v0.23.0-beta3

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle connection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The oldest supported client is 1.42
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869
• MagicDNS domains no longer contain usernames
  • This is in preperation to fix Headscales implementation of tags which currently does not correctly remove the link between a tagged device and a user. As tagged devices will not have a user, this will require a change to the DNS generation, removing the username, see #1369 for more information.
  • use_username_in_magic_dns can be used to turn this behaviour on again, but note that this option will be removed when tags are fixed.
    • dns.base_domain can no longer be the same as (or part of) server_url.
    • This option brings Headscales behaviour in line with Tailscale.
• YAML files are no longer supported for headscale policy. #1792
  • HuJSON is now the only supported format for policy.
• DNS configuration has been restructured #2034
  • Please review the new config-example.yaml for the new structure.

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
• Log available update as warning #1877
• Add autogroup:internet to Policy #1917
• Restore foreign keys and add constraints #1562
• Make registration page easier to use on mobile devices
• Make write-ahead-log default on and configurable for SQLite #1985
• Add APIs for managing headscale policy. #1792

Changelog

• 34361c6 Fix FKs on sqlite migrations (#2083)
• 76515d1 Fix self notification on expiry update via oidc relogin (#2080)
• 827e3e8 Issue 2045, Feature Request (#2071)
• fffd9d7 Update ACLs file format docs (#2066)
• cf6a606 fix route table migration wiping routes 0.22 -> 0.23 (#2076)
• 9c4c286 fix warning errs from beta2 (#2075)
• f4427dd fix: correct a small spelling mistake (#2081)
• 1193a50 oldest client supported, not latest (#2086)
• a68854a upgrade go (1.23) and tailscale (1.72.1) (#2077)
• 2b5e52b validate policy against nodes, error if not valid (#2089)
• cb0e2e4 various doc updates in prep for 0.23 (#2091)

v0.23.0-beta2

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle connection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.42
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869
• MagicDNS domains no longer contain usernames
  • This is in preperation to fix Headscales implementation of tags which currently does not correctly remove the link between a tagged device and a user. As tagged devices will not have a user, this will require a change to the DNS generation, removing the username, see #1369 for more information.
  • use_username_in_magic_dns can be used to turn this behaviour on again, but note that this option will be removed when tags are fixed.
    • dns.base_domain can no longer be the same as (or part of) server_url.
    • This option brings Headscales behaviour in line with Tailscale.
• YAML files are no longer supported for headscale policy. #1792
  • HuJSON is now the only supported format for policy.
• DNS configuration has been restructured #2034
  • Please review the new config-example.yaml for the new structure.

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
• Log available update as warning #1877
• Add autogroup:internet to Policy #1917
• Restore foreign keys and add constraints #1562
• Make registration page easier to use on mobile devices
• Make write-ahead-log default on and configurable for SQLite #1985
• Add APIs for managing headscale policy. #1792

Changelog

• 022fb24 Fix command get policy works with relative policy path (#2051)
• 4ad3f3c Fix data race issues in EphemeralGarbageCollector tests (#2023)
• fdc034e Integrate GORM Logger with Zerolog and Add Configuration Options for Logging and Performance (#2040)
• ac8491e Redo DNS configuration (#2034)
• f994973 add coderabbit config (#2060)
• db7a435 config-example.yaml: Remove reference to yaml for policy files (#2022)
• 06f0705 flake.lock: Update (#2035)
• 948d53f flake.lock: Update (#2042)
• fcd1183 flake.lock: Update (#2052)
• 9bed76d flake.lock: Update (#2059)
• 84cb5d0 make acl_policy_path fatal if policy.path is not set (#2041)
• ece907d test embedded derp with derp updater, check client health (#2030)

v0.23.0-beta1

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle connection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869
• MagicDNS domains no longer contain usernames
  • This is in preperation to fix Headscales implementation of tags which currently does not correctly remove the link between a tagged device and a user. As tagged devices will not have a user, this will require a change to the DNS generation, removing the username, see #1369 for more information.
  • use_username_in_magic_dns can be used to turn this behaviour on again, but note that this option will be removed when tags are fixed.
  • This option brings Headscales behaviour in line with Tailscale.
• YAML files are no longer supported for headscale policy. #1792
  • HuJSON is now the only supported format for policy.

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
• Log available update as warning #1877
• Add autogroup:internet to Policy #1917
• Restore foreign keys and add constraints #1562
• Make registration page easier to use on mobile devices
• Make write-ahead-log default on and configurable for SQLite #1985
• Add APIs for managing headscale policy. #1792

Commits

• 8823778 Add gofumpt to dev dependencies (#2010)
• 69c3365 Fix android docs (#1976)
• 51676c6 Make registration screen easier to use (#1975)
• 4a34cfc Make write-ahead-log default and configurable for sqlite (#1985)
• 8f8f469 Remove allocations of lists before use (#1989)
• 74d27ee Remove deprecated linters from golangci-lint (#2009)
• 51b56ba Update flake.lock (#1952)
• 3f60ab2 Update flake.lock (#2011)
• 99e91a9 Update reverse-proxy.md (#1986)
• 58bd38a feat: implements apis for managing headscale policy (#1792)
• 14a3f94 fix search domains and remove username from magicdns (#1987)
• 00ff288 fix(1996): Implement register method enum converter (#2013)
• 5f9c269 fixed typo and path (#1960)
• 1f4b595 flake.lock: Update (#1958)
• dfc089e flake.lock: Update (#1979)
• 89ada55 flake.lock: Update (#1991)
• eb1591d flake.lock: Update (#2000)
• b799245 flake.lock: Update (#2021)
• 9e523d4 move userprofiles into method on user struct (#2014)
• 8571513 reformat code (#2019)
• 11fde62 remove custom contains funcs for slices.Contains (#2015)
• 5a4e52b remove last_successful_update error check (#1959)
• 7e62031 replace ephemeral deletion logic (#2008)
• ca47d6f small cleanups (#2017)

v0.23.0-alpha12

Changes

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle connection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
• Log available update as warning #1877
• Add autogroup:internet to Policy #1917
• Restore foreign keys and add constraints #1562

Commits

• 30986c2 Bump github.com/docker/docker (#1947)
• faa57dd Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 (#1945)
• fff229f Bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.4 (#1946)
• 151f224 Bump golang.org/x/net from 0.22.0 to 0.23.0 (#1943)
• fd4f921 Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#1944)
• 8185a70 Fix typos (#1860)
• a9763c9 Initialize log config earlier to prevent trace messages being printed early on (#1939)
• 7fd2485 Restore foreign keys and add constraints (#1562)
• c8ebbed Simplify map session management (#1931)
• 93a915c Update OpenBSD installation docs for 2024 (#1915)
• 2bac80c [DOCS] Make linux installation instructions more clear (#1927)
• 622aa82 ensure expire routines are cleaned up (#1924)
• 723a040 flake.lock: Update (#1897)
• 2dc62e9 move debug image to distroless (#1950)
• 5ad0aa4 update tailscale go dep (#1948)

v0.23.0-alpha11

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
• Log available update as warning #1877
• Add autogroup:internet to Policy #1917

Commits

• d5ed8bc error if no prefix is configured (#1918)
• 55b35f4 fix issue preveting get node when disco is missing (#1919)
• 1c6bfc5 fix preauth key logging in as previous user (#1920)
• a9c568c trace log and notifier shutdown (#1922)

v0.23.0-alpha10

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869
• Log available update as warning #1877
• Add autogroup:internet to Policy #1917

Commits

• 10e37ec Add contributing document
• ff427cc Apply suggestions from code review
• 3927784 Apply suggestions from code review
• aba4b36 Clarify relation with Tailscale (#1908)
• fef8261 Do not access node ID when node is not found (#1912)
• 50a7d15 Update CONTRIBUTING.md
• d740ee4 Update CONTRIBUTING.md
• 87e2ae4 add autogroup:internet, fix reduce filter rules (#1917)
• cb0b495 batch updates in notifier (#1905)
• 9229d17 remove examples/, and kustomize (#1906)
• c62d557 remove multistep build, build go last, allowing cached build layers (#1903)
• 318d5d2 replace issue templates with github issue forms

v0.23.0-alpha9

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869

Commits

• 2fb7428 Add FAQ question about using the same machine as server and client
• 2858ab4 Add new shasum for flake.nix
• c1d4fef Downgrade update sent to debug (#1843)
• a244eab Ephemeral keys can now be reusable and non-reusable
• 785b150 Fix typo in docs - DB file path (#1546)
• 4d90210 Fix/improve documentation formatting (#1575)
• 2ce23df Migrate IP fields in database to dedicated columns (#1869)
• 0fcfd64 More concise
• 58c94d2 Rework map session
• 84de185 Run prettier
• bdf54e8 Update answer based on comment
• b477e5f Update docker related doc (#1421)
• 6efc507 Update docs/faq.md
• dbe3282 Update docs/faq.md
• 1d3eae8 Update flake.lock (#1657)
• 7bea885 Updated dependencies, fixing segfault for OpenBSD Fixes #1857
• 8a8e25a [docs] Use modern Apt command to install package (#1420)
• bf4fd07 clean up use of log.Error where errors could be wrapped
• 20bf377 docs(README): update contributors (#1834)
• 95004de docs/reverse-proxy: use standard map, correct X-Forwarded-Proto variable for nginx (#1790)
• c9966ba fix postgres migration (#1802)
• c29eddd flake.lock: Update (#1833)
• dd693c4 flake.lock: Update (#1848)
• 1704977 improve testing of route failover logic
• 60f0cf9 more log.Error -> fmt.Errorf cleanup
• 7d62e9f move "embedded derp" settings into With options for integration tests (#1872)
• e15a083 simplify integration testing with matrix jobs (#1799)
• 74ff14e update docs workflow (#1832)
• ef26f58 update gh workflow actions (#1809)
• 85cef84 use newer fork of termcolor (#1842)
• d4af0c3 Log available update as warning (#1877)
• 4095372 fix ip migration
• c4c8cfe Fix crash when a prefix family was empty
• 6850358 Add test stage to docs (#1893)
• e2afd30 Add the latest UI to the website
• c906aaf Allow to remove forced tags of a node
• bd04792 Move pprof to metrics router (#1902)
• 580f96c Remove unused node check interval
• 7d81784 chore: fix function names in comment (#1866)
• 9375b09 chore: use errors.New to replace fmt.Errorf with no parameters will much better
• 803269a docs(readme): change contributors section (#1889)
• 8394208 fix prettier
• ba614a5 metrics, tuning in tests, db cleanups, fix concurrency issue (#1895)

v0.23.0-alpha8

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869

Commits

• 2fb7428 Add FAQ question about using the same machine as server and client
• 2858ab4 Add new shasum for flake.nix
• c1d4fef Downgrade update sent to debug (#1843)
• a244eab Ephemeral keys can now be reusable and non-reusable
• 785b150 Fix typo in docs - DB file path (#1546)
• 4d90210 Fix/improve documentation formatting (#1575)
• 2ce23df Migrate IP fields in database to dedicated columns (#1869)
• 0fcfd64 More concise
• 58c94d2 Rework map session
• 84de185 Run prettier
• bdf54e8 Update answer based on comment
• b477e5f Update docker related doc (#1421)
• 6efc507 Update docs/faq.md
• dbe3282 Update docs/faq.md
• 1d3eae8 Update flake.lock (#1657)
• 7bea885 Updated dependencies, fixing segfault for OpenBSD Fixes #1857
• 8a8e25a [docs] Use modern Apt command to install package (#1420)
• bf4fd07 clean up use of log.Error where errors could be wrapped
• 20bf377 docs(README): update contributors (#1834)
• 95004de docs/reverse-proxy: use standard map, correct X-Forwarded-Proto variable for nginx (#1790)
• c9966ba fix postgres migration (#1802)
• c29eddd flake.lock: Update (#1833)
• dd693c4 flake.lock: Update (#1848)
• 1704977 improve testing of route failover logic
• 60f0cf9 more log.Error -> fmt.Errorf cleanup
• 7d62e9f move "embedded derp" settings into With options for integration tests (#1872)
• e15a083 simplify integration testing with matrix jobs (#1799)
• 74ff14e update docs workflow (#1832)
• ef26f58 update gh workflow actions (#1809)
• 85cef84 use newer fork of termcolor (#1842)
• d4af0c3 Log available update as warning (#1877)
• 4095372 fix ip migration
• c4c8cfe Fix crash when a prefix family was empty

v0.23.0-alpha7

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6
  • prefixes.allocation can be set to assign IPs at sequential or random. #1869

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702
• Add command to backfill IP addresses for nodes missing IPs from configured prefixes. #1869

Commits

• 2fb7428 Add FAQ question about using the same machine as server and client

• 2858ab4 Add new shasum for flake.nix

• c1d4fef Downgrade update sent to debug (#1843)

• a244eab Ephemeral keys can now be reusable and non-reusable

• 785b150 Fix typo in docs - DB file path (#1546)

• 4d90210 Fix/improve documentation formatting (#1575)

• 2ce23df Migrate IP fields in database to dedicated columns (#1869)

• 0fcfd64 More concise

• 58c94d2 Rework map session

• 84de185 Run prettier

• bdf54e8 Update answer based on comment

• b477e5f Update docker related doc (#1421)

• 6efc507 Update docs/faq.md

• dbe3282 Update docs/faq.md

• 1d3eae8 Update flake.lock (#1657)

• 7bea885 Updated dependencies, fixing segfault for OpenBSD Fixes #1857

• 8a8e25a [docs] Use modern Apt command to install package (#1420)

• bf4fd07 clean up use of log.Error where errors could be wrapped

• 20bf377 docs(README): update contributors (#1834)

• 95004de docs/reverse-proxy: use standard map, correct X-Forwarded-Proto variable for nginx (#1790)

• c9966ba fix postgres migration (#1802)

• c29eddd flake.lock: Update (#1833)

• dd693c4 flake.lock: Update (#1848)

• 1704977 improve testing of route failover logic

• 60f0cf9 more log.Error -> fmt.Errorf cleanup

• 7d62e9f move "embedded derp" settings into With options for integration tests (#1872)

• e15a083 simplify integration testing with matrix jobs (#1799)

• 74ff14e update docs workflow (#1832)

• ef26f58 update gh workflow actions (#1809)

• 85cef84 use newer fork of termcolor (#1842)

• d4af0c3 Log available update as warning (#1877)

• 4095372 fix ip migration

v0.23.0-alpha5

Changelog

This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.

Please remember to always back up your database between versions

Here is a short summary of the broad topics of changes:

Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.

The new policy and mapper package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.

The “poller”, or streaming logic has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new notifier package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.

Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.

While we have a pretty good test harness for validating our changes, we have rewritten over 10000 lines of code and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.

There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
after improving the test harness as part of adopting #1460.

BREAKING

• Code reorganisation, a lot of code has moved, please review the following PRs accordingly #1473
• Change the structure of database configuration, see config-example.yaml for the new structure. #1700
  • Old structure has been remove and the configuration must be converted.
  • Adds additional configuration for PostgreSQL for setting max open, idle conection and idle connection lifetime.
• API: Machine is now Node #1553
• Remove support for older Tailscale clients #1611
  • The latest supported client is 1.38
• Headscale checks that at least one DERP is defined at start #1564
  • If no DERP is configured, the server will fail to start, this can be because it cannot load the DERPMap from file or url.
• Embedded DERP server requires a private key #1611
  • Add a filepath entry to derp.server.private_key_path
• Docker images are now built with goreleaser (ko) #1716 #1763
  • Entrypoint of container image has changed from shell to headscale, require change from headscale serve to serve
  • /var/lib/headscale and /var/run/headscale is no longer created automatically, see container docs
• Prefixes are now defined per v4 and v6 range. #1756
  • ip_prefixes option is now prefixes.v4 and prefixes.v6

Changes

• Use versioned migrations #1644
• Make the OIDC callback page better #1484
• SSH support #1487
• State management has been improved #1492
• Use error group handling to ensure tests actually pass #1535 based on #1460
• Fix hang on SIGTERM #1492 taken from #1480
• Send logs to stderr by default #1524
• Fix TS-2023-006 security UPnP issue #1563
• Turn off gRPC logging #1640 fixes #1259
• Added the possibility to manually create a DERP-map entry which can be customized, instead of automatically creating it. #1565
• Add support for deleting api keys #1702

Commits

• 5dbd59c Get integration test netmap from watch-ipn command (#1729)
• 1b01b9e Reduce poll logging to debug (#1746)
• 5717c82 Use result of fmt.Errorf call (#1668)
• 3f162c2 drop unused last_successful_update field from node table (#1754)
• 8b2c31a fix ifs in goreleaser gotemplate (#1781)
• b60ee9d improve errors for missing directories (#1765)
• c73e847 make database configuration change breaking (#1766)
• 7a920ee move debug inside if in docker goreleaser tag (#1783)
• 384ca03 new IP allocator and add postgres to integration tests. (#1756)
• f581d4d replace linter actions with nix to ensure consistent version (#1773)
• 1904d79 rework docker tags (#1763)
• 6055d0b rollback gorm, broke migration #1755 (#1762)