release: v0.6.1 #256
Merged
release: v0.6.1 #256
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this avoids a race condition that would happen if the goroutine tried to read a file descriptor that wasn't open properly and would lose frame delivery
we also have added the necessary logic to auto prune ephemeral nodes because headscale doesn't seem to automatically remove them. this change made use of a database which is now stored in the persistent headplane directory.
tale
added
help wanted
Owner
Author
|
And in typical fashion the build is broken. Will address this shortly. |
|
Ufff.. Headplane docker is down.. I can't see nothing in log causing this behavior: After a while, I could see following error: I understood that db was created by default if it didn't exist |
Contributor
|
@tecosaur Headplane: headscale:
config_path: /nix/store/fi7mbrb9glgmy20vrzn8h3k3fd53fs7r-headscale.yml
config_strict: true
url: https://headscale.example.org
integration:
agent:
cache_path: /var/lib/headplane/agent_cache.json
cache_ttl: 180000
enabled: true
executable_path: /nix/store/x6sy166dzp971419ghv7882ivq21m57k-hp_agent-0.6.1/bin/hp_agent
host_name: headplane-agent
pre_authkey_path: /run/secrets/tailscale/authKey
work_dir: /var/lib/headplane/agent
proc:
enabled: true
oidc:
client_id: headplane
client_secret_path: /run/secrets/headplane/oidcClientSecret
disable_api_key_login: true
headscale_api_key_path: /run/secrets/headscale/accessToken
issuer: https://login.example.org
redirect_uri: https://headscale.example.org/admin/oidc/callback
token_endpoint_auth_method: client_secret_basic
user_storage_file: /var/lib/headplane/users.json
server:
cookie_secret_path: /run/secrets/headplane/cookieSecret
cookie_secure: true
data_path: /var/lib/headplane
host: 127.0.0.1
port: 3000 |
Contributor
|
@tecosaur Looks like you need to split up the Authelia client into two separate Authelia clients: redirect_uris:
- https://headscale.tecosaur.net/oidc/callback
- https://headscale.tecosaur.net/admin/oidc/callback
|
|
Ah interesting, so you've ended up with different headscale and headplane OIDC auth. Is there a particular reason why you've split them? |
Contributor
|
@tecosaur Not sure if what's the correct way of doing it, but I assumed that's how it should be done in the first place and that it won't work otherwise. I haven't tried reusing the same client for both. |
Contributor
So, the issue was in Nginx, it didn't serve the Added a valid Nginx' Devtools logs from web ssh connection page: |
|
@tale I'm on 0.6.1 and when I removed all the nameservers while override dns servers toggle was still on, headplane stopped responding (probably more than just headplane) until I manually set it to false via file editing. |
Merged
Contributor
|
@igor-ramazanov #319 should fix your issue |
Contributor
|
@StealthBadger747 Tested (had to update a few mismatching hashes) and confirm Web SSH works. |
Contributor
|
@igor-ramazanov Great! Glad the changes worked for SSH. On the nix side would you like to pick that up and make a PR to remove the overlay and update the hashes? |
Contributor
|
@StealthBadger747 Yeah, already did: #325 |
This was
linked to
issues
Oct 12, 2025
Closed
Contributor
|
Nice! |
Contributor
|
I'll try to revive the NixOS/nixpkgs#398667 when I have a chance |
Contributor
|
Awesome! 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the start of the next release cycle (version 0.6.1), which aims to do a few things. These changes are to address lingering issues, implement SSH agent capability through the web browser, and focus on data migration to SQLite.
integration.agentsection to be set up in the config file./var/lib/headplane/hp_persist.db.chown -R 65532:65532 .on the volume mount.ghcr.io/tale/headplane:<version>-shell./procintegration (via Proc mode: try to guess PID based on Parent PID when multiple found #219).server.cookie_secret_pathcan overrideserver.cookie_secretoidc.profile_picture_sourcetogravatar(closes Support gravatar profile #232).oidc.authorization_endpoint,oidc.token_endpoint, andoidc.userinfo_endpointcan be overridden to support non-standard providers or scenarios without discovery (closes Support GitHub OIDC #117).oidc.scopecan be set to specify custom scopes (defaults toopenid email profile).oidc.extra_paramscan be set to pass arbitrary query parameters to the authorization endpoint (closes Support specifying OIDC query parameters via the config #197).This PR is now complete and I will be merging this in very soon. As a final note, it addresses outdated dependency vulnerabilities, tons of robust changes, support for SSH via the web, and a switch to SQLite for the backing datastore that we use.
My last few steps include: