all: apply golangci-lint 2.9.0 fixes

Fix issues found by the upgraded golangci-lint:
- wsl_v5: add required whitespace in CLI files
- staticcheck SA4006: replace new(var.Field) with &localVar
  pattern since staticcheck does not recognize Go 1.26
  new(value) as a use of the variable
- staticcheck SA5011: use t.Fatal instead of t.Error for
  nil guard checks so execution stops
- unused: remove dead ptrTo helper function

hscontrol/db/node.go

@@ -682,6 +682,7 @@ func (hsdb *HSDatabase) CreateNodeForTest(user *types.User, hostname ...string)
 		panic(fmt.Sprintf("failed to create preauth key for test node: %v", err))
 	}
 
+	pakID := pak.ID
 	nodeKey := key.NewNode()
 	machineKey := key.NewMachine()
 	discoKey := key.NewDisco()
@@ -693,7 +694,7 @@ func (hsdb *HSDatabase) CreateNodeForTest(user *types.User, hostname ...string)
 		Hostname:       nodeName,
 		UserID:         &user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
-		AuthKeyID:      new(pak.ID),
+		AuthKeyID:      &pakID,
 	}
 
 	err = hsdb.DB.Save(node).Error

hscontrol/db/node_test.go

@@ -101,6 +101,8 @@ func TestExpireNode(t *testing.T) {
 	pak, err := db.CreatePreAuthKey(user.TypedID(), false, false, nil, nil)
 	require.NoError(t, err)
 
+	pakID := pak.ID
+
 	_, err = db.getNode(types.UserID(user.ID), "testnode")
 	require.Error(t, err)
 
@@ -114,7 +116,7 @@ func TestExpireNode(t *testing.T) {
 		Hostname:       "testnode",
 		UserID:         &user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
-		AuthKeyID:      new(pak.ID),
+		AuthKeyID:      &pakID,
 		Expiry:         &time.Time{},
 	}
 	db.DB.Save(node)
@@ -145,6 +147,8 @@ func TestSetTags(t *testing.T) {
 	pak, err := db.CreatePreAuthKey(user.TypedID(), false, false, nil, nil)
 	require.NoError(t, err)
 
+	pakID := pak.ID
+
 	_, err = db.getNode(types.UserID(user.ID), "testnode")
 	require.Error(t, err)
 
@@ -158,7 +162,7 @@ func TestSetTags(t *testing.T) {
 		Hostname:       "testnode",
 		UserID:         &user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
-		AuthKeyID:      new(pak.ID),
+		AuthKeyID:      &pakID,
 	}
 
 	trx := db.DB.Save(node)
@@ -652,6 +656,9 @@ func TestListEphemeralNodes(t *testing.T) {
 	pakEph, err := db.CreatePreAuthKey(user.TypedID(), false, true, nil, nil)
 	require.NoError(t, err)
 
+	pakID := pak.ID
+	pakEphID := pakEph.ID
+
 	node := types.Node{
 		ID:             0,
 		MachineKey:     key.NewMachine().Public(),
@@ -659,7 +666,7 @@ func TestListEphemeralNodes(t *testing.T) {
 		Hostname:       "test",
 		UserID:         &user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
-		AuthKeyID:      new(pak.ID),
+		AuthKeyID:      &pakID,
 	}
 
 	nodeEph := types.Node{
@@ -669,7 +676,7 @@ func TestListEphemeralNodes(t *testing.T) {
 		Hostname:       "ephemeral",
 		UserID:         &user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
-		AuthKeyID:      new(pakEph.ID),
+		AuthKeyID:      &pakEphID,
 	}
 
 	err = db.DB.Save(&node).Error

hscontrol/db/users_test.go

@@ -73,12 +73,14 @@ func TestDestroyUserErrors(t *testing.T) {
 				pak, err := db.CreatePreAuthKey(user.TypedID(), false, false, nil, nil)
 				require.NoError(t, err)
 
+				pakID := pak.ID
+
 				node := types.Node{
 					ID:             0,
 					Hostname:       "testnode",
 					UserID:         &user.ID,
 					RegisterMethod: util.RegisterMethodAuthKey,
-					AuthKeyID:      new(pak.ID),
+					AuthKeyID:      &pakID,
 				}
 				trx := db.DB.Save(&node)
 				require.NoError(t, trx.Error)

hscontrol/policy/policy_route_approval_test.go

@@ -330,6 +330,8 @@ func TestApproveRoutesWithPolicy_NilPolicyManagerCase(t *testing.T) {
 		Name:  "test",
 	}
 
+	userID := user.ID
+
 	currentApproved := []netip.Prefix{
 		netip.MustParsePrefix("10.0.0.0/24"),
 	}
@@ -342,8 +344,8 @@ func TestApproveRoutesWithPolicy_NilPolicyManagerCase(t *testing.T) {
 		MachineKey:     key.NewMachine().Public(),
 		NodeKey:        key.NewNode().Public(),
 		Hostname:       "testnode",
-		UserID:         new(user.ID),
-		User:           new(user),
+		UserID:         &userID,
+		User:           &user,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		Hostinfo: &tailcfg.Hostinfo{
 			RoutableIPs: announcedRoutes,

hscontrol/state/state.go

@@ -502,10 +502,9 @@ func (s *State) Connect(id types.NodeID) []change.Change {
 
 // Disconnect marks a node as disconnected and updates its primary routes in the state.
 func (s *State) Disconnect(id types.NodeID) ([]change.Change, error) {
-	now := time.Now()
-
 	node, ok := s.nodeStore.UpdateNode(id, func(n *types.Node) {
-		n.LastSeen = new(now)
+		now := time.Now()
+		n.LastSeen = &now
 		// NodeStore is the source of truth for all node state including online status.
 		n.IsOnline = new(false)
 	})

hscontrol/types/change/change.go

@@ -365,11 +365,6 @@ func KeyExpiry(nodeID types.NodeID, expiry *time.Time) Change {
 	}
 }
 
-// ptrTo returns a pointer to the given value.
-func ptrTo[T any](v T) *T {
-	return new(v)
-}
-
 // High-level change constructors
 
 // NodeAdded returns a Change for when a node is added or updated.

hscontrol/util/util_test.go

@@ -1207,10 +1207,10 @@ func TestEnsureHostnameWithHostinfo(t *testing.T) {
 			wantHostname: "test",
 			checkHostinfo: func(t *testing.T, hi *tailcfg.Hostinfo) { //nolint:thelper
 				if hi == nil {
-					t.Error("hostinfo should not be nil")
+					t.Fatal("hostinfo should not be nil")
 				}
 
-				if hi.Hostname != "test" { //nolint:staticcheck // SA5011: nil check is above
+				if hi.Hostname != "test" {
 					t.Errorf("hostname = %v, want test", hi.Hostname)
 				}
 
@@ -1241,10 +1241,10 @@ func TestEnsureHostnameWithHostinfo(t *testing.T) {
 			wantHostname: "123456789012345678901234567890123456789012345678901234567890123",
 			checkHostinfo: func(t *testing.T, hi *tailcfg.Hostinfo) { //nolint:thelper
 				if hi == nil {
-					t.Error("hostinfo should not be nil")
+					t.Fatal("hostinfo should not be nil")
 				}
 
-				if len(hi.Hostname) != 63 { //nolint:staticcheck // SA5011: nil check is above
+				if len(hi.Hostname) != 63 {
 					t.Errorf("hostname length = %v, want 63", len(hi.Hostname))
 				}
 			},