Merge branch 'main' into sanitise-machine-key-url

2025-10-30 23:51:03 +01:00 · 2022-10-04 14:31:28 +02:00 · 2022-10-04 14:31:28 +02:00 · 5333df283a
commit 5333df283a
parent 8be14ef6fe c00e5599b0
11 changed files with 264 additions and 207 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@
 - Sanitise the node key passed to registration url [#823](https://github.com/juanfont/headscale/pull/823)
 - Add support for generating pre-auth keys with tags [#767](https://github.com/juanfont/headscale/pull/767)
 - Add support for evaluating `autoApprovers` ACL entries when a machine is registered [#763](https://github.com/juanfont/headscale/pull/763)
+- Add config flag to allow Headscale to start if OIDC provider is down [#829](https://github.com/juanfont/headscale/pull/829)

 ## 0.16.4 (2022-08-21)

--- a/README.md
+++ b/README.md
@ -195,6 +195,15 @@ make build
            <sub style="font-size:14px"><b>Jiang Zhu</b></sub>
        </a>
    </td>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/tsujamin>
+            <img src=https://avatars.githubusercontent.com/u/2435619?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Benjamin Roberts/>
+            <br />
+            <sub style="font-size:14px"><b>Benjamin Roberts</b></sub>
+        </a>
+    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/reynico>
            <img src=https://avatars.githubusercontent.com/u/715768?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Nico/>
@ -202,8 +211,6 @@ make build
            <sub style="font-size:14px"><b>Nico</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/e-zk>
            <img src=https://avatars.githubusercontent.com/u/58356365?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=e-zk/>
@ -239,6 +246,8 @@ make build
            <sub style="font-size:14px"><b>ohdearaugustin</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/mpldr>
            <img src=https://avatars.githubusercontent.com/u/33086936?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Moritz Poldrack/>
@ -246,8 +255,6 @@ make build
            <sub style="font-size:14px"><b>Moritz Poldrack</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/GrigoriyMikhalkin>
            <img src=https://avatars.githubusercontent.com/u/3637857?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=GrigoriyMikhalkin/>
@ -255,6 +262,13 @@ make build
            <sub style="font-size:14px"><b>GrigoriyMikhalkin</b></sub>
        </a>
    </td>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/mike-lloyd03>
+            <img src=https://avatars.githubusercontent.com/u/49411532?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mike Lloyd/>
+            <br />
+            <sub style="font-size:14px"><b>Mike Lloyd</b></sub>
+        </a>
+    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/Niek>
            <img src=https://avatars.githubusercontent.com/u/213140?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Niek van der Maas/>
@ -276,6 +290,8 @@ make build
            <sub style="font-size:14px"><b>Azz</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/iSchluff>
            <img src=https://avatars.githubusercontent.com/u/1429641?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Anton Schubert/>
@ -290,8 +306,13 @@ make build
            <sub style="font-size:14px"><b>Aaron Bieber</b></sub>
        </a>
    </td>
-</tr>
-<tr>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/kazauwa>
+            <img src=https://avatars.githubusercontent.com/u/12330159?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Igor Perepilitsyn/>
+            <br />
+            <sub style="font-size:14px"><b>Igor Perepilitsyn</b></sub>
+        </a>
+    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/Aluxima>
            <img src=https://avatars.githubusercontent.com/u/16262531?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Laurent Marchaud/>
@ -308,11 +329,13 @@ make build
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/hdhoang>
-            <img src=https://avatars.githubusercontent.com/u/12537?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Hoàng Đức Hiếu/>
+            <img src=https://avatars.githubusercontent.com/u/12537?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=hdhoang/>
            <br />
-            <sub style="font-size:14px"><b>Hoàng Đức Hiếu</b></sub>
+            <sub style="font-size:14px"><b>hdhoang</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/bravechamp>
            <img src=https://avatars.githubusercontent.com/u/48980452?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=bravechamp/>
@ -327,6 +350,13 @@ make build
            <sub style="font-size:14px"><b>Deon Thomas</b></sub>
        </a>
    </td>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/madjam002>
+            <img src=https://avatars.githubusercontent.com/u/679137?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jamie Greeff/>
+            <br />
+            <sub style="font-size:14px"><b>Jamie Greeff</b></sub>
+        </a>
+    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/ChibangLW>
            <img src=https://avatars.githubusercontent.com/u/22293464?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ChibangLW/>
@ -334,8 +364,6 @@ make build
            <sub style="font-size:14px"><b>ChibangLW</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/mevansam>
            <img src=https://avatars.githubusercontent.com/u/403630?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mevan Samaratunga/>
@ -350,6 +378,8 @@ make build
            <sub style="font-size:14px"><b>Michael G.</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/ptman>
            <img src=https://avatars.githubusercontent.com/u/24669?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Paul Tötterman/>
@ -378,8 +408,6 @@ make build
            <sub style="font-size:14px"><b>Artem Klevtsov</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/cmars>
            <img src=https://avatars.githubusercontent.com/u/23741?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Casey Marshall/>
@ -394,6 +422,8 @@ make build
            <sub style="font-size:14px"><b>Pavlos Vinieratos</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/SilverBut>
            <img src=https://avatars.githubusercontent.com/u/6560655?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Silver Bullet/>
@ -422,8 +452,6 @@ make build
            <sub style="font-size:14px"><b>thomas</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/aberoham>
            <img src=https://avatars.githubusercontent.com/u/586805?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Abraham Ingersoll/>
@ -438,6 +466,8 @@ make build
            <sub style="font-size:14px"><b>Antoine POPINEAU</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/aofei>
            <img src=https://avatars.githubusercontent.com/u/5037285?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Aofei Sheng/>
@ -466,8 +496,6 @@ make build
            <sub style="font-size:14px"><b> Carson Yang</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/kundel>
            <img src=https://avatars.githubusercontent.com/u/10158899?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=kundel/>
@ -482,6 +510,8 @@ make build
            <sub style="font-size:14px"><b>Felix Kronlage-Dammers</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/felixonmars>
            <img src=https://avatars.githubusercontent.com/u/1006477?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Felix Yan/>
@ -496,13 +526,6 @@ make build
            <sub style="font-size:14px"><b>JJGadgets</b></sub>
        </a>
    </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/madjam002>
-            <img src=https://avatars.githubusercontent.com/u/679137?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jamie Greeff/>
-            <br />
-            <sub style="font-size:14px"><b>Jamie Greeff</b></sub>
-        </a>
-    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/jimt>
            <img src=https://avatars.githubusercontent.com/u/180326?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jim Tittsler/>
@ -510,8 +533,13 @@ make build
            <sub style="font-size:14px"><b>Jim Tittsler</b></sub>
        </a>
    </td>
-</tr>
-<tr>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/ShadowJonathan>
+            <img src=https://avatars.githubusercontent.com/u/22740616?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jonathan de Jong/>
+            <br />
+            <sub style="font-size:14px"><b>Jonathan de Jong</b></sub>
+        </a>
+    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/piec>
            <img src=https://avatars.githubusercontent.com/u/781471?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pierre Carru/>
@ -526,6 +554,8 @@ make build
            <sub style="font-size:14px"><b>Rasmus Moorats</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/rcursaru>
            <img src=https://avatars.githubusercontent.com/u/16259641?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=rcursaru/>
@ -554,8 +584,13 @@ make build
            <sub style="font-size:14px"><b>Shaanan Cohney</b></sub>
        </a>
    </td>
-</tr>
-<tr>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/stefanvanburen>
+            <img src=https://avatars.githubusercontent.com/u/622527?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Stefan VanBuren/>
+            <br />
+            <sub style="font-size:14px"><b>Stefan VanBuren</b></sub>
+        </a>
+    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/sophware>
            <img src=https://avatars.githubusercontent.com/u/41669?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=sophware/>
@ -563,6 +598,8 @@ make build
            <sub style="font-size:14px"><b>sophware</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/m-tanner-dev0>
            <img src=https://avatars.githubusercontent.com/u/97977342?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tanner/>
@ -598,8 +635,6 @@ make build
            <sub style="font-size:14px"><b>Tjerk Woudsma</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/y0ngb1n>
            <img src=https://avatars.githubusercontent.com/u/25719408?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Yang Bin/>
@ -607,6 +642,8 @@ make build
            <sub style="font-size:14px"><b>Yang Bin</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/gozssky>
            <img src=https://avatars.githubusercontent.com/u/17199941?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Yujie Xia/>
@ -642,8 +679,6 @@ make build
            <sub style="font-size:14px"><b>henning mueller</b></sub>
        </a>
    </td>
-</tr>
-<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/ignoramous>
            <img src=https://avatars.githubusercontent.com/u/852289?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=ignoramous/>
@ -651,11 +686,13 @@ make build
            <sub style="font-size:14px"><b>ignoramous</b></sub>
        </a>
    </td>
+</tr>
+<tr>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
        <a href=https://github.com/lion24>
-            <img src=https://avatars.githubusercontent.com/u/1382102?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=lion24/>
+            <img src=https://avatars.githubusercontent.com/u/1382102?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=sharkonet/>
            <br />
-            <sub style="font-size:14px"><b>lion24</b></sub>
+            <sub style="font-size:14px"><b>sharkonet</b></sub>
        </a>
    </td>
    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
--- a/app.go
+++ b/app.go
@ -53,8 +53,10 @@ const (
 	)

 	ErrFailedPrivateKey      = Error("failed to read or create private key")
-	ErrFailedNoisePrivateKey = Error("failed to read or create Noise protocol private key")
-	ErrSamePrivateKeys       = Error("private key and noise private key are the same")
+	ErrFailedNoisePrivateKey = Error(
+		"failed to read or create Noise protocol private key",
+	)
+	ErrSamePrivateKeys = Error("private key and noise private key are the same")
 )

 const (
@ -193,7 +195,11 @@ func NewHeadscale(cfg *Config) (*Headscale, error) {
 	if cfg.OIDC.Issuer != "" {
 		err = app.initOIDC()
 		if err != nil {
-			return nil, err
+			if cfg.OIDC.OnlyStartIfOIDCIsAvailable {
+				return nil, err
+			} else {
+				log.Warn().Err(err).Msg("failed to set up OIDC provider, falling back to CLI based authentication")
+			}
 		}
 	}

@ -448,16 +454,20 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *mux.Router {
 	router.HandleFunc("/health", h.HealthHandler).Methods(http.MethodGet)
 	router.HandleFunc("/key", h.KeyHandler).Methods(http.MethodGet)
 	router.HandleFunc("/register/{nkey}", h.RegisterWebAPI).Methods(http.MethodGet)
-	router.HandleFunc("/machine/{mkey}/map", h.PollNetMapHandler).Methods(http.MethodPost)
+	router.HandleFunc("/machine/{mkey}/map", h.PollNetMapHandler).
+		Methods(http.MethodPost)
 	router.HandleFunc("/machine/{mkey}", h.RegistrationHandler).Methods(http.MethodPost)
 	router.HandleFunc("/oidc/register/{nkey}", h.RegisterOIDC).Methods(http.MethodGet)
 	router.HandleFunc("/oidc/callback", h.OIDCCallback).Methods(http.MethodGet)
 	router.HandleFunc("/apple", h.AppleConfigMessage).Methods(http.MethodGet)
-	router.HandleFunc("/apple/{platform}", h.ApplePlatformConfig).Methods(http.MethodGet)
+	router.HandleFunc("/apple/{platform}", h.ApplePlatformConfig).
+		Methods(http.MethodGet)
 	router.HandleFunc("/windows", h.WindowsConfigMessage).Methods(http.MethodGet)
-	router.HandleFunc("/windows/tailscale.reg", h.WindowsRegConfig).Methods(http.MethodGet)
+	router.HandleFunc("/windows/tailscale.reg", h.WindowsRegConfig).
+		Methods(http.MethodGet)
 	router.HandleFunc("/swagger", SwaggerUI).Methods(http.MethodGet)
-	router.HandleFunc("/swagger/v1/openapiv2.json", SwaggerAPIv1).Methods(http.MethodGet)
+	router.HandleFunc("/swagger/v1/openapiv2.json", SwaggerAPIv1).
+		Methods(http.MethodGet)

 	if h.cfg.DERP.ServerEnabled {
 		router.HandleFunc("/derp", h.DERPHandler)
@ -477,7 +487,8 @@ func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *mux.Router {
 func (h *Headscale) createNoiseMux() *mux.Router {
 	router := mux.NewRouter()

-	router.HandleFunc("/machine/register", h.NoiseRegistrationHandler).Methods(http.MethodPost)
+	router.HandleFunc("/machine/register", h.NoiseRegistrationHandler).
+		Methods(http.MethodPost)
 	router.HandleFunc("/machine/map", h.NoisePollNetMapHandler)

 	return router
@ -827,9 +838,8 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
 				ReadTimeout: HTTPReadTimeout,
 			}

-			err := server.ListenAndServe()
-
 			go func() {
+				err := server.ListenAndServe()
 				log.Fatal().
 					Caller().
 					Err(err).
--- a/config-example.yaml
+++ b/config-example.yaml
@ -230,6 +230,7 @@ unix_socket_permission: "0770"
 # help us test it.
 # OpenID Connect
 # oidc:
+#   only_start_if_oidc_is_available: true
 #   issuer: "https://your-oidc.issuer.com/path"
 #   client_id: "your-oidc-client-id"
 #   client_secret: "your-oidc-client-secret"
--- a/config.go
+++ b/config.go
@ -90,14 +90,15 @@ type LetsEncryptConfig struct {
 }

 type OIDCConfig struct {
-	Issuer           string
-	ClientID         string
-	ClientSecret     string
-	Scope            []string
-	ExtraParams      map[string]string
-	AllowedDomains   []string
-	AllowedUsers     []string
-	StripEmaildomain bool
+	OnlyStartIfOIDCIsAvailable bool
+	Issuer                     string
+	ClientID                   string
+	ClientSecret               string
+	Scope                      []string
+	ExtraParams                map[string]string
+	AllowedDomains             []string
+	AllowedUsers               []string
+	StripEmaildomain           bool
 }

 type DERPConfig struct {
@ -174,6 +175,7 @@ func LoadConfig(path string, isFile bool) error {

 	viper.SetDefault("oidc.scope", []string{oidc.ScopeOpenID, "profile", "email"})
 	viper.SetDefault("oidc.strip_email_domain", true)
+	viper.SetDefault("oidc.only_start_if_oidc_is_available", true)

 	viper.SetDefault("logtail.enabled", false)
 	viper.SetDefault("randomize_client_port", false)
@ -559,6 +561,9 @@ func GetHeadscaleConfig() (*Config, error) {
 		UnixSocketPermission: GetFileMode("unix_socket_permission"),

 		OIDC: OIDCConfig{
+			OnlyStartIfOIDCIsAvailable: viper.GetBool(
+				"oidc.only_start_if_oidc_is_available",
+			),
 			Issuer:           viper.GetString("oidc.issuer"),
 			ClientID:         viper.GetString("oidc.client_id"),
 			ClientSecret:     viper.GetString("oidc.client_secret"),
--- a/flake.lock
+++ b/flake.lock
@ -17,11 +17,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1662019588,
-        "narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=",
+        "lastModified": 1664106353,
+        "narHash": "sha256-HMJP80+DSxFySpWyuxz5+iNozS3+dVt0b4n6YMIU5/8=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2da64a81275b68fdad38af669afeda43d401e94b",
+        "rev": "79d3ca08920364759c63fd3eb562e99c0c17044a",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -6,163 +6,163 @@
    flake-utils.url = "github:numtide/flake-utils";
  };

-  outputs = { self, nixpkgs, flake-utils, ... }:
-    let
-      headscaleVersion = if (self ? shortRev) then self.shortRev else "dev";
-    in
+  outputs = {
+    self,
+    nixpkgs,
+    flake-utils,
+    ...
+  }: let
+    headscaleVersion =
+      if (self ? shortRev)
+      then self.shortRev
+      else "dev";
+  in
    {
-      overlay = final: prev:
-        let
-          pkgs = nixpkgs.legacyPackages.${prev.system};
-        in
-        rec {
-          headscale =
-            pkgs.buildGo119Module rec {
-              pname = "headscale";
-              version = headscaleVersion;
-              src = pkgs.lib.cleanSource self;
+      overlay = _: prev: let
+        pkgs = nixpkgs.legacyPackages.${prev.system};
+      in rec {
+        headscale = pkgs.buildGo119Module rec {
+          pname = "headscale";
+          version = headscaleVersion;
+          src = pkgs.lib.cleanSource self;

-              # When updating go.mod or go.sum, a new sha will need to be calculated,
-              # update this if you have a mismatch after doing a change to thos files.
-              vendorSha256 = "sha256-DosFCSiQ5FURbIrt4NcPGkExc84t2MGMqe9XLxNHdIM=";
+          # When updating go.mod or go.sum, a new sha will need to be calculated,
+          # update this if you have a mismatch after doing a change to thos files.
+          vendorSha256 = "sha256-DosFCSiQ5FURbIrt4NcPGkExc84t2MGMqe9XLxNHdIM=";

-              ldflags = [ "-s" "-w" "-X github.com/juanfont/headscale/cmd/headscale/cli.Version=v${version}" ];
-            };
-
-          golines =
-            pkgs.buildGoModule rec {
-              pname = "golines";
-              version = "0.9.0";
-
-              src = pkgs.fetchFromGitHub {
-                owner = "segmentio";
-                repo = "golines";
-                rev = "v${version}";
-                sha256 = "sha256-BUXEg+4r9L/gqe4DhTlhN55P3jWt7ZyWFQycO6QePrw=";
-              };
-
-              vendorSha256 = "sha256-sEzWUeVk5GB0H41wrp12P8sBWRjg0FHUX6ABDEEBqK8=";
-
-              nativeBuildInputs = [ pkgs.installShellFiles ];
-            };
-
-          golangci-lint = prev.golangci-lint.override {
-            # Override https://github.com/NixOS/nixpkgs/pull/166801 which changed this
-            # to buildGo118Module because it does not build on Darwin.
-            inherit (prev) buildGoModule;
-          };
-
-          # golangci-lint =
-          #   pkgs.buildGo117Module rec {
-          #     pname = "golangci-lint";
-          #     version = "1.46.2";
-          #
-          #     src = pkgs.fetchFromGitHub {
-          #       owner = "golangci";
-          #       repo = "golangci-lint";
-          #       rev = "v${version}";
-          #       sha256 = "sha256-7sDAwWz+qoB/ngeH35tsJ5FZUfAQvQsU6kU9rUHIHMk=";
-          #     };
-          #
-          #     vendorSha256 = "sha256-w38OKN6HPoz37utG/2QSPMai55IRDXCIIymeMe6ogIU=";
-          #
-          #     nativeBuildInputs = [ pkgs.installShellFiles ];
-          #   };
-
-          protoc-gen-grpc-gateway =
-            pkgs.buildGoModule rec {
-              pname = "grpc-gateway";
-              version = "2.8.0";
-
-              src = pkgs.fetchFromGitHub {
-                owner = "grpc-ecosystem";
-                repo = "grpc-gateway";
-                rev = "v${version}";
-                sha256 = "sha256-8eBBBYJ+tBjB2fgPMX/ZlbN3eeS75e8TAZYOKXs6hcg=";
-              };
-
-              vendorSha256 = "sha256-AW2Gn/mlZyLMwF+NpK59eiOmQrYWW/9HPjbunYc9Ij4=";
-
-              nativeBuildInputs = [ pkgs.installShellFiles ];
-
-              subPackages = [ "protoc-gen-grpc-gateway" "protoc-gen-openapiv2" ];
-            };
+          ldflags = ["-s" "-w" "-X github.com/juanfont/headscale/cmd/headscale/cli.Version=v${version}"];
        };
-    } // flake-utils.lib.eachDefaultSystem
-      (system:
-        let
-          pkgs = import nixpkgs {
-            overlays = [ self.overlay ];
-            inherit system;
+
+        golines = pkgs.buildGoModule rec {
+          pname = "golines";
+          version = "0.9.0";
+
+          src = pkgs.fetchFromGitHub {
+            owner = "segmentio";
+            repo = "golines";
+            rev = "v${version}";
+            sha256 = "sha256-BUXEg+4r9L/gqe4DhTlhN55P3jWt7ZyWFQycO6QePrw=";
          };
-          buildDeps = with pkgs; [ git go_1_19 gnumake ];
-          devDeps = with pkgs;
-            buildDeps ++ [
+
+          vendorSha256 = "sha256-sEzWUeVk5GB0H41wrp12P8sBWRjg0FHUX6ABDEEBqK8=";
+
+          nativeBuildInputs = [pkgs.installShellFiles];
+        };
+
+        golangci-lint = prev.golangci-lint.override {
+          # Override https://github.com/NixOS/nixpkgs/pull/166801 which changed this
+          # to buildGo118Module because it does not build on Darwin.
+          inherit (prev) buildGoModule;
+        };
+
+        # golangci-lint =
+        #   pkgs.buildGo117Module rec {
+        #     pname = "golangci-lint";
+        #     version = "1.46.2";
+        #
+        #     src = pkgs.fetchFromGitHub {
+        #       owner = "golangci";
+        #       repo = "golangci-lint";
+        #       rev = "v${version}";
+        #       sha256 = "sha256-7sDAwWz+qoB/ngeH35tsJ5FZUfAQvQsU6kU9rUHIHMk=";
+        #     };
+        #
+        #     vendorSha256 = "sha256-w38OKN6HPoz37utG/2QSPMai55IRDXCIIymeMe6ogIU=";
+        #
+        #     nativeBuildInputs = [ pkgs.installShellFiles ];
+        #   };
+
+        protoc-gen-grpc-gateway = pkgs.buildGoModule rec {
+          pname = "grpc-gateway";
+          version = "2.8.0";
+
+          src = pkgs.fetchFromGitHub {
+            owner = "grpc-ecosystem";
+            repo = "grpc-gateway";
+            rev = "v${version}";
+            sha256 = "sha256-8eBBBYJ+tBjB2fgPMX/ZlbN3eeS75e8TAZYOKXs6hcg=";
+          };
+
+          vendorSha256 = "sha256-AW2Gn/mlZyLMwF+NpK59eiOmQrYWW/9HPjbunYc9Ij4=";
+
+          nativeBuildInputs = [pkgs.installShellFiles];
+
+          subPackages = ["protoc-gen-grpc-gateway" "protoc-gen-openapiv2"];
+        };
+      };
+    }
+    // flake-utils.lib.eachDefaultSystem
+    (system: let
+      pkgs = import nixpkgs {
+        overlays = [self.overlay];
+        inherit system;
+      };
+      buildDeps = with pkgs; [git go_1_19 gnumake];
+      devDeps = with pkgs;
+        buildDeps
+        ++ [
+          golangci-lint
+          golines
+          nodePackages.prettier
+
+          # Protobuf dependencies
+          protobuf
+          protoc-gen-go
+          protoc-gen-go-grpc
+          protoc-gen-grpc-gateway
+          buf
+          clang-tools # clang-format
+        ];
+
+      # Add entry to build a docker image with headscale
+      # caveat: only works on Linux
+      #
+      # Usage:
+      # nix build .#headscale-docker
+      # docker load < result
+      headscale-docker = pkgs.dockerTools.buildLayeredImage {
+        name = "headscale";
+        tag = headscaleVersion;
+        contents = [pkgs.headscale];
+        config.Entrypoint = [(pkgs.headscale + "/bin/headscale")];
+      };
+    in rec {
+      # `nix develop`
+      devShell = pkgs.mkShell {buildInputs = devDeps;};
+
+      # `nix build`
+      packages = with pkgs; {
+        inherit headscale;
+        inherit headscale-docker;
+      };
+
+      defaultPackage = pkgs.headscale;
+
+      # `nix run`
+      apps.headscale = flake-utils.lib.mkApp {
+        drv = packages.headscale;
+      };
+      defaultApp = apps.headscale;
+
+      checks = {
+        format =
+          pkgs.runCommand "check-format"
+          {
+            buildInputs = with pkgs; [
+              gnumake
+              nixpkgs-fmt
              golangci-lint
-              golines
              nodePackages.prettier
-
-              # Protobuf dependencies
-              protobuf
-              protoc-gen-go
-              protoc-gen-go-grpc
-              protoc-gen-grpc-gateway
-              buf
-              clang-tools # clang-format
+              golines
+              clang-tools
            ];
-
-
-          # Add entry to build a docker image with headscale
-          # caveat: only works on Linux
-          #
-          # Usage:
-          # nix build .#headscale-docker
-          # docker load < result
-          headscale-docker = pkgs.dockerTools.buildLayeredImage {
-            name = "headscale";
-            tag = headscaleVersion;
-            contents = [ pkgs.headscale ];
-            config.Entrypoint = [ (pkgs.headscale + "/bin/headscale") ];
-          };
-        in
-        rec {
-          # `nix develop`
-          devShell = pkgs.mkShell { buildInputs = devDeps; };
-
-          # `nix build`
-          packages = with pkgs; {
-            inherit headscale;
-            inherit headscale-docker;
-          };
-
-          defaultPackage = pkgs.headscale;
-
-          # `nix run`
-          apps.headscale = flake-utils.lib.mkApp {
-            drv = packages.headscale;
-          };
-          defaultApp = apps.headscale;
-
-          checks = {
-            format = pkgs.runCommand "check-format"
-              {
-                buildInputs = with pkgs; [
-                  gnumake
-                  nixpkgs-fmt
-                  golangci-lint
-                  nodePackages.prettier
-                  golines
-                  clang-tools
-                ];
-              } ''
-              ${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt ${./.}
-              ${pkgs.golangci-lint}/bin/golangci-lint run --fix --timeout 10m
-              ${pkgs.nodePackages.prettier}/bin/prettier --write '**/**.{ts,js,md,yaml,yml,sass,css,scss,html}'
-              ${pkgs.golines}/bin/golines --max-len=88 --base-formatter=gofumpt -w ${./.}
-              ${pkgs.clang-tools}/bin/clang-format -style="{BasedOnStyle: Google, IndentWidth: 4, AlignConsecutiveDeclarations: true, AlignConsecutiveAssignments: true, ColumnLimit: 0}" -i ${./.}
-            '';
-          };
-
-
-        });
+          } ''
+            ${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt ${./.}
+            ${pkgs.golangci-lint}/bin/golangci-lint run --fix --timeout 10m
+            ${pkgs.nodePackages.prettier}/bin/prettier --write '**/**.{ts,js,md,yaml,yml,sass,css,scss,html}'
+            ${pkgs.golines}/bin/golines --max-len=88 --base-formatter=gofumpt -w ${./.}
+            ${pkgs.clang-tools}/bin/clang-format -style="{BasedOnStyle: Google, IndentWidth: 4, AlignConsecutiveDeclarations: true, AlignConsecutiveAssignments: true, ColumnLimit: 0}" -i ${./.}
+          '';
+      };
+    });
 }
--- a/integration_test/etc/alt-config.dump.gold.yaml
+++ b/integration_test/etc/alt-config.dump.gold.yaml
@ -35,6 +35,7 @@ logtail:
  enabled: false
 metrics_listen_addr: 127.0.0.1:19090
 oidc:
+  only_start_if_oidc_is_available: true
  scope:
    - openid
    - profile
--- a/integration_test/etc/alt-env-config.dump.gold.yaml
+++ b/integration_test/etc/alt-env-config.dump.gold.yaml
@ -34,6 +34,7 @@ logtail:
  enabled: false
 metrics_listen_addr: 127.0.0.1:19090
 oidc:
+  only_start_if_oidc_is_available: true
  scope:
    - openid
    - profile
--- a/integration_test/etc/config.dump.gold.yaml
+++ b/integration_test/etc/config.dump.gold.yaml
@ -35,6 +35,7 @@ logtail:
  enabled: false
 metrics_listen_addr: 127.0.0.1:9090
 oidc:
+  only_start_if_oidc_is_available: true
  scope:
    - openid
    - profile
--- a/protocol_common.go
+++ b/protocol_common.go
@ -483,7 +483,7 @@ func (h *Headscale) handleNewMachineCommon(
 		Bool("noise", machineKey.IsZero()).
 		Str("machine", registerRequest.Hostinfo.Hostname).
 		Msg("The node seems to be new, sending auth url")
-	if h.cfg.OIDC.Issuer != "" {
+	if h.oauth2Config != nil {
 		resp.AuthURL = fmt.Sprintf(
 			"%s/oidc/register/%s",
 			strings.TrimSuffix(h.cfg.ServerURL, "/"),
@ -716,7 +716,7 @@ func (h *Headscale) handleMachineExpiredCommon(
 		return
 	}

-	if h.cfg.OIDC.Issuer != "" {
+	if h.oauth2Config != nil {
 		resp.AuthURL = fmt.Sprintf("%s/oidc/register/%s",
 			strings.TrimSuffix(h.cfg.ServerURL, "/"),
 			NodePublicKeyStripPrefix(registerRequest.NodeKey))