Mirrors/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-22 18:18:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

state: disable key expiry for nodes with approved advertise-tags
Some checks are pending
Build / build-nix (push) Waiting to run
Details
Build / build-cross (GOARCH=amd64 GOOS=darwin) (push) Waiting to run
Details
Build / build-cross (GOARCH=amd64 GOOS=linux) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm64 GOOS=darwin) (push) Waiting to run
Details
Build / build-cross (GOARCH=arm64 GOOS=linux) (push) Waiting to run
Details
Check Generated Files / check-generated (push) Waiting to run
Details
NixOS Module Tests / nix-module-check (push) Waiting to run
Details
Tests / test (push) Waiting to run
Details

Browse source 
Extends #2971 fix to also cover nodes that authenticate as users but
become tagged immediately via --advertise-tags. When RequestTags are
approved by policy, the node's expiry is now disabled, consistent with
nodes registered via tagged PreAuthKeys.
This commit is contained in:
Kristoffer Dalby 2026-01-09 10:41:06 +00:00
parent 1d9900273e
commit 00f22a8443
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hscontrol/state/state.go
View file

@ -1188,6 +1188,10 @@ func (s *State) createAndSaveNewNode(params newNodeParams) (types.NodeView, erro
nodeToRegister.Tags = approvedTags
slices.Sort(nodeToRegister.Tags)
nodeToRegister.Tags = slices.Compact(nodeToRegister.Tags)
// Tagged nodes have key expiry disabled.
nodeToRegister.Expiry = nil
log.Info().
Str("node.name", nodeToRegister.Hostname).
Strs("tags", nodeToRegister.Tags).