
||||||
Please be aware that there are a number of reasons why we might not accept specific contributions:
|
Please be aware that there are a number of reasons why we might not accept specific contributions:
|
||||||
|
|
||||||
- It is not possible to implement the feature in a way that makes sense in a self-hosted environment.
|
- It is not possible to implement the feature in a way that makes sense in a self-hosted environment.
|
||||||
- Given that we are reverse-engineering Tailscale to satify our own curiosity, we might be interested in implementing the feature ourselves.
|
- Given that we are reverse-engineering Tailscale to satisfy our own curiosity, we might be interested in implementing the feature ourselves.
|
||||||
- You are not sending unit and integration tests with it.
|
- You are not sending unit and integration tests with it.
|
||||||
|
|
||||||
## Do you support Y method of deploying Headscale?
|
## Do you support Y method of deploying Headscale?
|
||||||
|
@ -51,3 +51,7 @@ For convenience, we also build Docker images with `headscale`. But **please be a
|
||||||
## Why is my reverse proxy not working with Headscale?
|
## Why is my reverse proxy not working with Headscale?
|
||||||
|
|
||||||
We don't know. We don't use reverse proxies with `headscale` ourselves, so we don't have any experience with them. We have [community documentation](https://headscale.net/reverse-proxy/) on how to configure various reverse proxies, and a dedicated [Discord channel](https://discord.com/channels/896711691637780480/1070619818346164324) where you can ask for help to the community.
|
We don't know. We don't use reverse proxies with `headscale` ourselves, so we don't have any experience with them. We have [community documentation](https://headscale.net/reverse-proxy/) on how to configure various reverse proxies, and a dedicated [Discord channel](https://discord.com/channels/896711691637780480/1070619818346164324) where you can ask for help to the community.
|
||||||
|
|
||||||
|
## Can I use headscale and tailscale on the same machine?
|
||||||
|
|
||||||
|
Running headscale on a machine that is also in the tailnet can cause problems with subnet routers, traffic relay nodes, and MagicDNS. It might work, but it is not supported.
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
# Glossary
|
|
||||||
|
|
||||||
| Term | Description |
|
|
||||||
| --------- | ------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
||||||
| Machine | A machine is a single entity connected to `headscale`, typically an installation of Tailscale. Also known as **Node** |
|
|
||||||
| Namespace | A namespace was a logical grouping of machines "owned" by the same entity, in Tailscale, this is typically a User (This is now called user) |
|
|
BIN
docs/images/headscale-sealos-grpc-url.png
Normal file
BIN
docs/images/headscale-sealos-grpc-url.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 35 KiB |
BIN
docs/images/headscale-sealos-url.png
Normal file
BIN
docs/images/headscale-sealos-url.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 35 KiB |
|
@ -8,7 +8,7 @@ hide:
|
||||||
|
|
||||||
`headscale` is an open source, self-hosted implementation of the Tailscale control server.
|
`headscale` is an open source, self-hosted implementation of the Tailscale control server.
|
||||||
|
|
||||||
This page contains the documentation for the latest version of headscale. Please also check our [FAQ](/faq/).
|
This page contains the documentation for the latest version of headscale. Please also check our [FAQ](faq.md).
|
||||||
|
|
||||||
Join our [Discord](https://discord.gg/c84AZQhmpx) server for a chat and community support.
|
Join our [Discord](https://discord.gg/c84AZQhmpx) server for a chat and community support.
|
||||||
|
|
||||||
|
@ -31,12 +31,7 @@ buttons available in the repo.
|
||||||
Headscale is "Open Source, acknowledged contribution", this means that any
|
Headscale is "Open Source, acknowledged contribution", this means that any
|
||||||
contribution will have to be discussed with the Maintainers before being submitted.
|
contribution will have to be discussed with the Maintainers before being submitted.
|
||||||
|
|
||||||
This model has been chosen to reduce the risk of burnout by limiting the
|
Please see [CONTRIBUTING.md](https://github.com/juanfont/headscale/blob/main/CONTRIBUTING.md) for more information.
|
||||||
maintenance overhead of reviewing and validating third-party code.
|
|
||||||
|
|
||||||
Headscale is open to code contributions for bug fixes without discussion.
|
|
||||||
|
|
||||||
If you find mistakes in the documentation, please submit a fix to the documentation.
|
|
||||||
|
|
||||||
## About
|
## About
|
||||||
|
|
||||||
|
|
80
docs/oidc.md
80
docs/oidc.md
|
@ -13,43 +13,69 @@ In your `config.yaml`, customize this to your liking:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
oidc:
|
oidc:
|
||||||
# Block further startup until the OIDC provider is healthy and available
|
|
||||||
only_start_if_oidc_is_available: true
|
only_start_if_oidc_is_available: true
|
||||||
# Specified by your OIDC provider
|
|
||||||
issuer: "https://your-oidc.issuer.com/path"
|
issuer: "https://your-oidc.issuer.com/path"
|
||||||
# Specified/generated by your OIDC provider
|
|
||||||
client_id: "your-oidc-client-id"
|
client_id: "your-oidc-client-id"
|
||||||
client_secret: "your-oidc-client-secret"
|
client_secret: "your-oidc-client-secret"
|
||||||
# alternatively, set `client_secret_path` to read the secret from the file.
|
# Alternatively, set `client_secret_path` to read the secret from the file.
|
||||||
# It resolves environment variables, making integration to systemd's
|
# It resolves environment variables, making integration to systemd's
|
||||||
# `LoadCredential` straightforward:
|
# `LoadCredential` straightforward:
|
||||||
#client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
|
# client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
|
||||||
# as third option, it's also possible to load the oidc secret from environment variables
|
# client_secret and client_secret_path are mutually exclusive.
|
||||||
# set HEADSCALE_OIDC_CLIENT_SECRET to the required value
|
#
|
||||||
|
|
||||||
# Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
|
# Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
|
||||||
# parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
|
# parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
|
||||||
scope: ["openid", "profile", "email", "custom"]
|
scope: ["openid", "profile", "email", "custom"]
|
||||||
# Optional: Passed on to the browser login request – used to tweak behaviour for the OIDC provider
|
extra_params:
|
||||||
extra_params:
|
domain_hint: example.com
|
||||||
domain_hint: example.com
|
|
||||||
|
expiry:
|
||||||
|
#
|
||||||
|
# Use the expiry from the token received from OpenID when the user logged
|
||||||
|
# in, this will typically lead to frequent need to reauthenticate and should
|
||||||
|
# only been enabled if you know what you are doing.
|
||||||
|
# Note: enabling this will cause `oidc.expiry.fixed_time` to be ignored.
|
||||||
|
from_token: false
|
||||||
|
#
|
||||||
|
# The amount of time from a node is authenticated with OpenID until it
|
||||||
|
# expires and needs to reauthenticate.
|
||||||
|
# Setting the value to "0" will mean no expiry.
|
||||||
|
fixed_time: 180d
|
||||||
|
|
||||||
|
# # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
|
||||||
|
# # authentication request will be rejected.
|
||||||
|
allowed:
|
||||||
|
domains:
|
||||||
|
- example.com
|
||||||
|
groups:
|
||||||
|
- admins
|
||||||
|
users:
|
||||||
|
- admin@example.com
|
||||||
|
|
||||||
|
# Map claims from the OIDC token to the user object
|
||||||
|
claims_map:
|
||||||
|
name: name
|
||||||
|
username: email
|
||||||
|
# username: preferred_username
|
||||||
|
email: email
|
||||||
|
groups: groups
|
||||||
|
|
||||||
|
|
||||||
|
# some random configuration
|
||||||
|
misc:
|
||||||
|
# if the username is set to `email` then `strip_email_domain` is valid
|
||||||
|
# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
|
||||||
|
# This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
|
||||||
|
# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
|
||||||
|
# user: `first-name.last-name.example.com`
|
||||||
|
strip_email_domain: true
|
||||||
|
# If `flatten_groups` is set to `true`, the groups claim will be flattened to a single level.
|
||||||
|
# this is used for keycloak where the groups are nested. the groups format from keycloak is `group1/subgroup1/subgroup2`
|
||||||
|
flatten_groups: true
|
||||||
|
# If `flatten_splitter` is set to a string, the groups claim will be split by the string and flattened to a single level.
|
||||||
|
flatten_splitter: "/"
|
||||||
|
|
||||||
# Optional: List allowed principal domains and/or users. If an authenticated user's domain is not in this list,
|
|
||||||
# the authentication request will be rejected.
|
|
||||||
allowed_domains:
|
|
||||||
- example.com
|
|
||||||
# Optional. Note that groups from Keycloak have a leading '/'.
|
|
||||||
allowed_groups:
|
|
||||||
- /headscale
|
|
||||||
# Optional.
|
|
||||||
allowed_users:
|
|
||||||
- alice@example.com
|
|
||||||
|
|
||||||
# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
|
|
||||||
# This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
|
|
||||||
# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
|
|
||||||
# user: `first-name.last-name.example.com`
|
|
||||||
strip_email_domain: true
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Azure AD example
|
## Azure AD example
|
||||||
|
@ -171,4 +197,4 @@ oidc:
|
||||||
scope: ["openid", "profile", "email"]
|
scope: ["openid", "profile", "email"]
|
||||||
```
|
```
|
||||||
|
|
||||||
You can also use `allowed_domains` and `allowed_users` to restrict the users who can authenticate.
|
You can also use `allowed.domains` and `allowed.users` to restrict the users who can authenticate.
|
||||||
|
|
|
@ -9,6 +9,7 @@ Type=simple
|
||||||
User=headscale
|
User=headscale
|
||||||
Group=headscale
|
Group=headscale
|
||||||
ExecStart=/usr/bin/headscale serve
|
ExecStart=/usr/bin/headscale serve
|
||||||
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|
||||||
|
|
|
@ -1,362 +0,0 @@
|
||||||
# ACLs
|
|
||||||
|
|
||||||
A key component of tailscale is the notion of Tailnet. This notion is hidden
|
|
||||||
but the implications that it have on how to use tailscale are not.
|
|
||||||
|
|
||||||
For tailscale an [tailnet](https://tailscale.com/kb/1136/tailnet/) is the
|
|
||||||
following:
|
|
||||||
|
|
||||||
> For personal users, you are a tailnet of many devices and one person. Each
|
|
||||||
> device gets a private Tailscale IP address in the CGNAT range and every
|
|
||||||
> device can talk directly to every other device, wherever they are on the
|
|
||||||
> internet.
|
|
||||||
>
|
|
||||||
> For businesses and organizations, a tailnet is many devices and many users.
|
|
||||||
> It can be based on your Microsoft Active Directory, your Google Workspace, a
|
|
||||||
> GitHub organization, Okta tenancy, or other identity provider namespace. All
|
|
||||||
> of the devices and users in your tailnet can be seen by the tailnet
|
|
||||||
> administrators in the Tailscale admin console. There you can apply
|
|
||||||
> tailnet-wide configuration, such as ACLs that affect visibility of devices
|
|
||||||
> inside your tailnet, DNS settings, and more.
|
|
||||||
|
|
||||||
## Current implementation and issues
|
|
||||||
|
|
||||||
Currently in headscale, the namespaces are used both as tailnet and users. The
|
|
||||||
issue is that if we want to use the ACL's we can't use both at the same time.
|
|
||||||
|
|
||||||
Tailnet's cannot communicate with each others. So we can't have an ACL that
|
|
||||||
authorize tailnet (namespace) A to talk to tailnet (namespace) B.
|
|
||||||
|
|
||||||
We also can't write ACLs based on the users (namespaces in headscale) since all
|
|
||||||
devices belong to the same user.
|
|
||||||
|
|
||||||
With the current implementation the only ACL that we can user is to associate
|
|
||||||
each headscale IP to a host manually then write the ACLs according to this
|
|
||||||
manual mapping.
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"hosts": {
|
|
||||||
"host1": "100.64.0.1",
|
|
||||||
"server": "100.64.0.2"
|
|
||||||
},
|
|
||||||
"acls": [
|
|
||||||
{ "action": "accept", "users": ["host1"], "ports": ["host2:80,443"] }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
While this works, it requires a lot of manual editing on the configuration and
|
|
||||||
to keep track of all devices IP address.
|
|
||||||
|
|
||||||
## Proposition for a next implementation
|
|
||||||
|
|
||||||
In order to ease the use of ACL's we need to split the tailnet and users
|
|
||||||
notion.
|
|
||||||
|
|
||||||
A solution could be to consider a headscale server (in it's entirety) as a
|
|
||||||
tailnet.
|
|
||||||
|
|
||||||
For personal users the default behavior could either allow all communications
|
|
||||||
between all namespaces (like tailscale) or dissallow all communications between
|
|
||||||
namespaces (current behavior).
|
|
||||||
|
|
||||||
For businesses and organisations, viewing a headscale instance a single tailnet
|
|
||||||
would allow users (namespace) to talk to each other with the ACLs. As described
|
|
||||||
in tailscale's documentation [[1]], a server should be tagged and personnal
|
|
||||||
devices should be tied to a user. Translated in headscale's terms each user can
|
|
||||||
have multiple devices and all those devices should be in the same namespace.
|
|
||||||
The servers should be tagged and used as such.
|
|
||||||
|
|
||||||
This implementation would render useless the sharing feature that is currently
|
|
||||||
implemented since an ACL could do the same. Simplifying to only one user
|
|
||||||
interface to do one thing is easier and less confusing for the users.
|
|
||||||
|
|
||||||
To better suit the ACLs in this proposition, it's advised to consider that each
|
|
||||||
namespaces belong to one person. This person can have multiple devices, they
|
|
||||||
will all be considered as the same user in the ACLs. OIDC feature wouldn't need
|
|
||||||
to map people to namespace, just create a namespace if the person isn't
|
|
||||||
registered yet.
|
|
||||||
|
|
||||||
As a sidenote, users would like to write ACLs as YAML. We should offer users
|
|
||||||
the ability to rules in either format (HuJSON or YAML).
|
|
||||||
|
|
||||||
[1]: https://tailscale.com/kb/1068/acl-tags/
|
|
||||||
|
|
||||||
## Example
|
|
||||||
|
|
||||||
Let's build an example use case for a small business (It may be the place where
|
|
||||||
ACL's are the most useful).
|
|
||||||
|
|
||||||
We have a small company with a boss, an admin, two developper and an intern.
|
|
||||||
|
|
||||||
The boss should have access to all servers but not to the users hosts. Admin
|
|
||||||
should also have access to all hosts except that their permissions should be
|
|
||||||
limited to maintaining the hosts (for example purposes). The developers can do
|
|
||||||
anything they want on dev hosts, but only watch on productions hosts. Intern
|
|
||||||
can only interact with the development servers.
|
|
||||||
|
|
||||||
Each user have at least a device connected to the network and we have some
|
|
||||||
servers.
|
|
||||||
|
|
||||||
- database.prod
|
|
||||||
- database.dev
|
|
||||||
- app-server1.prod
|
|
||||||
- app-server1.dev
|
|
||||||
- billing.internal
|
|
||||||
|
|
||||||
### Current headscale implementation
|
|
||||||
|
|
||||||
Let's create some namespaces
|
|
||||||
|
|
||||||
```bash
|
|
||||||
headscale namespaces create prod
|
|
||||||
headscale namespaces create dev
|
|
||||||
headscale namespaces create internal
|
|
||||||
headscale namespaces create users
|
|
||||||
|
|
||||||
headscale nodes register -n users boss-computer
|
|
||||||
headscale nodes register -n users admin1-computer
|
|
||||||
headscale nodes register -n users dev1-computer
|
|
||||||
headscale nodes register -n users dev1-phone
|
|
||||||
headscale nodes register -n users dev2-computer
|
|
||||||
headscale nodes register -n users intern1-computer
|
|
||||||
|
|
||||||
headscale nodes register -n prod database
|
|
||||||
headscale nodes register -n prod app-server1
|
|
||||||
|
|
||||||
headscale nodes register -n dev database
|
|
||||||
headscale nodes register -n dev app-server1
|
|
||||||
|
|
||||||
headscale nodes register -n internal billing
|
|
||||||
|
|
||||||
headscale nodes list
|
|
||||||
ID | Name | Namespace | IP address
|
|
||||||
1 | boss-computer | users | 100.64.0.1
|
|
||||||
2 | admin1-computer | users | 100.64.0.2
|
|
||||||
3 | dev1-computer | users | 100.64.0.3
|
|
||||||
4 | dev1-phone | users | 100.64.0.4
|
|
||||||
5 | dev2-computer | users | 100.64.0.5
|
|
||||||
6 | intern1-computer | users | 100.64.0.6
|
|
||||||
7 | database | prod | 100.64.0.7
|
|
||||||
8 | app-server1 | prod | 100.64.0.8
|
|
||||||
9 | database | dev | 100.64.0.9
|
|
||||||
10 | app-server1 | dev | 100.64.0.10
|
|
||||||
11 | internal | internal | 100.64.0.11
|
|
||||||
```
|
|
||||||
|
|
||||||
In order to only allow the communications related to our description above we
|
|
||||||
need to add the following ACLs
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
"hosts": {
|
|
||||||
"boss-computer": "100.64.0.1",
|
|
||||||
"admin1-computer": "100.64.0.2",
|
|
||||||
"dev1-computer": "100.64.0.3",
|
|
||||||
"dev1-phone": "100.64.0.4",
|
|
||||||
"dev2-computer": "100.64.0.5",
|
|
||||||
"intern1-computer": "100.64.0.6",
|
|
||||||
"prod-app-server1": "100.64.0.8"
|
|
||||||
},
|
|
||||||
"groups": {
|
|
||||||
"group:dev": ["dev1-computer", "dev1-phone", "dev2-computer"],
|
|
||||||
"group:admin": ["admin1-computer"],
|
|
||||||
"group:boss": ["boss-computer"],
|
|
||||||
"group:intern": ["intern1-computer"]
|
|
||||||
},
|
|
||||||
"acls": [
|
|
||||||
// boss have access to all servers but no users hosts
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["group:boss"],
|
|
||||||
"ports": ["prod:*", "dev:*", "internal:*"]
|
|
||||||
},
|
|
||||||
|
|
||||||
// admin have access to adminstration port (lets only consider port 22 here)
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["group:admin"],
|
|
||||||
"ports": ["prod:22", "dev:22", "internal:22"]
|
|
||||||
},
|
|
||||||
|
|
||||||
// dev can do anything on dev servers and check access on prod servers
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["group:dev"],
|
|
||||||
"ports": ["dev:*", "prod-app-server1:80,443"]
|
|
||||||
},
|
|
||||||
|
|
||||||
// interns only have access to port 80 and 443 on dev servers (lame internship)
|
|
||||||
{ "action": "accept", "users": ["group:intern"], "ports": ["dev:80,443"] },
|
|
||||||
|
|
||||||
// users can access their own devices
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["dev1-computer"],
|
|
||||||
"ports": ["dev1-phone:*"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["dev1-phone"],
|
|
||||||
"ports": ["dev1-computer:*"]
|
|
||||||
},
|
|
||||||
|
|
||||||
// internal namespace communications should still be allowed within the namespace
|
|
||||||
{ "action": "accept", "users": ["dev"], "ports": ["dev:*"] },
|
|
||||||
{ "action": "accept", "users": ["prod"], "ports": ["prod:*"] },
|
|
||||||
{ "action": "accept", "users": ["internal"], "ports": ["internal:*"] }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Since communications between namespace isn't possible we also have to share the
|
|
||||||
devices between the namespaces.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
|
|
||||||
// add boss host to prod, dev and internal network
|
|
||||||
headscale nodes share -i 1 -n prod
|
|
||||||
headscale nodes share -i 1 -n dev
|
|
||||||
headscale nodes share -i 1 -n internal
|
|
||||||
|
|
||||||
// add admin computer to prod, dev and internal network
|
|
||||||
headscale nodes share -i 2 -n prod
|
|
||||||
headscale nodes share -i 2 -n dev
|
|
||||||
headscale nodes share -i 2 -n internal
|
|
||||||
|
|
||||||
// add all dev to prod and dev network
|
|
||||||
headscale nodes share -i 3 -n dev
|
|
||||||
headscale nodes share -i 4 -n dev
|
|
||||||
headscale nodes share -i 3 -n prod
|
|
||||||
headscale nodes share -i 4 -n prod
|
|
||||||
headscale nodes share -i 5 -n dev
|
|
||||||
headscale nodes share -i 5 -n prod
|
|
||||||
|
|
||||||
headscale nodes share -i 6 -n dev
|
|
||||||
```
|
|
||||||
|
|
||||||
This fake network have not been tested but it should work. Operating it could
|
|
||||||
be quite tedious if the company grows. Each time a new user join we have to add
|
|
||||||
it to a group, and share it to the correct namespaces. If the user want
|
|
||||||
multiple devices we have to allow communication to each of them one by one. If
|
|
||||||
business conduct a change in the organisations we may have to rewrite all acls
|
|
||||||
and reorganise all namespaces.
|
|
||||||
|
|
||||||
If we add servers in production we should also update the ACLs to allow dev
|
|
||||||
access to certain category of them (only app servers for example).
|
|
||||||
|
|
||||||
### example based on the proposition in this document
|
|
||||||
|
|
||||||
Let's create the namespaces
|
|
||||||
|
|
||||||
```bash
|
|
||||||
headscale namespaces create boss
|
|
||||||
headscale namespaces create admin1
|
|
||||||
headscale namespaces create dev1
|
|
||||||
headscale namespaces create dev2
|
|
||||||
headscale namespaces create intern1
|
|
||||||
```
|
|
||||||
|
|
||||||
We don't need to create namespaces for the servers because the servers will be
|
|
||||||
tagged. When registering the servers we will need to add the flag
|
|
||||||
`--advertised-tags=tag:<tag1>,tag:<tag2>`, and the user (namespace) that is
|
|
||||||
registering the server should be allowed to do it. Since anyone can add tags to
|
|
||||||
a server they can register, the check of the tags is done on headscale server
|
|
||||||
and only valid tags are applied. A tag is valid if the namespace that is
|
|
||||||
registering it is allowed to do it.
|
|
||||||
|
|
||||||
Here are the ACL's to implement the same permissions as above:
|
|
||||||
|
|
||||||
```json
|
|
||||||
{
|
|
||||||
// groups are simpler and only list the namespaces name
|
|
||||||
"groups": {
|
|
||||||
"group:boss": ["boss"],
|
|
||||||
"group:dev": ["dev1", "dev2"],
|
|
||||||
"group:admin": ["admin1"],
|
|
||||||
"group:intern": ["intern1"]
|
|
||||||
},
|
|
||||||
"tagOwners": {
|
|
||||||
// the administrators can add servers in production
|
|
||||||
"tag:prod-databases": ["group:admin"],
|
|
||||||
"tag:prod-app-servers": ["group:admin"],
|
|
||||||
|
|
||||||
// the boss can tag any server as internal
|
|
||||||
"tag:internal": ["group:boss"],
|
|
||||||
|
|
||||||
// dev can add servers for dev purposes as well as admins
|
|
||||||
"tag:dev-databases": ["group:admin", "group:dev"],
|
|
||||||
"tag:dev-app-servers": ["group:admin", "group:dev"]
|
|
||||||
|
|
||||||
// interns cannot add servers
|
|
||||||
},
|
|
||||||
"acls": [
|
|
||||||
// boss have access to all servers
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["group:boss"],
|
|
||||||
"ports": [
|
|
||||||
"tag:prod-databases:*",
|
|
||||||
"tag:prod-app-servers:*",
|
|
||||||
"tag:internal:*",
|
|
||||||
"tag:dev-databases:*",
|
|
||||||
"tag:dev-app-servers:*"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
// admin have only access to administrative ports of the servers
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["group:admin"],
|
|
||||||
"ports": [
|
|
||||||
"tag:prod-databases:22",
|
|
||||||
"tag:prod-app-servers:22",
|
|
||||||
"tag:internal:22",
|
|
||||||
"tag:dev-databases:22",
|
|
||||||
"tag:dev-app-servers:22"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["group:dev"],
|
|
||||||
"ports": [
|
|
||||||
"tag:dev-databases:*",
|
|
||||||
"tag:dev-app-servers:*",
|
|
||||||
"tag:prod-app-servers:80,443"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
|
|
||||||
// servers should be able to talk to database. Database should not be able to initiate connections to server
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["tag:dev-app-servers"],
|
|
||||||
"ports": ["tag:dev-databases:5432"]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["tag:prod-app-servers"],
|
|
||||||
"ports": ["tag:prod-databases:5432"]
|
|
||||||
},
|
|
||||||
|
|
||||||
// interns have access to dev-app-servers only in reading mode
|
|
||||||
{
|
|
||||||
"action": "accept",
|
|
||||||
"users": ["group:intern"],
|
|
||||||
"ports": ["tag:dev-app-servers:80,443"]
|
|
||||||
},
|
|
||||||
|
|
||||||
// we still have to allow internal namespaces communications since nothing guarantees that each user have their own namespaces. This could be talked over.
|
|
||||||
{ "action": "accept", "users": ["boss"], "ports": ["boss:*"] },
|
|
||||||
{ "action": "accept", "users": ["dev1"], "ports": ["dev1:*"] },
|
|
||||||
{ "action": "accept", "users": ["dev2"], "ports": ["dev2:*"] },
|
|
||||||
{ "action": "accept", "users": ["admin1"], "ports": ["admin1:*"] },
|
|
||||||
{ "action": "accept", "users": ["intern1"], "ports": ["intern1:*"] }
|
|
||||||
]
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
With this implementation, the sharing step is not necessary. Maintenance cost
|
|
||||||
of the ACL file is lower and less tedious (no need to map hostname and IP's
|
|
||||||
into it).
|
|
|
@ -1,48 +0,0 @@
|
||||||
# Better route management
|
|
||||||
|
|
||||||
As of today, route management in Headscale is very basic and does not allow for much flexibility, including implementing subnet HA, 4via6 or more advanced features. We also have a number of bugs (e.g., routes exposed by ephemeral nodes)
|
|
||||||
|
|
||||||
This proposal aims to improve the route management.
|
|
||||||
|
|
||||||
## Current situation
|
|
||||||
|
|
||||||
Routes advertised by the nodes are read from the Hostinfo struct. If approved from the the CLI or via autoApprovers, the route is added to the EnabledRoutes field in `Machine`.
|
|
||||||
|
|
||||||
This means that the advertised routes are not persisted in the database, as Hostinfo is always replaced. In the same way, EnabledRoutes can get out of sync with the actual routes in the node.
|
|
||||||
|
|
||||||
In case of colliding routes (i.e., subnets that are exposed from multiple nodes), we are currently just sending all of them in `PrimaryRoutes`... and hope for the best. (`PrimaryRoutes` is the field in `Node` used for subnet failover).
|
|
||||||
|
|
||||||
## Proposal
|
|
||||||
|
|
||||||
The core part is to create a new `Route` struct (and DB table), with the following fields:
|
|
||||||
|
|
||||||
```go
|
|
||||||
type Route struct {
|
|
||||||
ID uint64 `gorm:"primary_key"`
|
|
||||||
|
|
||||||
Machine *Machine
|
|
||||||
Prefix IPPrefix
|
|
||||||
|
|
||||||
Advertised bool
|
|
||||||
Enabled bool
|
|
||||||
IsPrimary bool
|
|
||||||
|
|
||||||
|
|
||||||
CreatedAt *time.Time
|
|
||||||
UpdatedAt *time.Time
|
|
||||||
DeletedAt *time.Time
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
- The `Advertised` field is set to true if the route is being advertised by the node. It is set to false if the route is removed. This way we can indicate if a later enabled route has stopped being advertised. A similar behaviour happens in the Tailscale.com control panel.
|
|
||||||
|
|
||||||
- The `Enabled` field is set to true if the route is enabled - via CLI or autoApprovers.
|
|
||||||
|
|
||||||
- `IsPrimary` indicates if Headscale has selected this route as the primary route for that particular subnet. This allows us to implement subnet failover. This would be fully automatic if there is more than subnet routers advertising the same network - which is the behaviour of Tailscale.com.
|
|
||||||
|
|
||||||
## Stuff to bear in mind
|
|
||||||
|
|
||||||
- We need to make sure to migrate the current `EnabledRoutes` of `Machine` into the new table.
|
|
||||||
- When a node stops sharing a subnet, I reckon we should mark it both as not `Advertised` and not `Enabled`. Users should re-enable it if the node advertises it again.
|
|
||||||
- If only one subnet router is advertising a subnet, we should mark it as primary.
|
|
||||||
- Regarding subnet failover, the current behaviour of Tailscale.com is to perform the failover after 15 seconds from the node disconnecting from their control panel. I reckon we cannot do the same currently. Our maximum granularity is the keep alive period.
|
|
|
@ -1,13 +1,13 @@
|
||||||
# Controlling `headscale` with remote CLI
|
# Controlling `headscale` with remote CLI
|
||||||
|
|
||||||
## Prerequisit
|
## Prerequisite
|
||||||
|
|
||||||
- A workstation to run `headscale` (could be Linux, macOS, other supported platforms)
|
- A workstation to run `headscale` (could be Linux, macOS, other supported platforms)
|
||||||
- A `headscale` server (version `0.13.0` or newer)
|
- A `headscale` server (version `0.13.0` or newer)
|
||||||
- Access to create API keys (local access to the `headscale` server)
|
- Access to create API keys (local access to the `headscale` server)
|
||||||
- `headscale` _must_ be served over TLS/HTTPS
|
- `headscale` _must_ be served over TLS/HTTPS
|
||||||
- Remote access does _not_ support unencrypted traffic.
|
- Remote access does _not_ support unencrypted traffic.
|
||||||
- Port `50443` must be open in the firewall (or port overriden by `grpc_listen_addr` option)
|
- Port `50443` must be open in the firewall (or port overridden by `grpc_listen_addr` option)
|
||||||
|
|
||||||
## Goal
|
## Goal
|
||||||
|
|
||||||
|
@ -47,40 +47,40 @@ headscale apikeys expire --prefix "<PREFIX>"
|
||||||
|
|
||||||
3. Make `headscale` executable:
|
3. Make `headscale` executable:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
chmod +x /usr/local/bin/headscale
|
chmod +x /usr/local/bin/headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Configure the CLI through Environment Variables
|
4. Configure the CLI through environment variables
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
export HEADSCALE_CLI_ADDRESS="<HEADSCALE ADDRESS>:<PORT>"
|
export HEADSCALE_CLI_ADDRESS="<HEADSCALE ADDRESS>:<PORT>"
|
||||||
export HEADSCALE_CLI_API_KEY="<API KEY FROM PREVIOUS STAGE>"
|
export HEADSCALE_CLI_API_KEY="<API KEY FROM PREVIOUS STAGE>"
|
||||||
```
|
```
|
||||||
|
|
||||||
for example:
|
for example:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
export HEADSCALE_CLI_ADDRESS="headscale.example.com:50443"
|
export HEADSCALE_CLI_ADDRESS="headscale.example.com:50443"
|
||||||
export HEADSCALE_CLI_API_KEY="abcde12345"
|
export HEADSCALE_CLI_API_KEY="abcde12345"
|
||||||
```
|
```
|
||||||
|
|
||||||
This will tell the `headscale` binary to connect to a remote instance, instead of looking
|
This will tell the `headscale` binary to connect to a remote instance, instead of looking
|
||||||
for a local instance (which is what it does on the server).
|
for a local instance (which is what it does on the server).
|
||||||
|
|
||||||
The API key is needed to make sure that your are allowed to access the server. The key is _not_
|
The API key is needed to make sure that you are allowed to access the server. The key is _not_
|
||||||
needed when running directly on the server, as the connection is local.
|
needed when running directly on the server, as the connection is local.
|
||||||
|
|
||||||
5. Test the connection
|
5. Test the connection
|
||||||
|
|
||||||
Let us run the headscale command to verify that we can connect by listing our nodes:
|
Let us run the headscale command to verify that we can connect by listing our nodes:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
headscale nodes list
|
headscale nodes list
|
||||||
```
|
```
|
||||||
|
|
||||||
You should now be able to see a list of your nodes from your workstation, and you can
|
You should now be able to see a list of your nodes from your workstation, and you can
|
||||||
now control the `headscale` server from your workstation.
|
now control the `headscale` server from your workstation.
|
||||||
|
|
||||||
## Behind a proxy
|
## Behind a proxy
|
||||||
|
|
||||||
|
@ -97,4 +97,4 @@ Checklist:
|
||||||
- Make sure you use version `0.13.0` or newer.
|
- Make sure you use version `0.13.0` or newer.
|
||||||
- Verify that your TLS certificate is valid and trusted
|
- Verify that your TLS certificate is valid and trusted
|
||||||
- If you do not have access to a trusted certificate (e.g. from Let's Encrypt), add your self signed certificate to the trust store of your OS or
|
- If you do not have access to a trusted certificate (e.g. from Let's Encrypt), add your self signed certificate to the trust store of your OS or
|
||||||
- Set `HEADSCALE_CLI_INSECURE` to 0 in your environement
|
- Set `HEADSCALE_CLI_INSECURE` to 0 in your environment
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
cairosvg~=2.7.1
|
cairosvg~=2.7.1
|
||||||
mkdocs-material~=9.4.14
|
mkdocs-material~=9.5.18
|
||||||
mkdocs-minify-plugin~=0.7.1
|
mkdocs-minify-plugin~=0.7.1
|
||||||
pillow~=10.1.0
|
pillow~=10.1.0
|
||||||
|
|
||||||
|
|
|
@ -11,9 +11,13 @@ Running headscale behind a reverse proxy is useful when running multiple applica
|
||||||
|
|
||||||
### WebSockets
|
### WebSockets
|
||||||
|
|
||||||
The reverse proxy MUST be configured to support WebSockets, as it is needed for clients running Tailscale v1.30+.
|
The reverse proxy MUST be configured to support WebSockets to communicate with Tailscale clients.
|
||||||
|
|
||||||
WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
|
WebSockets support is also required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
|
||||||
|
|
||||||
|
### Cloudflare
|
||||||
|
|
||||||
|
Running headscale behind a cloudflare proxy or cloudflare tunnel is not supported and will not work as Cloudflare does not support WebSocket POSTs as required by the Tailscale protocol. See [this issue](https://github.com/juanfont/headscale/issues/1468)
|
||||||
|
|
||||||
### TLS
|
### TLS
|
||||||
|
|
||||||
|
@ -33,8 +37,7 @@ The following example configuration can be used in your nginx setup, substitutin
|
||||||
|
|
||||||
```Nginx
|
```Nginx
|
||||||
map $http_upgrade $connection_upgrade {
|
map $http_upgrade $connection_upgrade {
|
||||||
default keep-alive;
|
default upgrade;
|
||||||
'websocket' upgrade;
|
|
||||||
'' close;
|
'' close;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -61,7 +64,7 @@ server {
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -77,7 +80,7 @@ Sending local reply with details upgrade_failed
|
||||||
|
|
||||||
### Envoy
|
### Envoy
|
||||||
|
|
||||||
You need add a new upgrade_type named `tailscale-control-protocol`. [see detail](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-upgradeconfig)
|
You need to add a new upgrade_type named `tailscale-control-protocol`. [see details](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-upgradeconfig)
|
||||||
|
|
||||||
### Istio
|
### Istio
|
||||||
|
|
||||||
|
@ -116,7 +119,7 @@ The following Caddyfile is all that is necessary to use Caddy as a reverse proxy
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Caddy v2 will [automatically](https://caddyserver.com/docs/automatic-https) provision a certficate for your domain/subdomain, force HTTPS, and proxy websockets - no further configuration is necessary.
|
Caddy v2 will [automatically](https://caddyserver.com/docs/automatic-https) provision a certificate for your domain/subdomain, force HTTPS, and proxy websockets - no further configuration is necessary.
|
||||||
|
|
||||||
For a slightly more complex configuration which utilizes Docker containers to manage Caddy, Headscale, and Headscale-UI, [Guru Computing's guide](https://blog.gurucomputing.com.au/smart-vpns-with-headscale/) is an excellent reference.
|
For a slightly more complex configuration which utilizes Docker containers to manage Caddy, Headscale, and Headscale-UI, [Guru Computing's guide](https://blog.gurucomputing.com.au/smart-vpns-with-headscale/) is an excellent reference.
|
||||||
|
|
||||||
|
|
|
@ -17,100 +17,93 @@ not work with alternatives like [Podman](https://podman.io). The Docker image ca
|
||||||
|
|
||||||
1. Prepare a directory on the host Docker node in your directory of choice, used to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
1. Prepare a directory on the host Docker node in your directory of choice, used to hold `headscale` configuration and the [SQLite](https://www.sqlite.org/) database:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
mkdir -p ./headscale/config
|
mkdir -p ./headscale/config
|
||||||
cd ./headscale
|
cd ./headscale
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Create an empty SQlite datebase in the headscale directory:
|
1. **(Strongly Recommended)** Download a copy of the [example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
||||||
|
|
||||||
```shell
|
- Using `wget`:
|
||||||
touch ./config/db.sqlite
|
|
||||||
```
|
|
||||||
|
|
||||||
3. **(Strongly Recommended)** Download a copy of the [example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) from the headscale repository.
|
```shell
|
||||||
|
wget -O ./config/config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
|
||||||
|
```
|
||||||
|
|
||||||
Using wget:
|
- Using `curl`:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
wget -O ./config/config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
|
curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o ./config/config.yaml
|
||||||
```
|
```
|
||||||
|
|
||||||
Using curl:
|
Modify the config file to your preferences before launching Docker container.
|
||||||
|
|
||||||
```shell
|
Alternatively, you can mount `/var/lib` and `/var/run` from your host system by adding
|
||||||
curl https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml -o ./config/config.yaml
|
`--volume $(pwd)/lib:/var/lib/headscale` and `--volume $(pwd)/run:/var/run/headscale`
|
||||||
```
|
in the next step.
|
||||||
|
|
||||||
**(Advanced)** If you would like to hand craft a config file **instead** of downloading the example config file, create a blank `headscale` configuration in the headscale directory to edit:
|
1. Start the headscale server while working in the host headscale directory:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
touch ./config/config.yaml
|
docker run \
|
||||||
```
|
--name headscale \
|
||||||
|
--detach \
|
||||||
|
--volume $(pwd)/config:/etc/headscale/ \
|
||||||
|
--publish 127.0.0.1:8080:8080 \
|
||||||
|
--publish 127.0.0.1:9090:9090 \
|
||||||
|
headscale/headscale:<VERSION> \
|
||||||
|
serve
|
||||||
|
```
|
||||||
|
|
||||||
Modify the config file to your preferences before launching Docker container.
|
Note: use `0.0.0.0:8080:8080` instead of `127.0.0.1:8080:8080` if you want to expose the container externally.
|
||||||
Here are some settings that you likely want:
|
|
||||||
|
|
||||||
```yaml
|
This command will mount `config/` under `/etc/headscale`, forward port 8080 out of the container so the
|
||||||
# Change to your hostname or host IP
|
`headscale` instance becomes available and then detach so headscale runs in the background.
|
||||||
server_url: http://your-host-name:8080
|
|
||||||
# Listen to 0.0.0.0 so it's accessible outside the container
|
|
||||||
metrics_listen_addr: 0.0.0.0:9090
|
|
||||||
# The default /var/lib/headscale path is not writable in the container
|
|
||||||
private_key_path: /etc/headscale/private.key
|
|
||||||
# The default /var/lib/headscale path is not writable in the container
|
|
||||||
noise:
|
|
||||||
private_key_path: /etc/headscale/noise_private.key
|
|
||||||
# The default /var/lib/headscale path is not writable in the container
|
|
||||||
db_type: sqlite3
|
|
||||||
db_path: /etc/headscale/db.sqlite
|
|
||||||
```
|
|
||||||
|
|
||||||
4. Start the headscale server while working in the host headscale directory:
|
Example `docker-compose.yaml`
|
||||||
|
|
||||||
```shell
|
```yaml
|
||||||
docker run \
|
version: "3.7"
|
||||||
--name headscale \
|
|
||||||
--detach \
|
|
||||||
--volume $(pwd)/config:/etc/headscale/ \
|
|
||||||
--publish 127.0.0.1:8080:8080 \
|
|
||||||
--publish 127.0.0.1:9090:9090 \
|
|
||||||
headscale/headscale:<VERSION> \
|
|
||||||
headscale serve
|
|
||||||
|
|
||||||
```
|
services:
|
||||||
|
headscale:
|
||||||
|
image: headscale/headscale:<VERSION>
|
||||||
|
restart: unless-stopped
|
||||||
|
container_name: headscale
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:8080:8080"
|
||||||
|
- "127.0.0.1:9090:9090"
|
||||||
|
volumes:
|
||||||
|
# Please change <CONFIG_PATH> to the fullpath of the config folder just created
|
||||||
|
- <CONFIG_PATH>:/etc/headscale
|
||||||
|
command: serve
|
||||||
|
```
|
||||||
|
|
||||||
Note: use `0.0.0.0:8080:8080` instead of `127.0.0.1:8080:8080` if you want to expose the container externally.
|
1. Verify `headscale` is running:
|
||||||
|
Follow the container logs:
|
||||||
|
|
||||||
This command will mount `config/` under `/etc/headscale`, forward port 8080 out of the container so the
|
```shell
|
||||||
`headscale` instance becomes available and then detach so headscale runs in the background.
|
docker logs --follow headscale
|
||||||
|
```
|
||||||
|
|
||||||
5. Verify `headscale` is running:
|
Verify running containers:
|
||||||
|
|
||||||
Follow the container logs:
|
```shell
|
||||||
|
docker ps
|
||||||
|
```
|
||||||
|
|
||||||
```shell
|
Verify `headscale` is available:
|
||||||
docker logs --follow headscale
|
|
||||||
```
|
|
||||||
|
|
||||||
Verify running containers:
|
```shell
|
||||||
|
curl http://127.0.0.1:9090/metrics
|
||||||
|
```
|
||||||
|
|
||||||
```shell
|
1. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
||||||
docker ps
|
|
||||||
```
|
|
||||||
|
|
||||||
Verify `headscale` is available:
|
```shell
|
||||||
|
docker exec headscale \
|
||||||
```shell
|
headscale users create myfirstuser
|
||||||
curl http://127.0.0.1:9090/metrics
|
```
|
||||||
```
|
|
||||||
|
|
||||||
6. Create a user ([tailnet](https://tailscale.com/kb/1136/tailnet/)):
|
|
||||||
|
|
||||||
```shell
|
|
||||||
docker exec headscale \
|
|
||||||
headscale users create myfirstuser
|
|
||||||
```
|
|
||||||
|
|
||||||
### Register a machine (normal login)
|
### Register a machine (normal login)
|
||||||
|
|
||||||
|
@ -124,7 +117,7 @@ To register a machine when running `headscale` in a container, take the headscal
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker exec headscale \
|
docker exec headscale \
|
||||||
headscale --user myfirstuser nodes register --key <YOU_+MACHINE_KEY>
|
headscale nodes register --user myfirstuser --key <YOUR_MACHINE_KEY>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Register machine using a pre authenticated key
|
### Register machine using a pre authenticated key
|
||||||
|
@ -133,7 +126,7 @@ Generate a key using the command line:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
docker exec headscale \
|
docker exec headscale \
|
||||||
headscale --user myfirstuser preauthkeys create --reusable --expiration 24h
|
headscale preauthkeys create --user myfirstuser --reusable --expiration 24h
|
||||||
```
|
```
|
||||||
|
|
||||||
This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:
|
This will return a pre-authenticated key that can be used to connect a node to `headscale` during the `tailscale` command:
|
||||||
|
@ -152,7 +145,7 @@ To run the debug Docker container, use the exact same commands as above, but rep
|
||||||
|
|
||||||
### Executing commands in the debug container
|
### Executing commands in the debug container
|
||||||
|
|
||||||
The default command in the debug container is to run `headscale`, which is located at `/bin/headscale` inside the container.
|
The default command in the debug container is to run `headscale`, which is located at `/ko-app/headscale` inside the container.
|
||||||
|
|
||||||
Additionally, the debug container includes a minimalist Busybox shell.
|
Additionally, the debug container includes a minimalist Busybox shell.
|
||||||
|
|
||||||
|
@ -162,10 +155,10 @@ To launch a shell in the container, use:
|
||||||
docker run -it headscale/headscale:x.x.x-debug sh
|
docker run -it headscale/headscale:x.x.x-debug sh
|
||||||
```
|
```
|
||||||
|
|
||||||
You can also execute commands directly, such as `ls /bin` in this example:
|
You can also execute commands directly, such as `ls /ko-app` in this example:
|
||||||
|
|
||||||
```
|
```
|
||||||
docker run headscale/headscale:x.x.x-debug ls /bin
|
docker run headscale/headscale:x.x.x-debug ls /ko-app
|
||||||
```
|
```
|
||||||
|
|
||||||
Using `docker exec` allows you to run commands in an existing container.
|
Using `docker exec` allows you to run commands in an existing container.
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue