Documentation ¶
Overview ¶
nolint
Index ¶
- Constants
- Variables
- func AbsolutePathFromConfigPath(path string) string
- func CheckForFQDNRules(name string) error
- func DiscoPublicKeyEnsurePrefix(discoKey string) string
- func DiscoPublicKeyStripPrefix(discoKey key.DiscoPublic) string
- func GenerateRandomBytes(n int) ([]byte, error)
- func GenerateRandomStringDNSSafe(size int) (string, error)
- func GenerateRandomStringURLSafe(n int) (string, error)
- func GetDERPMap(cfg DERPConfig) *tailcfg.DERPMap
- func GetDNSConfig() (*tailcfg.DNSConfig, string)
- func GetFileMode(key string) fs.FileMode
- func GetIPPrefixEndpoints(na netip.Prefix) (netip.Addr, netip.Addr)
- func GrpcSocketDialer(ctx context.Context, addr string) (net.Conn, error)
- func IsCLIConfigured() bool
- func IsStringInSlice(slice []string, str string) bool
- func LoadConfig(path string, isFile bool) error
- func MachinePublicKeyEnsurePrefix(machineKey string) string
- func MachinePublicKeyStripPrefix(machineKey key.MachinePublic) string
- func NodePublicKeyEnsurePrefix(nodeKey string) string
- func NodePublicKeyStripPrefix(nodeKey key.NodePublic) string
- func NormalizeToFQDNRules(name string, stripEmailDomain bool) (string, error)
- func PrivateKeyEnsurePrefix(privateKey string) string
- func SwaggerAPIv1(writer http.ResponseWriter, req *http.Request)
- func SwaggerUI(writer http.ResponseWriter, req *http.Request)
- type ACL
- type ACLConfig
- type ACLPolicy
- type ACLTest
- type APIKey
- type AppleMobileConfig
- type AppleMobilePlatformConfig
- type AutoApprovers
- type CLIConfig
- type Config
- type DERPConfig
- type DERPServer
- type Error
- type Groups
- type Headscale
- func (h *Headscale) AppleConfigMessage(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) ApplePlatformConfig(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) CreateAPIKey(expiration *time.Time) (string, *APIKey, error)
- func (h *Headscale) CreatePreAuthKey(userName string, reusable bool, ephemeral bool, expiration *time.Time, ...) (*PreAuthKey, error)
- func (h *Headscale) CreateUser(name string) (*User, error)
- func (h *Headscale) CreateUserACLPolicy(userID uint, policy ACLPolicy) (*UserACLPolicy, error)
- func (h *Headscale) DERPBootstrapDNSHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) DERPHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) DERPProbeHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) DeleteMachine(machine *Machine) error
- func (h *Headscale) DeleteMachineRoutes(m *Machine) error
- func (h *Headscale) DeleteRoute(id uint64) error
- func (h *Headscale) DestroyAPIKey(key APIKey) error
- func (h *Headscale) DestroyPreAuthKey(pak PreAuthKey) error
- func (h *Headscale) DestroyUser(name string) error
- func (h *Headscale) DestroyUserACLPolicy(userID uint) error
- func (h *Headscale) DisableRoute(id uint64) error
- func (h *Headscale) EnableAutoApprovedRoutes(machine *Machine) error
- func (h *Headscale) EnableRoute(id uint64) error
- func (h *Headscale) ExpireAPIKey(key *APIKey) error
- func (h *Headscale) ExpireMachine(machine *Machine) error
- func (h *Headscale) ExpirePreAuthKey(k *PreAuthKey) error
- func (h *Headscale) GenerateGivenName(machineKey string, suppliedName string) (string, error)
- func (h *Headscale) GetAPIKey(prefix string) (*APIKey, error)
- func (h *Headscale) GetAPIKeyByID(id uint64) (*APIKey, error)
- func (h *Headscale) GetAdvertisedRoutes(machine *Machine) ([]netip.Prefix, error)
- func (h *Headscale) GetEnabledRoutes(machine *Machine) ([]netip.Prefix, error)
- func (h *Headscale) GetMachine(user string, name string) (*Machine, error)
- func (h *Headscale) GetMachineByAnyKey(machineKey key.MachinePublic, nodeKey key.NodePublic, ...) (*Machine, error)
- func (h *Headscale) GetMachineByGivenName(user string, givenName string) (*Machine, error)
- func (h *Headscale) GetMachineByID(id uint64) (*Machine, error)
- func (h *Headscale) GetMachineByMachineKey(machineKey key.MachinePublic) (*Machine, error)
- func (h *Headscale) GetMachineByNodeKey(nodeKey key.NodePublic) (*Machine, error)
- func (h *Headscale) GetMachineRoutes(m *Machine) ([]Route, error)
- func (h *Headscale) GetPreAuthKey(user string, key string) (*PreAuthKey, error)
- func (h *Headscale) GetRoute(id uint64) (*Route, error)
- func (h *Headscale) GetRoutes() ([]Route, error)
- func (h *Headscale) GetUser(name string) (*User, error)
- func (h *Headscale) HardDeleteMachine(machine *Machine) error
- func (h *Headscale) HealthHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) IsRoutesEnabled(machine *Machine, routeStr string) bool
- func (h *Headscale) KeyHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) ListAPIKeys() ([]APIKey, error)
- func (h *Headscale) ListMachines() ([]Machine, error)
- func (h *Headscale) ListMachinesByGivenName(givenName string) ([]Machine, error)
- func (h *Headscale) ListMachinesByUser(name string) ([]Machine, error)
- func (h *Headscale) ListMachinesByUserID(userID uint) ([]Machine, error)
- func (h *Headscale) ListPeers(machine *Machine) (Machines, error)
- func (h *Headscale) ListPreAuthKeys(userName string) ([]PreAuthKey, error)
- func (h *Headscale) ListUsers() ([]User, error)
- func (h *Headscale) NewDERPServer() (*DERPServer, error)
- func (h *Headscale) NoiseUpgradeHandler(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) OIDCCallback(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) RefreshMachine(machine *Machine, expiry time.Time) error
- func (h *Headscale) RegisterMachine(machine Machine) (*Machine, error)
- func (h *Headscale) RegisterMachineFromAuthCallback(nodeKeyStr string, userName string, machineExpiry *time.Time, ...) (*Machine, error)
- func (h *Headscale) RegisterOIDC(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) RegisterWebAPI(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) RenameMachine(machine *Machine, newName string) error
- func (h *Headscale) RenameUser(oldName, newName string) error
- func (h *Headscale) Serve() error
- func (h *Headscale) ServeSTUN()
- func (h *Headscale) SetMachineUser(machine *Machine, username string) error
- func (h *Headscale) SetTags(machine *Machine, tags []string) error
- func (h *Headscale) TouchMachine(machine *Machine) error
- func (h *Headscale) UpdateMachineFromDatabase(machine *Machine) error
- func (h *Headscale) UsePreAuthKey(k *PreAuthKey) error
- func (h *Headscale) ValidateAPIKey(keyStr string) (bool, error)
- func (h *Headscale) WindowsConfigMessage(writer http.ResponseWriter, req *http.Request)
- func (h *Headscale) WindowsRegConfig(writer http.ResponseWriter, req *http.Request)
- type HostInfo
- type Hosts
- type IDTokenClaims
- type IPPrefix
- type IPPrefixes
- type KV
- type LetsEncryptConfig
- type LogConfig
- type LogTailConfig
- type Machine
- type MachineAddresses
- type Machines
- type MachinesP
- type OIDCConfig
- type PreAuthKey
- type PreAuthKeyACLTag
- type Route
- type Routes
- type SSH
- type StringList
- type TLSConfig
- type TagOwners
- type User
- type UserACLPolicy
- type WindowsRegistryConfig
Constants ¶
const ( Base8 = 8 Base10 = 10 BitSize16 = 16 BitSize32 = 32 BitSize64 = 64 )
const ( RegisterMethodAuthKey = "authkey" RegisterMethodOIDC = "oidc" RegisterMethodCLI = "cli" ErrRegisterMethodCLIDoesNotSupportExpire = Error( "machines registered with CLI does not support expire", ) )
const ( AuthPrefix = "Bearer " Postgres = "postgres" Sqlite = "sqlite3" HTTPReadTimeout = 30 * time.Second HTTPShutdownTimeout = 3 * time.Second DisabledClientAuth = "disabled" RelaxedClientAuth = "relaxed" EnforcedClientAuth = "enforced" )
const ( JSONLogFormat = "json" TextLogFormat = "text" )
const ( ErrMachineNotFound = Error("machine not found") ErrMachineRouteIsNotAvailable = Error("route is not available on machine") ErrMachineAddressesInvalid = Error("failed to parse machine addresses") ErrMachineNotFoundRegistrationCache = Error( "machine not found in registration cache", ) ErrCouldNotConvertMachineInterface = Error("failed to convert machine interface") ErrHostnameTooLong = Error("Hostname too long") ErrDifferentRegisteredUser = Error( "machine was previously registered with a different user", ) MachineGivenNameHashLength = 8 MachineGivenNameTrimSize = 2 )
const ( ErrPreAuthKeyNotFound = Error("AuthKey not found") ErrPreAuthKeyExpired = Error("AuthKey expired") ErrSingleUseAuthKeyHasBeenUsed = Error("AuthKey has already been used") ErrUserMismatch = Error("user mismatch") ErrPreAuthKeyACLTagInvalid = Error("AuthKey tag is invalid") )
const ( ErrUserExists = Error("User already exists") ErrUserNotFound = Error("User not found") ErrUserStillHasNodes = Error("User not empty: node(s) found") ErrInvalidUserName = Error("Invalid user name") )
const ( ErrCannotDecryptResponse = Error("cannot decrypt response") ErrCouldNotAllocateIP = Error("could not find any suitable IP") PermissionFallback = 0o700 ZstdCompression = "zstd" )
const (
ByteSize = 8
)
const (
ErrAPIKeyFailedToParse = Error("Failed to parse ApiKey")
)
const (
ErrCannotParsePrefix = Error("cannot parse prefix")
)
const (
ErrRouteIsNotAvailable = Error("route is not available")
)
const ( // The CapabilityVersion is used by Tailscale clients to indicate // their codebase version. Tailscale clients can communicate over TS2021 // from CapabilityVersion 28, but we only have good support for it // since https://github.com/tailscale/tailscale/pull/4323 (Noise in any HTTPS port). // // Related to this change, there is https://github.com/tailscale/tailscale/pull/5379, // where CapabilityVersion 39 is introduced to indicate #4323 was merged. // // See also https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go NoiseCapabilityVersion = 39 )
const (
ProtocolFC = 133 // Fibre Channel
)
For some reason golang.org/x/net/internal/iana is an internal package.
Variables ¶
var ( ExitRouteV4 = netip.MustParsePrefix("0.0.0.0/0") ExitRouteV6 = netip.MustParsePrefix("::/0") )
var NodePublicKeyRegex = regexp.MustCompile("nodekey:[a-fA-F0-9]+")
Functions ¶
func CheckForFQDNRules ¶
func DiscoPublicKeyStripPrefix ¶
func DiscoPublicKeyStripPrefix(discoKey key.DiscoPublic) string
func GenerateRandomBytes ¶
GenerateRandomBytes returns securely generated random bytes. It will return an error if the system's secure random number generator fails to function correctly, in which case the caller should not continue.
func GenerateRandomStringDNSSafe ¶
GenerateRandomStringDNSSafe returns a DNS-safe securely generated random string. It will return an error if the system's secure random number generator fails to function correctly, in which case the caller should not continue.
func GenerateRandomStringURLSafe ¶
GenerateRandomStringURLSafe returns a URL-safe, base64 encoded securely generated random string. It will return an error if the system's secure random number generator fails to function correctly, in which case the caller should not continue.
func GetDERPMap ¶
func GetDERPMap(cfg DERPConfig) *tailcfg.DERPMap
func GetDNSConfig ¶
func GetFileMode ¶
func IsCLIConfigured ¶
func IsCLIConfigured() bool
func IsStringInSlice ¶
func LoadConfig ¶
func MachinePublicKeyStripPrefix ¶
func MachinePublicKeyStripPrefix(machineKey key.MachinePublic) string
func NodePublicKeyStripPrefix ¶
func NodePublicKeyStripPrefix(nodeKey key.NodePublic) string
func NormalizeToFQDNRules ¶
NormalizeToFQDNRules will replace forbidden chars in user it can also return an error if the user doesn't respect RFC 952 and 1123.
func PrivateKeyEnsurePrefix ¶
func SwaggerAPIv1 ¶
func SwaggerAPIv1( writer http.ResponseWriter, req *http.Request, )
Types ¶
type ACL ¶
type ACL struct { Action string `json:"action" yaml:"action"` Protocol string `json:"proto" yaml:"proto"` Sources []string `json:"src" yaml:"src"` Destinations []string `json:"dst" yaml:"dst"` }
ACL is a basic rule for the ACL Policy.
type ACLConfig ¶
type ACLConfig struct {
PolicyPath string
}
func GetACLConfig ¶
func GetACLConfig() ACLConfig
type ACLPolicy ¶
type ACLPolicy struct { Groups Groups `json:"groups" yaml:"groups"` Hosts Hosts `json:"hosts" yaml:"hosts"` TagOwners TagOwners `json:"tagOwners" yaml:"tagOwners"` ACLs []ACL `json:"acls" yaml:"acls"` Tests []ACLTest `json:"tests" yaml:"tests"` AutoApprovers AutoApprovers `json:"autoApprovers" yaml:"autoApprovers"` SSHs []SSH `json:"ssh" yaml:"ssh"` }
ACLPolicy represents a Tailscale ACL Policy.
type ACLTest ¶
type ACLTest struct { Source string `json:"src" yaml:"src"` Accept []string `json:"accept" yaml:"accept"` Deny []string `json:"deny,omitempty" yaml:"deny,omitempty"` }
ACLTest is not implemented, but should be use to check if a certain rule is allowed.
type APIKey ¶
type APIKey struct { ID uint64 `gorm:"primary_key"` Prefix string `gorm:"uniqueIndex"` Hash []byte CreatedAt *time.Time Expiration *time.Time LastSeen *time.Time }
APIKey describes the datamodel for API keys used to remotely authenticate with headscale.
type AppleMobileConfig ¶
type AppleMobilePlatformConfig ¶
type AppleMobilePlatformConfig struct { UUID uuid.UUID URL string }
type AutoApprovers ¶
type AutoApprovers struct { Routes map[string][]string `json:"routes" yaml:"routes"` ExitNode []string `json:"exitNode" yaml:"exitNode"` }
AutoApprovers specify which users (users?), groups or tags have their advertised routes or exit node status automatically enabled.
func (*AutoApprovers) GetRouteApprovers ¶
func (autoApprovers *AutoApprovers) GetRouteApprovers( prefix netip.Prefix, ) ([]string, error)
Returns the list of autoApproving users, groups or tags for a given IPPrefix.
type Config ¶
type Config struct { ServerURL string Addr string MetricsAddr string GRPCAddr string GRPCAllowInsecure bool EphemeralNodeInactivityTimeout time.Duration NodeUpdateCheckInterval time.Duration IPPrefixes []netip.Prefix PrivateKeyPath string NoisePrivateKeyPath string BaseDomain string Log LogConfig DisableUpdateCheck bool DERP DERPConfig DBtype string DBpath string DBhost string DBport int DBname string DBuser string DBpass string DBssl string TLS TLSConfig ACMEURL string ACMEEmail string DNSConfig *tailcfg.DNSConfig UnixSocket string UnixSocketPermission fs.FileMode OIDC OIDCConfig LogTail LogTailConfig RandomizeClientPort bool CLI CLIConfig ACL ACLConfig }
Config contains the initial Headscale configuration.
func GetHeadscaleConfig ¶
type DERPConfig ¶
type DERPConfig struct { ServerEnabled bool ServerRegionID int ServerRegionCode string ServerRegionName string STUNAddr string URLs []url.URL Paths []string AutoUpdate bool UpdateFrequency time.Duration }
func GetDERPConfig ¶
func GetDERPConfig() DERPConfig
type DERPServer ¶
type DERPServer struct {
// contains filtered or unexported fields
}
type Error ¶
type Error string
Error is used to compare errors as per https://dave.cheney.net/2016/04/07/constant-errors
type Headscale ¶
type Headscale struct { DERPMap *tailcfg.DERPMap DERPServer *DERPServer // contains filtered or unexported fields }
Headscale represents the base app of the service.
func NewHeadscale ¶
func (*Headscale) AppleConfigMessage ¶
func (h *Headscale) AppleConfigMessage( writer http.ResponseWriter, req *http.Request, )
AppleConfigMessage shows a simple message in the browser to point the user to the iOS/MacOS profile and instructions for how to install it.
func (*Headscale) ApplePlatformConfig ¶
func (h *Headscale) ApplePlatformConfig( writer http.ResponseWriter, req *http.Request, )
func (*Headscale) CreateAPIKey ¶
CreateAPIKey creates a new ApiKey in a user, and returns it.
func (*Headscale) CreatePreAuthKey ¶
func (h *Headscale) CreatePreAuthKey( userName string, reusable bool, ephemeral bool, expiration *time.Time, aclTags []string, ) (*PreAuthKey, error)
CreatePreAuthKey creates a new PreAuthKey in a user, and returns it.
func (*Headscale) CreateUser ¶
CreateUser creates a new User. Returns error if could not be created or another user already exists.
func (*Headscale) CreateUserACLPolicy ¶ added in v0.0.9
func (h *Headscale) CreateUserACLPolicy( userID uint, policy ACLPolicy, ) (*UserACLPolicy, error)
CreateUserACLPolicy creates an acl policy for the given user.
func (*Headscale) DERPBootstrapDNSHandler ¶
func (h *Headscale) DERPBootstrapDNSHandler( writer http.ResponseWriter, req *http.Request, )
DERPBootstrapDNSHandler implements the /bootsrap-dns endpoint Described in https://github.com/tailscale/tailscale/issues/1405, this endpoint provides a way to help a client when it fails to start up because its DNS are broken. The initial implementation is here https://github.com/tailscale/tailscale/pull/1406 They have a cache, but not clear if that is really necessary at Headscale, uh, scale. An example implementation is found here https://derp.tailscale.com/bootstrap-dns
func (*Headscale) DERPHandler ¶
func (h *Headscale) DERPHandler( writer http.ResponseWriter, req *http.Request, )
func (*Headscale) DERPProbeHandler ¶
func (h *Headscale) DERPProbeHandler( writer http.ResponseWriter, req *http.Request, )
DERPProbeHandler is the endpoint that js/wasm clients hit to measure DERP latency, since they can't do UDP STUN queries.
func (*Headscale) DeleteMachine ¶
DeleteMachine softs deletes a Machine from the database.
func (*Headscale) DeleteMachineRoutes ¶
func (*Headscale) DeleteRoute ¶
func (*Headscale) DestroyAPIKey ¶
DestroyAPIKey destroys a ApiKey. Returns error if the ApiKey does not exist.
func (*Headscale) DestroyPreAuthKey ¶
func (h *Headscale) DestroyPreAuthKey(pak PreAuthKey) error
DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey does not exist.
func (*Headscale) DestroyUser ¶
DestroyUser destroys a User. Returns error if the User does not exist or if there are machines associated with it.
func (*Headscale) DestroyUserACLPolicy ¶ added in v0.0.10
DestroyUserACLPolicy destroys a acl policy for a given user if it exists.
func (*Headscale) DisableRoute ¶
func (*Headscale) EnableAutoApprovedRoutes ¶
EnableAutoApprovedRoutes enables any routes advertised by a machine that match the ACL autoApprovers policy.
func (*Headscale) EnableRoute ¶
func (*Headscale) ExpireAPIKey ¶
ExpireAPIKey marks a ApiKey as expired.
func (*Headscale) ExpireMachine ¶
ExpireMachine takes a Machine struct and sets the expire field to now.
func (*Headscale) ExpirePreAuthKey ¶
func (h *Headscale) ExpirePreAuthKey(k *PreAuthKey) error
MarkExpirePreAuthKey marks a PreAuthKey as expired.
func (*Headscale) GenerateGivenName ¶
func (*Headscale) GetAPIKeyByID ¶
GetAPIKeyByID returns a ApiKey for a given id.
func (*Headscale) GetAdvertisedRoutes ¶
GetAdvertisedRoutes returns the routes that are be advertised by the given machine.
func (*Headscale) GetEnabledRoutes ¶
GetEnabledRoutes returns the routes that are enabled for the machine.
func (*Headscale) GetMachine ¶
GetMachine finds a Machine by name and user and returns the Machine struct.
func (*Headscale) GetMachineByAnyKey ¶
func (h *Headscale) GetMachineByAnyKey( machineKey key.MachinePublic, nodeKey key.NodePublic, oldNodeKey key.NodePublic, ) (*Machine, error)
GetMachineByAnyNodeKey finds a Machine by its MachineKey, its current NodeKey or the old one, and returns the Machine struct.
func (*Headscale) GetMachineByGivenName ¶
GetMachineByGivenName finds a Machine by given name and user and returns the Machine struct.
func (*Headscale) GetMachineByID ¶
GetMachineByID finds a Machine by ID and returns the Machine struct.
func (*Headscale) GetMachineByMachineKey ¶
func (h *Headscale) GetMachineByMachineKey( machineKey key.MachinePublic, ) (*Machine, error)
GetMachineByMachineKey finds a Machine by its MachineKey and returns the Machine struct.
func (*Headscale) GetMachineByNodeKey ¶
func (h *Headscale) GetMachineByNodeKey( nodeKey key.NodePublic, ) (*Machine, error)
GetMachineByNodeKey finds a Machine by its current NodeKey.
func (*Headscale) GetMachineRoutes ¶
func (*Headscale) GetPreAuthKey ¶
func (h *Headscale) GetPreAuthKey(user string, key string) (*PreAuthKey, error)
GetPreAuthKey returns a PreAuthKey for a given key.
func (*Headscale) HardDeleteMachine ¶
HardDeleteMachine hard deletes a Machine from the database.
func (*Headscale) HealthHandler ¶
func (h *Headscale) HealthHandler( writer http.ResponseWriter, req *http.Request, )
func (*Headscale) IsRoutesEnabled ¶
func (*Headscale) KeyHandler ¶
func (h *Headscale) KeyHandler( writer http.ResponseWriter, req *http.Request, )
KeyHandler provides the Headscale pub key Listens in /key.
func (*Headscale) ListAPIKeys ¶
ListAPIKeys returns the list of ApiKeys for a user.
func (*Headscale) ListMachines ¶
func (*Headscale) ListMachinesByGivenName ¶
func (*Headscale) ListMachinesByUser ¶
ListMachinesByUser gets all the nodes in a given user.
func (*Headscale) ListMachinesByUserID ¶ added in v0.0.9
func (*Headscale) ListPreAuthKeys ¶
func (h *Headscale) ListPreAuthKeys(userName string) ([]PreAuthKey, error)
ListPreAuthKeys returns the list of PreAuthKeys for a user.
func (*Headscale) NewDERPServer ¶
func (h *Headscale) NewDERPServer() (*DERPServer, error)
func (*Headscale) NoiseUpgradeHandler ¶
func (h *Headscale) NoiseUpgradeHandler( writer http.ResponseWriter, req *http.Request, )
NoiseUpgradeHandler is to upgrade the connection and hijack the net.Conn in order to use the Noise-based TS2021 protocol. Listens in /ts2021.
func (*Headscale) OIDCCallback ¶
func (h *Headscale) OIDCCallback( writer http.ResponseWriter, req *http.Request, )
OIDCCallback handles the callback from the OIDC endpoint Retrieves the nkey from the state cache and adds the machine to the users email user TODO: A confirmation page for new machines should be added to avoid phishing vulnerabilities TODO: Add groups information from OIDC tokens into machine HostInfo Listens in /oidc/callback.
func (*Headscale) RefreshMachine ¶
RefreshMachine takes a Machine struct and sets the expire field to now.
func (*Headscale) RegisterMachine ¶
RegisterMachine is executed from the CLI to register a new Machine using its MachineKey.
func (*Headscale) RegisterMachineFromAuthCallback ¶
func (*Headscale) RegisterOIDC ¶
func (h *Headscale) RegisterOIDC( writer http.ResponseWriter, req *http.Request, )
RegisterOIDC redirects to the OIDC provider for authentication Puts NodeKey in cache so the callback can retrieve it using the oidc state param Listens in /oidc/register/:nKey.
func (*Headscale) RegisterWebAPI ¶
func (h *Headscale) RegisterWebAPI( writer http.ResponseWriter, req *http.Request, )
RegisterWebAPI shows a simple message in the browser to point to the CLI Listens in /register/:nkey.
This is not part of the Tailscale control API, as we could send whatever URL in the RegisterResponse.AuthURL field.
func (*Headscale) RenameMachine ¶
RenameMachine takes a Machine struct and a new GivenName for the machines and renames it.
func (*Headscale) RenameUser ¶
RenameUser renames a User. Returns error if the User does not exist or if another User exists with the new name.
func (*Headscale) ServeSTUN ¶
func (h *Headscale) ServeSTUN()
ServeSTUN starts a STUN server on the configured addr.
func (*Headscale) SetMachineUser ¶
SetMachineUser assigns a Machine to a user.
func (*Headscale) TouchMachine ¶
func (*Headscale) UpdateMachineFromDatabase ¶
UpdateMachineFromDatabase takes a Machine struct pointer (typically already loaded from database and updates it with the latest data from the database.
func (*Headscale) UsePreAuthKey ¶
func (h *Headscale) UsePreAuthKey(k *PreAuthKey) error
UsePreAuthKey marks a PreAuthKey as used.
func (*Headscale) WindowsConfigMessage ¶
func (h *Headscale) WindowsConfigMessage( writer http.ResponseWriter, req *http.Request, )
WindowsConfigMessage shows a simple message in the browser for how to configure the Windows Tailscale client.
func (*Headscale) WindowsRegConfig ¶
func (h *Headscale) WindowsRegConfig( writer http.ResponseWriter, req *http.Request, )
WindowsRegConfig generates and serves a .reg file configured with the Headscale server address.
type HostInfo ¶
This is a "wrapper" type around tailscales Hostinfo to allow us to add database "serialization" methods. This allows us to use a typed values throughout the code and not have to marshal/unmarshal and error check all over the code.
type Hosts ¶
Hosts are alias for IP addresses or subnets.
func (*Hosts) UnmarshalJSON ¶
UnmarshalJSON allows to parse the Hosts directly into netip objects.
func (*Hosts) UnmarshalYAML ¶
UnmarshalYAML allows to parse the Hosts directly into netip objects.
type IDTokenClaims ¶
type IPPrefixes ¶
func (*IPPrefixes) Scan ¶
func (i *IPPrefixes) Scan(destination interface{}) error
type LetsEncryptConfig ¶
type LogConfig ¶
func GetLogConfig ¶
func GetLogConfig() LogConfig
type LogTailConfig ¶
type LogTailConfig struct {
Enabled bool
}
func GetLogTailConfig ¶
func GetLogTailConfig() LogTailConfig
type Machine ¶
type Machine struct { ID uint64 `gorm:"primary_key"` MachineKey string `gorm:"type:varchar(64);unique_index"` NodeKey string DiscoKey string IPAddresses MachineAddresses // Hostname represents the name given by the Tailscale // client during registration Hostname string // Givenname represents either: // a DNS normalized version of Hostname // a valid name set by the User // // GivenName is the name used in all DNS related // parts of headscale. GivenName string `gorm:"type:varchar(256);unique_index"` UserID uint User User `gorm:"foreignKey:UserID"` RegisterMethod string ForcedTags StringList // TODO(kradalby): This seems like irrelevant information? AuthKeyID uint AuthKey *PreAuthKey LastSeen *time.Time LastSuccessfulUpdate *time.Time Expiry *time.Time HostInfo HostInfo Endpoints StringList CreatedAt time.Time UpdatedAt time.Time DeletedAt *time.Time }
Machine is a Headscale client.
func (*Machine) GetHostInfo ¶
GetHostInfo returns a Hostinfo struct for the machine.
type MachineAddresses ¶
func (*MachineAddresses) Scan ¶
func (ma *MachineAddresses) Scan(destination interface{}) error
func (MachineAddresses) ToStringSlice ¶
func (ma MachineAddresses) ToStringSlice() []string
type OIDCConfig ¶
type PreAuthKey ¶
type PreAuthKey struct { ID uint64 `gorm:"primary_key"` Key string UserID uint User User Reusable bool Ephemeral bool `gorm:"default:false"` Used bool `gorm:"default:false"` ACLTags []PreAuthKeyACLTag CreatedAt *time.Time Expiration *time.Time }
PreAuthKey describes a pre-authorization key usable in a particular user.
type PreAuthKeyACLTag ¶
PreAuthKeyACLTag describes an autmatic tag applied to a node when registered with the associated PreAuthKey.
type Route ¶
type SSH ¶
type SSH struct { Action string `json:"action" yaml:"action"` Sources []string `json:"src" yaml:"src"` Destinations []string `json:"dst" yaml:"dst"` Users []string `json:"users" yaml:"users"` CheckPeriod string `json:"checkPeriod,omitempty" yaml:"checkPeriod,omitempty"` }
SSH controls who can ssh into which machines.
type StringList ¶
type StringList []string
func (*StringList) Scan ¶
func (i *StringList) Scan(destination interface{}) error
type TLSConfig ¶
type TLSConfig struct { CertPath string KeyPath string LetsEncrypt LetsEncryptConfig }
func GetTLSConfig ¶
func GetTLSConfig() TLSConfig
type User ¶
User is the way Headscale implements the concept of users in Tailscale
At the end of the day, users in Tailscale are some kind of 'bubbles' or users that contain our machines.
type UserACLPolicy ¶ added in v0.0.9
type UserACLPolicy struct { ID uint64 `gorm:"primary_key"` UserID uint `gorm:"unique"` User User `gorm:"foreignKey:UserID"` ACLPolicy ACLPolicy `gorm:"json"` CreatedAt time.Time UpdatedAt time.Time }
UserACLPolicy is a group of acl rules to manage access between devices of a single user.
type WindowsRegistryConfig ¶
type WindowsRegistryConfig struct {
URL string
}
Source Files ¶
- acls.go
- acls_types.go
- api.go
- api_common.go
- api_key.go
- app.go
- config.go
- db.go
- derp.go
- derp_server.go
- dns.go
- grpcv1.go
- handler_placeholder.go
- machine.go
- metrics.go
- noise.go
- oidc.go
- platform_config.go
- preauth_keys.go
- protocol_common.go
- protocol_common_poll.go
- protocol_common_utils.go
- protocol_noise.go
- protocol_noise_poll.go
- routes.go
- swagger.go
- users.go
- utils.go
Directories ¶
Path | Synopsis |
---|---|
cmd
|
|
gen
|
|
go/headscale/v1
Package v1 is a reverse proxy.
|
Package v1 is a reverse proxy. |