Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package headscale for openSUSE:Factory
checked in at 2025-06-02 22:00:16
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/headscale (Old)
and /work/SRC/openSUSE:Factory/.headscale.new.16005 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "headscale"
Mon Jun 2 22:00:16 2025 rev:12 rq:1281788 version:0.26.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/headscale/headscale.changes 2025-05-30
17:21:33.577857649 +0200
+++ /work/SRC/openSUSE:Factory/.headscale.new.16005/headscale.changes
2025-06-02 22:00:38.049404269 +0200
@@ -1,0 +2,10 @@
+Sun Jun 1 01:27:08 UTC 2025 - Marcus Rueckert <mrueck...@suse.de>
+
+- Sync default configurations
+
+-------------------------------------------------------------------
+Sun Jun 1 01:25:22 UTC 2025 - Marcus Rueckert <mrueck...@suse.de>
+
+- Fix the ldflags to set version and commit hash again
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ headscale.spec ++++++
--- /var/tmp/diff_new_pack.8lZN0l/_old 2025-06-02 22:00:38.653429320 +0200
+++ /var/tmp/diff_new_pack.8lZN0l/_new 2025-06-02 22:00:38.657429486 +0200
@@ -50,10 +50,13 @@
%autosetup -a1 -p1
%build
-go build -v -buildmode=pie -mod=vendor -tags "ts2019" -ldflags "-X
github.com/juanfont/headscale/cmd/headscale/cli.Version=%{version}"
./cmd/headscale
+go build -v -buildmode=pie -mod=vendor -tags "ts2019" -ldflags "-X
github.com/juanfont/headscale/hscontrol/types.Version=%{version} -X
github.com/juanfont/headscale/hscontrol/types.GitCommitHash=v%{version}"
./cmd/headscale
%sysusers_generate_pre %{SOURCE2} %{name} %{name}.conf
+%check
+./headscale version
+
%install
mkdir -p %{buildroot}%{_sysconfdir}/%{name}
mkdir -p %{buildroot}%{_sharedstatedir}/%{name}
++++++ config-example.yaml ++++++
--- /var/tmp/diff_new_pack.8lZN0l/_old 2025-06-02 22:00:38.709431642 +0200
+++ /var/tmp/diff_new_pack.8lZN0l/_new 2025-06-02 22:00:38.713431808 +0200
@@ -18,10 +18,8 @@
# listen_addr: 0.0.0.0:8080
listen_addr: 127.0.0.1:8080
-# Address to listen to /metrics, you may want
-# to keep this endpoint private to your internal
-# network
-#
+# Address to listen to /metrics and /debug, you may want
+# to keep this endpoint private to your internal network
metrics_listen_addr: 127.0.0.1:9090
# Address to listen for gRPC.
@@ -43,9 +41,9 @@
# The Noise section includes specific configuration for the
# TS2021 Noise protocol
noise:
- # The Noise private key is used to encrypt the
- # traffic between headscale and Tailscale clients when
- # using the new Noise-based protocol.
+ # The Noise private key is used to encrypt the traffic between headscale and
+ # Tailscale clients when using the new Noise-based protocol. A missing key
+ # will be automatically generated.
private_key_path: /var/lib/headscale/noise_private.key
# List of IP prefixes to allocate tailaddresses from.
@@ -58,8 +56,8 @@
# IPv4:
https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
# Any other range is NOT supported, and it will cause unexpected issues.
prefixes:
- v6: fd7a:115c:a1e0::/48
v4: 100.64.0.0/10
+ v6: fd7a:115c:a1e0::/48
# Strategy used for allocation of IPs to nodes, available options:
# - sequential (default): assigns the next free IP from the previous given
IP.
@@ -93,10 +91,8 @@
# For more details on how this works, check this great article:
https://tailscale.com/blog/how-tailscale-works/
stun_listen_addr: "0.0.0.0:3478"
- # Private key used to encrypt the traffic between headscale DERP
- # and Tailscale clients.
- # The private key file will be autogenerated if it's missing.
- #
+ # Private key used to encrypt the traffic between headscale DERP and
+ # Tailscale clients. A missing key will be automatically generated.
private_key_path: /var/lib/headscale/derp_server_private.key
# This flag can be used, so the DERP map entry for the embedded DERP
server is not written automatically,
@@ -168,6 +164,11 @@
# https://www.sqlite.org/wal.html
write_ahead_log: true
+ # Maximum number of WAL file frames before the WAL file is automatically
checkpointed.
+ # https://www.sqlite.org/c3ref/wal_autocheckpoint.html
+ # Set to 0 to disable automatic checkpointing.
+ wal_autocheckpoint: 1000
+
# # Postgres config
# Please note that using Postgres is highly discouraged as it is only
supported for legacy reasons.
# See database.type for more information.
@@ -209,7 +210,7 @@
# Type of ACME challenge to use, currently supported types:
# HTTP-01 or TLS-ALPN-01
-# See [docs/tls.md](docs/tls.md) for more information
+# See: docs/ref/tls.md for more information
tls_letsencrypt_challenge_type: HTTP-01
# When HTTP-01 challenge is chosen, letsencrypt must set up a
# verification endpoint, and it will be listening on:
@@ -260,7 +261,6 @@
# all the fields under `dns` should be set to empty values.
dns:
# Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
- # Only works if there is at least a nameserver defined.
magic_dns: true
# Defines the base domain to create the hostnames for MagicDNS.
@@ -270,6 +270,10 @@
# `hostname.base_domain` (e.g., _myhost.example.com_).
base_domain: example.com
+ # Whether to use the local DNS settings of a node (default) or override the
+ # local DNS settings and force the use of Headscale's DNS configuration.
+ override_local_dns: false
+
# List of DNS servers to expose to clients.
nameservers:
global:
@@ -297,8 +301,8 @@
search_domains: []
# Extra DNS records
- # so far only A-records are supported (on the tailscale side)
- # See
https://github.com/juanfont/headscale/blob/main/docs/dns-records.md#Limitations
+ # so far only A and AAAA records are supported (on the tailscale side)
+ # See: docs/ref/dns.md
extra_records: []
# - name: "grafana.myvpn.example.com"
# type: "A"
@@ -306,15 +310,10 @@
#
# # you can also put it in one line
# - { name: "prometheus.myvpn.example.com", type: "A", value: "100.64.0.3"
}
-
- # DEPRECATED
- # Use the username as part of the DNS name for nodes, with this option
enabled:
- # node1.username.example.com
- # while when this is disabled:
- # node1.example.com
- # This is a legacy option as Headscale has have this wrongly implemented
- # while in upstream Tailscale, the username is not included.
- use_username_in_magic_dns: false
+ #
+ # Alternatively, extra DNS records can be loaded from a JSON file.
+ # Headscale processes this file on each change.
+ # extra_records_path: /var/lib/headscale/extra-records.json
# Unix socket used for the CLI to connect without authentication
# Note: for production you will want to set this to something like:
@@ -365,12 +364,17 @@
# allowed_users:
# - al...@example.com
#
-# # If `strip_email_domain` is set to `true`, the domain part of the
username email address will be removed.
-# # This will transform `first-name.last-n...@example.com` to the user
`first-name.last-name`
-# # If `strip_email_domain` is set to `false` the domain part will NOT be
removed resulting to the following
-# user: `first-name.last-name.example.com`
-#
-# strip_email_domain: true
+# # Optional: PKCE (Proof Key for Code Exchange) configuration
+# # PKCE adds an additional layer of security to the OAuth 2.0 authorization
code flow
+# # by preventing authorization code interception attacks
+# # See https://datatracker.ietf.org/doc/html/rfc7636
+# pkce:
+# # Enable or disable PKCE support (default: false)
+# enabled: false
+# # PKCE method to use:
+# # - plain: Use plain code verifier
+# # - S256: Use SHA256 hashed code verifier (default, recommended)
+# method: S256
# Logtail configuration
# Logtail is Tailscales logging and auditing infrastructure, it allows the
control panel
