Merge branch 'main' into rename-fixess

CHANGELOG.md

@@ -17,6 +17,8 @@
 - Add the ability to rename a nodes name [#560](https://github.com/juanfont/headscale/pull/560)
   - Node DNS names are now unique, a random suffix will be added when a node joins
   - This change contains database changes, remember to **backup** your database before upgrading
+- Add option to enable/disable logtail (Tailscale's logging infrastructure) [#596](https://github.com/juanfont/headscale/pull/596)
+  - This change disables the logs by default
 
 ## 0.15.0 (2022-03-20)
 

api.go

@@ -278,6 +278,9 @@ func (h *Headscale) getMapResponse(
 		PacketFilter: h.aclRules,
 		DERPMap:      h.DERPMap,
 		UserProfiles: profiles,
+		Debug: &tailcfg.Debug{
+			DisableLogTail: !h.cfg.LogTail.Enabled,
+		},
 	}
 
 	log.Trace().

app.go

@@ -113,6 +113,8 @@ type Config struct {
 
 	OIDC OIDCConfig
 
+	LogTail LogTailConfig
+
 	CLI CLIConfig
 }
 
@@ -139,6 +141,10 @@ type DERPConfig struct {
 	UpdateFrequency  time.Duration
 }
 
+type LogTailConfig struct {
+	Enabled bool
+}
+
 type CLIConfig struct {
 	Address  string
 	APIKey   string

cmd/headscale/cli/utils.go

@@ -72,6 +72,8 @@ func LoadConfig(path string) error {
 	viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
 	viper.SetDefault("oidc.strip_email_domain", true)
 
+	viper.SetDefault("logtail.enabled", false)
+
 	if err := viper.ReadInConfig(); err != nil {
 		return fmt.Errorf("fatal error reading config file: %w", err)
 	}
@@ -167,6 +169,14 @@ func GetDERPConfig() headscale.DERPConfig {
 	}
 }
 
+func GetLogConfig() headscale.LogTailConfig {
+	enabled := viper.GetBool("logtail.enabled")
+
+	return headscale.LogTailConfig{
+		Enabled: enabled,
+	}
+}
+
 func GetDNSConfig() (*tailcfg.DNSConfig, string) {
 	if viper.IsSet("dns_config") {
 		dnsConfig := &tailcfg.DNSConfig{}
@@ -270,6 +280,7 @@ func absPath(path string) string {
 func getHeadscaleConfig() headscale.Config {
 	dnsConfig, baseDomain := GetDNSConfig()
 	derpConfig := GetDERPConfig()
+	logConfig := GetLogConfig()
 
 	configuredPrefixes := viper.GetStringSlice("ip_prefixes")
 	parsedPrefixes := make([]netaddr.IPPrefix, 0, len(configuredPrefixes)+1)
@@ -378,6 +389,8 @@ func getHeadscaleConfig() headscale.Config {
 			StripEmaildomain: viper.GetBool("oidc.strip_email_domain"),
 		},
 
+		LogTail: logConfig,
+
 		CLI: headscale.CLIConfig{
 			Address:  viper.GetString("cli.address"),
 			APIKey:   viper.GetString("cli.api_key"),

cmd/headscale/headscale_test.go

@@ -67,6 +67,7 @@ func (*Suite) TestConfigLoading(c *check.C) {
 		check.Equals,
 		fs.FileMode(0o770),
 	)
+	c.Assert(viper.GetBool("logtail.enabled"), check.Equals, false)
 }
 
 func (*Suite) TestDNSConfigLoading(c *check.C) {

config-example.yaml

@@ -235,3 +235,12 @@ unix_socket_permission: "0770"
 #   namespace: `first-name.last-name.example.com`
 #
 #   strip_email_domain: true
+
+# Logtail configuration
+# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel
+# to instruct tailscale nodes to log their activity to a remote server.
+logtail:
+  # Enable logtail for this headscales clients.
+  # As there is currently no support for overriding the log server in headscale, this is
+  # disabled by default. Enabling this will make your clients send logs to Tailscale Inc.
+  enabled: false