starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-04-17 14:29:57 +02:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

types: add node.expiry config, deprecate oidc.expiry

Browse Source 
Introduce a structured NodeConfig that replaces the flat
EphemeralNodeInactivityTimeout field with a nested Node section.

Add node.expiry config (default: no expiry) as the unified default key
expiry for all non-tagged nodes regardless of registration method.

Remove oidc.expiry entirely — node.expiry now applies to OIDC nodes
the same as all other registration methods. Using oidc.expiry in the
config is a hard error. determineNodeExpiry() returns nil (no expiry)
unless use_expiry_from_token is enabled, letting state.go apply the
node.expiry default uniformly.

The old ephemeral_node_inactivity_timeout key is preserved for
backwards compatibility.

Updates #1711
This commit is contained in:
Kristoffer Dalby
2026-03-01 22:53:26 +00:00
parent 23a5f1b628
commit 4d0b273b90
7 changed files with 171 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
nix/module.nix
View File

@@ -207,10 +207,36 @@ in
default = "30m";
description = ''
Time before an inactive ephemeral node is deleted.
Deprecated: use node.ephemeral.inactivity_timeout instead.
'';
example = "5m";
};
node = {
expiry = lib.mkOption {
type = lib.types.str;
default = "0";
description = ''
Default key expiry for non-tagged nodes, regardless of
registration method (auth key, CLI, web auth, OIDC).
Tagged nodes are exempt and never expire. Set to "0"
for no default expiry.
'';
example = "90d";
};
ephemeral = {
inactivity_timeout = lib.mkOption {
type = lib.types.str;
default = "30m";
description = ''
Time before an inactive ephemeral node is deleted.
'';
example = "5m";
};
};
};
database = {
type = lib.mkOption {
type = lib.types.enum [