Resolve merge conflict
This commit is contained in:
Kristoffer Dalby
commit
264e5964f6
13 changed files with 651 additions and 58 deletions
|
|
@ -8,6 +8,7 @@ import (
|
|||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
|
@ -209,6 +210,26 @@ func absPath(path string) string {
|
|||
}
|
||||
|
||||
func getHeadscaleConfig() headscale.Config {
|
||||
// maxMachineRegistrationDuration is the maximum time headscale will allow a client to (optionally) request for
|
||||
// the machine key expiry time. RegisterRequests with Expiry times that are more than
|
||||
// maxMachineRegistrationDuration in the future will be clamped to (now + maxMachineRegistrationDuration)
|
||||
maxMachineRegistrationDuration, _ := time.ParseDuration(
|
||||
"10h",
|
||||
) // use 10h here because it is the length of a standard business day plus a small amount of leeway
|
||||
if viper.GetDuration("max_machine_registration_duration") >= time.Second {
|
||||
maxMachineRegistrationDuration = viper.GetDuration("max_machine_registration_duration")
|
||||
}
|
||||
|
||||
// defaultMachineRegistrationDuration is the default time assigned to a machine registration if one is not
|
||||
// specified by the tailscale client. It is the default amount of time a machine registration is valid for
|
||||
// (ie the amount of time before the user has to re-authenticate when requesting a connection)
|
||||
defaultMachineRegistrationDuration, _ := time.ParseDuration(
|
||||
"8h",
|
||||
) // use 8h here because it's the length of a standard business day
|
||||
if viper.GetDuration("default_machine_registration_duration") >= time.Second {
|
||||
defaultMachineRegistrationDuration = viper.GetDuration("default_machine_registration_duration")
|
||||
}
|
||||
|
||||
dnsConfig, baseDomain := GetDNSConfig()
|
||||
derpConfig := GetDERPConfig()
|
||||
|
||||
|
|
@ -245,6 +266,15 @@ func getHeadscaleConfig() headscale.Config {
|
|||
ACMEURL: viper.GetString("acme_url"),
|
||||
|
||||
UnixSocket: viper.GetString("unix_socket"),
|
||||
|
||||
OIDC: headscale.OIDCConfig{
|
||||
Issuer: viper.GetString("oidc.issuer"),
|
||||
ClientID: viper.GetString("oidc.client_id"),
|
||||
ClientSecret: viper.GetString("oidc.client_secret"),
|
||||
},
|
||||
|
||||
MaxMachineRegistrationDuration: maxMachineRegistrationDuration,
|
||||
DefaultMachineRegistrationDuration: defaultMachineRegistrationDuration,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -263,6 +293,8 @@ func getHeadscaleApp() (*headscale.Headscale, error) {
|
|||
|
||||
cfg := getHeadscaleConfig()
|
||||
|
||||
cfg.OIDC.MatchMap = loadOIDCMatchMap()
|
||||
|
||||
h, err := headscale.NewHeadscale(cfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -402,3 +434,15 @@ func (t tokenAuth) GetRequestMetadata(ctx context.Context, in ...string) (map[st
|
|||
func (tokenAuth) RequireTransportSecurity() bool {
|
||||
return true
|
||||
}
|
||||
|
||||
// loadOIDCMatchMap is a wrapper around viper to verifies that the keys in
|
||||
// the match map is valid regex strings.
|
||||
func loadOIDCMatchMap() map[string]string {
|
||||
strMap := viper.GetStringMapString("oidc.domain_map")
|
||||
|
||||
for oidcMatcher := range strMap {
|
||||
_ = regexp.MustCompile(oidcMatcher)
|
||||
}
|
||||
|
||||
return strMap
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue