Send logs to stderr, rather than stdout

.github/workflows/stale.yml

@@ -1,22 +0,0 @@
-name: Close inactive issues
-on:
-  schedule:
-    - cron: "30 1 * * *"
-
-jobs:
-  close-issues:
-    runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
-    steps:
-      - uses: actions/stale@v5
-        with:
-          days-before-issue-stale: 180
-          days-before-issue-close: 14
-          stale-issue-label: "stale"
-          stale-issue-message: "This issue is stale because it has been open for 180 days with no activity."
-          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
-          days-before-pr-stale: -1
-          days-before-pr-close: -1
-          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test-integration-v2-TestACLAllowStarDst.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLAllowStarDst:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLAllowStarDst
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestACLAllowUser80Dst.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLAllowUser80Dst:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLAllowUser80Dst
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestACLAllowUserDst.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLAllowUserDst:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLAllowUserDst
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestACLDenyAllPort80.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLDenyAllPort80:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLDenyAllPort80
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestACLDevice1CanAccessDevice2.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLDevice1CanAccessDevice2:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLDevice1CanAccessDevice2
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestACLHostsInNetMapTable.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLHostsInNetMapTable:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLHostsInNetMapTable
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestACLNamedHostsCanReach.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLNamedHostsCanReach:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLNamedHostsCanReach
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestACLNamedHostsCanReachBySubnet.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestACLNamedHostsCanReachBySubnet:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestACLNamedHostsCanReachBySubnet
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestApiKeyCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestApiKeyCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestApiKeyCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestAuthKeyLogoutAndRelogin.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestAuthKeyLogoutAndRelogin:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestAuthKeyLogoutAndRelogin
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestAuthWebFlowAuthenticationPingAll.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestAuthWebFlowAuthenticationPingAll:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestAuthWebFlowAuthenticationPingAll
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestAuthWebFlowLogoutAndRelogin.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestAuthWebFlowLogoutAndRelogin:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestAuthWebFlowLogoutAndRelogin
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestCreateTailscale.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestCreateTailscale:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestCreateTailscale
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestDERPServerScenario.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestDERPServerScenario:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestDERPServerScenario
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestEnablingRoutes.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestEnablingRoutes:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestEnablingRoutes
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestEphemeral.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestEphemeral:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestEphemeral
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestExpireNode.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestExpireNode:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestExpireNode
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestHeadscale.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestHeadscale:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestHeadscale
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestNodeCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestNodeCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestNodeCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestNodeExpireCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestNodeExpireCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestNodeExpireCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestNodeMoveCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestNodeMoveCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestNodeMoveCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestNodeRenameCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestNodeRenameCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestNodeRenameCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestNodeTagCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestNodeTagCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestNodeTagCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestOIDCAuthenticationPingAll.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestOIDCAuthenticationPingAll:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestOIDCAuthenticationPingAll
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestOIDCExpireNodesBasedOnTokenExpiry.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestOIDCExpireNodesBasedOnTokenExpiry:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestOIDCExpireNodesBasedOnTokenExpiry
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestPingAllByHostname.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestPingAllByHostname:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestPingAllByHostname
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestPingAllByIP.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestPingAllByIP:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestPingAllByIP
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestPreAuthKeyCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestPreAuthKeyCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestPreAuthKeyCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestPreAuthKeyCommandReusableEphemeral.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestPreAuthKeyCommandReusableEphemeral:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestPreAuthKeyCommandReusableEphemeral
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestPreAuthKeyCommandWithoutExpiry.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestPreAuthKeyCommandWithoutExpiry:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestPreAuthKeyCommandWithoutExpiry
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestResolveMagicDNS.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestResolveMagicDNS:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestResolveMagicDNS
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestSSHIsBlockedInACL.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestSSHIsBlockedInACL:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestSSHIsBlockedInACL
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestSSHMultipleUsersAllToAll.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestSSHMultipleUsersAllToAll:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestSSHMultipleUsersAllToAll
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestSSHNoSSHConfigured.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestSSHNoSSHConfigured:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestSSHNoSSHConfigured
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestSSHOneUserAllToAll.yaml

@@ -1,7 +1,7 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 
-name: Integration Test v2 - TestSSHOneUserToAll
+name: Integration Test v2 - TestSSHOneUserAllToAll
 
 on: [pull_request]
 
@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestSSHOneUserToAll:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestSSHOneUserToAll
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \
@@ -50,7 +50,7 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run "^TestSSHOneUserToAll$"
+                  -run "^TestSSHOneUserAllToAll$"
 
       - uses: actions/upload-artifact@v3
         if: always() && steps.changed-files.outputs.any_changed == 'true'

.github/workflows/test-integration-v2-TestSSUserOnlyIsolation.yaml

@@ -1,7 +1,7 @@
 # DO NOT EDIT, generated with cmd/gh-action-integration-generator/main.go
 # To regenerate, run "go generate" in cmd/gh-action-integration-generator/
 
-name: Integration Test v2 - TestSSHUserOnlyIsolation
+name: Integration Test v2 - TestSSUserOnlyIsolation
 
 on: [pull_request]
 
@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestSSHUserOnlyIsolation:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestSSHUserOnlyIsolation
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \
@@ -50,7 +50,7 @@ jobs:
                   -failfast \
                   -timeout 120m \
                   -parallel 1 \
-                  -run "^TestSSHUserOnlyIsolation$"
+                  -run "^TestSSUserOnlyIsolation$"
 
       - uses: actions/upload-artifact@v3
         if: always() && steps.changed-files.outputs.any_changed == 'true'

.github/workflows/test-integration-v2-TestTaildrop.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestTaildrop:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestTaildrop
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestTailscaleNodesJoiningHeadcale.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestTailscaleNodesJoiningHeadcale:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestTailscaleNodesJoiningHeadcale
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.github/workflows/test-integration-v2-TestUserCommand.yaml

@@ -10,7 +10,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  TestUserCommand:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -34,7 +34,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run TestUserCommand
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

.gitignore

@@ -1,5 +1,4 @@
 ignored/
-tailscale/
 
 # Binaries for programs and plugins
 *.exe

.golangci.yaml

@@ -10,8 +10,6 @@ issues:
 linters:
   enable-all: true
   disable:
-    - depguard
-
     - exhaustivestruct
     - revive
     - lll
@@ -32,7 +30,6 @@ linters:
     - exhaustruct
     - nolintlint
     - musttag # causes issues with imported libs
-    - depguard
 
     # deprecated
     - structcheck # replaced by unused

CHANGELOG.md

@@ -2,38 +2,14 @@
 
 ## 0.23.0 (2023-XX-XX)
 
-This release is mainly a code reorganisation and refactoring, significantly improving the maintainability of the codebase. This should allow us to improve further and make it easier for the maintainers to keep on top of the project.
-
-**Please remember to always back up your database between versions**
-
-#### Here is a short summary of the broad topics of changes:
-
-Code has been organised into modules, reducing use of global variables/objects, isolating concerns and “putting the right things in the logical place”.
-
-The new [policy](https://github.com/juanfont/headscale/tree/main/hscontrol/policy) and [mapper](https://github.com/juanfont/headscale/tree/main/hscontrol/mapper) package, containing the ACL/Policy logic and the logic for creating the data served to clients (the network “map”) has been rewritten and improved. This change has allowed us to finish SSH support and add additional tests throughout the code to ensure correctness.
-
-The [“poller”, or streaming logic](https://github.com/juanfont/headscale/blob/main/hscontrol/poll.go) has been rewritten and instead of keeping track of the latest updates, checking at a fixed interval, it now uses go channels, implemented in our new [notifier](https://github.com/juanfont/headscale/tree/main/hscontrol/notifier) package and it allows us to send updates to connected clients immediately. This should both improve performance and potential latency before a client picks up an update.
-
-Headscale now supports sending “delta” updates, thanks to the new mapper and poller logic, allowing us to only inform nodes about new nodes, changed nodes and removed nodes. Previously we sent the entire state of the network every time an update was due.
-
-While we have a pretty good [test harness](https://github.com/search?q=repo%3Ajuanfont%2Fheadscale+path%3A_test.go&type=code) for validating our changes, we have rewritten over [10000 lines of code](https://github.com/juanfont/headscale/compare/b01f1f1867136d9b2d7b1392776eb363b482c525...main) and bugs are expected. We need help testing this release. In addition, while we think the performance should in general be better, there might be regressions in parts of the platform, particularly where we prioritised correctness over speed.
-
-There are also several bugfixes that has been encountered and fixed as part of implementing these changes, particularly
-after improving the test harness as part of adopting [#1460](https://github.com/juanfont/headscale/pull/1460).
-
 ### BREAKING
 
-Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1473](https://github.com/juanfont/headscale/pull/1473)
-API: Machine is now Node [#1553](https://github.com/juanfont/headscale/pull/1553)
+- Code reorganisation, a lot of code has moved, please review the following PRs accordingly [#1444](https://github.com/juanfont/headscale/pull/1444)
 
 ### Changes
 
-Make the OIDC callback page better [#1484](https://github.com/juanfont/headscale/pull/1484)
-SSH support [#1487](https://github.com/juanfont/headscale/pull/1487)
-State management has been improved [#1492](https://github.com/juanfont/headscale/pull/1492)
-Use error group handling to ensure tests actually pass [#1535](https://github.com/juanfont/headscale/pull/1535) based on [#1460](https://github.com/juanfont/headscale/pull/1460)
-Fix hang on SIGTERM [#1492](https://github.com/juanfont/headscale/pull/1492) taken from [#1480](https://github.com/juanfont/headscale/pull/1480)
-Send logs to stderr by default [#1524](https://github.com/juanfont/headscale/pull/1524)
+- Make the OIDC callback page better [#1484](https://github.com/juanfont/headscale/pull/1484)
+- SSH is no longer experimental [#1487](https://github.com/juanfont/headscale/pull/1487)
 
 ## 0.22.3 (2023-05-12)
 

Dockerfile

@@ -1,5 +1,5 @@
 # Builder image
-FROM docker.io/golang:1.21-bookworm AS build
+FROM docker.io/golang:1.20-bullseye AS build
 ARG VERSION=dev
 ENV GOPATH /go
 WORKDIR /go/src/headscale
@@ -14,7 +14,7 @@ RUN strip /go/bin/headscale
 RUN test -e /go/bin/headscale
 
 # Production image
-FROM docker.io/debian:bookworm-slim
+FROM docker.io/debian:bullseye-slim
 
 RUN apt-get update \
     && apt-get install -y ca-certificates \

Dockerfile.debug

@@ -18,10 +18,6 @@ FROM docker.io/golang:1.20.0-bullseye
 COPY --from=build /go/bin/headscale /bin/headscale
 ENV TZ UTC
 
-RUN apt-get update \
-    && apt-get install --no-install-recommends --yes less jq \
-    && rm -rf /var/lib/apt/lists/* \
-    && apt-get clean
 RUN mkdir -p /var/run/headscale
 
 # Need to reset the entrypoint or everything will run as a busybox script

Dockerfile.tailscale

@@ -0,0 +1,16 @@
+FROM ubuntu:22.04
+
+ARG TAILSCALE_VERSION=*
+ARG TAILSCALE_CHANNEL=stable
+
+RUN apt-get update \
+    && apt-get install -y gnupg curl ssh dnsutils ca-certificates \
+    && adduser --shell=/bin/bash ssh-it-user
+
+# Tailscale is deliberately split into a second stage so we can cash utils as a seperate layer.
+RUN curl -fsSL https://pkgs.tailscale.com/${TAILSCALE_CHANNEL}/ubuntu/focal.gpg | apt-key add - \
+    && curl -fsSL https://pkgs.tailscale.com/${TAILSCALE_CHANNEL}/ubuntu/focal.list | tee /etc/apt/sources.list.d/tailscale.list \
+    && apt-get update \
+    && apt-get install -y tailscale=${TAILSCALE_VERSION} \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*

README.md

@@ -188,13 +188,6 @@ make build
             <sub style="font-size:14px"><b>Juan Font</b></sub>
         </a>
     </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/restanrm>
-            <img src=https://avatars.githubusercontent.com/u/4344371?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Adrien Raffin-Caboisse/>
-            <br />
-            <sub style="font-size:14px"><b>Adrien Raffin-Caboisse</b></sub>
-        </a>
-    </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/cure>
             <img src=https://avatars.githubusercontent.com/u/149135?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Ward Vandewege/>
@@ -216,8 +209,6 @@ make build
             <sub style="font-size:14px"><b>Benjamin Roberts</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/reynico>
             <img src=https://avatars.githubusercontent.com/u/715768?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Nico/>
@@ -225,6 +216,8 @@ make build
             <sub style="font-size:14px"><b>Nico</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/evenh>
             <img src=https://avatars.githubusercontent.com/u/2701536?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Even Holthe/>
@@ -260,6 +253,13 @@ make build
             <sub style="font-size:14px"><b>ohdearaugustin</b></sub>
         </a>
     </td>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/unreality>
+            <img src=https://avatars.githubusercontent.com/u/352522?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=unreality/>
+            <br />
+            <sub style="font-size:14px"><b>unreality</b></sub>
+        </a>
+    </td>
 </tr>
 <tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
@@ -276,6 +276,13 @@ make build
             <sub style="font-size:14px"><b>Andriy Kushnir</b></sub>
         </a>
     </td>
+    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
+        <a href=https://github.com/restanrm>
+            <img src=https://avatars.githubusercontent.com/u/4344371?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Adrien Raffin-Caboisse/>
+            <br />
+            <sub style="font-size:14px"><b>Adrien Raffin-Caboisse</b></sub>
+        </a>
+    </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/GrigoriyMikhalkin>
             <img src=https://avatars.githubusercontent.com/u/3637857?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=GrigoriyMikhalkin/>
@@ -297,6 +304,8 @@ make build
             <sub style="font-size:14px"><b>Mike Lloyd</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/iSchluff>
             <img src=https://avatars.githubusercontent.com/u/1429641?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Anton Schubert/>
@@ -304,8 +313,6 @@ make build
             <sub style="font-size:14px"><b>Anton Schubert</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/Niek>
             <img src=https://avatars.githubusercontent.com/u/213140?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Niek van der Maas/>
@@ -341,6 +348,8 @@ make build
             <sub style="font-size:14px"><b>Igor Perepilitsyn</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/Aluxima>
             <img src=https://avatars.githubusercontent.com/u/16262531?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Laurent Marchaud/>
@@ -348,8 +357,6 @@ make build
             <sub style="font-size:14px"><b>Laurent Marchaud</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/majst01>
             <img src=https://avatars.githubusercontent.com/u/410110?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Stefan Majer/>
@@ -385,6 +392,8 @@ make build
             <sub style="font-size:14px"><b>bravechamp</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/deonthomasgy>
             <img src=https://avatars.githubusercontent.com/u/150036?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Deon Thomas/>
@@ -392,8 +401,6 @@ make build
             <sub style="font-size:14px"><b>Deon Thomas</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/madjam002>
             <img src=https://avatars.githubusercontent.com/u/679137?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jamie Greeff/>
@@ -429,6 +436,8 @@ make build
             <sub style="font-size:14px"><b>Mevan Samaratunga</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/dragetd>
             <img src=https://avatars.githubusercontent.com/u/3639577?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Michael G./>
@@ -436,8 +445,6 @@ make build
             <sub style="font-size:14px"><b>Michael G.</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/ptman>
             <img src=https://avatars.githubusercontent.com/u/24669?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Paul Tötterman/>
@@ -459,13 +466,6 @@ make build
             <sub style="font-size:14px"><b>loprima-l</b></sub>
         </a>
     </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/unreality>
-            <img src=https://avatars.githubusercontent.com/u/352522?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=unreality/>
-            <br />
-            <sub style="font-size:14px"><b>unreality</b></sub>
-        </a>
-    </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/kevin1sMe>
             <img src=https://avatars.githubusercontent.com/u/6886076?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=kevinlin/>
@@ -512,9 +512,9 @@ make build
     </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/CNLHC>
-            <img src=https://avatars.githubusercontent.com/u/21005146?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=LIU HANCHENG/>
+            <img src=https://avatars.githubusercontent.com/u/21005146?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=LiuHanCheng/>
             <br />
-            <sub style="font-size:14px"><b>LIU HANCHENG</b></sub>
+            <sub style="font-size:14px"><b>LiuHanCheng</b></sub>
         </a>
     </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
@@ -547,13 +547,6 @@ make build
             <sub style="font-size:14px"><b>Steven Honson</b></sub>
         </a>
     </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/vsychov>
-            <img src=https://avatars.githubusercontent.com/u/2186303?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=MichaelKo/>
-            <br />
-            <sub style="font-size:14px"><b>MichaelKo</b></sub>
-        </a>
-    </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/ratsclub>
             <img src=https://avatars.githubusercontent.com/u/25647735?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Victor Freire/>
@@ -561,15 +554,6 @@ make build
             <sub style="font-size:14px"><b>Victor Freire</b></sub>
         </a>
     </td>
-    <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/qzydustin>
-            <img src=https://avatars.githubusercontent.com/u/44362429?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Zhenyu Qi/>
-            <br />
-            <sub style="font-size:14px"><b>Zhenyu Qi</b></sub>
-        </a>
-    </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/t56k>
             <img src=https://avatars.githubusercontent.com/u/12165422?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=thomas/>
@@ -584,6 +568,8 @@ make build
             <sub style="font-size:14px"><b>Sean Reifschneider</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/aberoham>
             <img src=https://avatars.githubusercontent.com/u/586805?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Abraham Ingersoll/>
@@ -612,8 +598,6 @@ make build
             <sub style="font-size:14px"><b>Anoop Sundaresh</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/apognu>
             <img src=https://avatars.githubusercontent.com/u/3017182?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Antoine POPINEAU/>
@@ -628,6 +612,8 @@ make build
             <sub style="font-size:14px"><b>Antonio Fernandez</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/aofei>
             <img src=https://avatars.githubusercontent.com/u/5037285?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Aofei Sheng/>
@@ -656,8 +642,6 @@ make build
             <sub style="font-size:14px"><b>Avirut Mehta</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/stensonb>
             <img src=https://avatars.githubusercontent.com/u/933389?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Bryan Stenson/>
@@ -672,6 +656,8 @@ make build
             <sub style="font-size:14px"><b> Carson Yang</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/kundel>
             <img src=https://avatars.githubusercontent.com/u/10158899?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Darrell Kundel/>
@@ -700,8 +686,6 @@ make build
             <sub style="font-size:14px"><b>Felix Yan</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/gabe565>
             <img src=https://avatars.githubusercontent.com/u/7717888?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Gabe Cook/>
@@ -716,6 +700,8 @@ make build
             <sub style="font-size:14px"><b>JJGadgets</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/hrtkpf>
             <img src=https://avatars.githubusercontent.com/u/42646788?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=hrtkpf/>
@@ -744,8 +730,6 @@ make build
             <sub style="font-size:14px"><b>John Axel Eriksson</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/ShadowJonathan>
             <img src=https://avatars.githubusercontent.com/u/22740616?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Jonathan de Jong/>
@@ -760,6 +744,8 @@ make build
             <sub style="font-size:14px"><b>Julien Zweverink</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/win-t>
             <img src=https://avatars.githubusercontent.com/u/1589120?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Kurnia D Win/>
@@ -788,8 +774,6 @@ make build
             <sub style="font-size:14px"><b>Mesar Hameed</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/mikejsavage>
             <img src=https://avatars.githubusercontent.com/u/579299?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Michael Savage/>
@@ -804,6 +788,8 @@ make build
             <sub style="font-size:14px"><b>Philipp Krivanec</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/piec>
             <img src=https://avatars.githubusercontent.com/u/781471?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Pierre Carru/>
@@ -832,8 +818,6 @@ make build
             <sub style="font-size:14px"><b>rcursaru</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/renovate-bot>
             <img src=https://avatars.githubusercontent.com/u/25180681?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Mend Renovate/>
@@ -848,6 +832,8 @@ make build
             <sub style="font-size:14px"><b>Ryan Fowler</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/muzy>
             <img src=https://avatars.githubusercontent.com/u/321723?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Sebastian Muszytowski/>
@@ -876,8 +862,6 @@ make build
             <sub style="font-size:14px"><b>Stefan VanBuren</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/sophware>
             <img src=https://avatars.githubusercontent.com/u/41669?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=sophware/>
@@ -892,6 +876,8 @@ make build
             <sub style="font-size:14px"><b>Tanner</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/Teteros>
             <img src=https://avatars.githubusercontent.com/u/5067989?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Teteros/>
@@ -920,8 +906,6 @@ make build
             <sub style="font-size:14px"><b>Till Hoffmann</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/woudsma>
             <img src=https://avatars.githubusercontent.com/u/6162978?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tjerk Woudsma/>
@@ -931,13 +915,15 @@ make build
     </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/y0ngb1n>
-            <img src=https://avatars.githubusercontent.com/u/25719408?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=杨斌 Aben/>
+            <img src=https://avatars.githubusercontent.com/u/25719408?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Yang Bin/>
             <br />
-            <sub style="font-size:14px"><b>杨斌 Aben</b></sub>
+            <sub style="font-size:14px"><b>Yang Bin</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
-        <a href=https://github.com/sleepymole1>
+        <a href=https://github.com/gozssky>
             <img src=https://avatars.githubusercontent.com/u/17199941?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Yujie Xia/>
             <br />
             <sub style="font-size:14px"><b>Yujie Xia</b></sub>
@@ -964,8 +950,6 @@ make build
             <sub style="font-size:14px"><b>Zhiyuan Zheng</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/Bpazy>
             <img src=https://avatars.githubusercontent.com/u/9838749?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Ziyuan Han/>
@@ -980,6 +964,8 @@ make build
             <sub style="font-size:14px"><b>caelansar</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/derelm>
             <img src=https://avatars.githubusercontent.com/u/465155?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=derelm/>
@@ -1008,8 +994,6 @@ make build
             <sub style="font-size:14px"><b>ignoramous</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/jimyag>
             <img src=https://avatars.githubusercontent.com/u/69233189?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=jimyag/>
@@ -1024,6 +1008,8 @@ make build
             <sub style="font-size:14px"><b>suhelen</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/lion24>
             <img src=https://avatars.githubusercontent.com/u/1382102?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=sharkonet/>
@@ -1052,8 +1038,6 @@ make build
             <sub style="font-size:14px"><b>nicholas-yap</b></sub>
         </a>
     </td>
-</tr>
-<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/pernila>
             <img src=https://avatars.githubusercontent.com/u/12460060?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Tommi Pernila/>
@@ -1068,11 +1052,13 @@ make build
             <sub style="font-size:14px"><b>phpmalik</b></sub>
         </a>
     </td>
+</tr>
+<tr>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">
         <a href=https://github.com/Wakeful-Cloud>
-            <img src=https://avatars.githubusercontent.com/u/38930607?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Wakeful Cloud/>
+            <img src=https://avatars.githubusercontent.com/u/38930607?v=4 width="100;"  style="border-radius:50%;align-items:center;justify-content:center;overflow:hidden;padding-top:10px" alt=Wakeful-Cloud/>
             <br />
-            <sub style="font-size:14px"><b>Wakeful Cloud</b></sub>
+            <sub style="font-size:14px"><b>Wakeful-Cloud</b></sub>
         </a>
     </td>
     <td align="center" style="word-wrap: break-word; width: 150.0; height: 150.0">

cmd/build-docker-img/main.go

@@ -21,7 +21,7 @@ func main() {
 		log.Fatalf("failed to create or get network: %s", err)
 	}
 
-	for _, version := range integration.AllVersions {
+	for _, version := range integration.TailscaleVersions {
 		log.Printf("creating container image for Tailscale (%s)", version)
 
 		tsClient, err := tsic.New(

cmd/gh-action-integration-generator/main.go

@@ -31,7 +31,7 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  {{.Name}}:
+  test:
     runs-on: ubuntu-latest
 
     steps:
@@ -55,7 +55,7 @@ jobs:
             integration_test/
             config-example.yaml
 
-      - name: Run {{.Name}}
+      - name: Run general integration tests
         if: steps.changed-files.outputs.any_changed == 'true'
         run: |
             nix develop --command -- docker run \

cmd/headscale/cli/debug.go

@@ -57,7 +57,7 @@ var debugCmd = &cobra.Command{
 
 var createNodeCmd = &cobra.Command{
 	Use:   "create-node",
-	Short: "Create a node that can be registered with `nodes register <>` command",
+	Short: "Create a node (machine) that can be registered with `nodes register <>` command",
 	Run: func(cmd *cobra.Command, args []string) {
 		output, _ := cmd.Flags().GetString("output")
 
@@ -115,24 +115,24 @@ var createNodeCmd = &cobra.Command{
 			return
 		}
 
-		request := &v1.DebugCreateNodeRequest{
+		request := &v1.DebugCreateMachineRequest{
 			Key:    machineKey,
 			Name:   name,
 			User:   user,
 			Routes: routes,
 		}
 
-		response, err := client.DebugCreateNode(ctx, request)
+		response, err := client.DebugCreateMachine(ctx, request)
 		if err != nil {
 			ErrorOutput(
 				err,
-				fmt.Sprintf("Cannot create node: %s", status.Convert(err).Message()),
+				fmt.Sprintf("Cannot create machine: %s", status.Convert(err).Message()),
 				output,
 			)
 
 			return
 		}
 
-		SuccessOutput(response.Node, "Node created", output)
+		SuccessOutput(response.Machine, "Machine created", output)
 	},
 }

cmd/headscale/cli/nodes.go

@@ -107,7 +107,7 @@ var nodeCmd = &cobra.Command{
 
 var registerNodeCmd = &cobra.Command{
 	Use:   "register",
-	Short: "Registers a node to your network",
+	Short: "Registers a machine to your network",
 	Run: func(cmd *cobra.Command, args []string) {
 		output, _ := cmd.Flags().GetString("output")
 		user, err := cmd.Flags().GetString("user")
@@ -132,17 +132,17 @@ var registerNodeCmd = &cobra.Command{
 			return
 		}
 
-		request := &v1.RegisterNodeRequest{
+		request := &v1.RegisterMachineRequest{
 			Key:  machineKey,
 			User: user,
 		}
 
-		response, err := client.RegisterNode(ctx, request)
+		response, err := client.RegisterMachine(ctx, request)
 		if err != nil {
 			ErrorOutput(
 				err,
 				fmt.Sprintf(
-					"Cannot register node: %s\n",
+					"Cannot register machine: %s\n",
 					status.Convert(err).Message(),
 				),
 				output,
@@ -152,8 +152,8 @@ var registerNodeCmd = &cobra.Command{
 		}
 
 		SuccessOutput(
-			response.Node,
-			fmt.Sprintf("Node %s registered", response.Node.GivenName), output)
+			response.Machine,
+			fmt.Sprintf("Machine %s registered", response.Machine.GivenName), output)
 	},
 }
 
@@ -180,11 +180,11 @@ var listNodesCmd = &cobra.Command{
 		defer cancel()
 		defer conn.Close()
 
-		request := &v1.ListNodesRequest{
+		request := &v1.ListMachinesRequest{
 			User: user,
 		}
 
-		response, err := client.ListNodes(ctx, request)
+		response, err := client.ListMachines(ctx, request)
 		if err != nil {
 			ErrorOutput(
 				err,
@@ -196,12 +196,12 @@ var listNodesCmd = &cobra.Command{
 		}
 
 		if output != "" {
-			SuccessOutput(response.Nodes, "", output)
+			SuccessOutput(response.Machines, "", output)
 
 			return
 		}
 
-		tableData, err := nodesToPtables(user, showTags, response.Nodes)
+		tableData, err := nodesToPtables(user, showTags, response.Machines)
 		if err != nil {
 			ErrorOutput(err, fmt.Sprintf("Error converting to table: %s", err), output)
 
@@ -223,7 +223,7 @@ var listNodesCmd = &cobra.Command{
 
 var expireNodeCmd = &cobra.Command{
 	Use:     "expire",
-	Short:   "Expire (log out) a node in your network",
+	Short:   "Expire (log out) a machine in your network",
 	Long:    "Expiring a node will keep the node in the database and force it to reauthenticate.",
 	Aliases: []string{"logout", "exp", "e"},
 	Run: func(cmd *cobra.Command, args []string) {
@@ -244,16 +244,16 @@ var expireNodeCmd = &cobra.Command{
 		defer cancel()
 		defer conn.Close()
 
-		request := &v1.ExpireNodeRequest{
-			NodeId: identifier,
+		request := &v1.ExpireMachineRequest{
+			MachineId: identifier,
 		}
 
-		response, err := client.ExpireNode(ctx, request)
+		response, err := client.ExpireMachine(ctx, request)
 		if err != nil {
 			ErrorOutput(
 				err,
 				fmt.Sprintf(
-					"Cannot expire node: %s\n",
+					"Cannot expire machine: %s\n",
 					status.Convert(err).Message(),
 				),
 				output,
@@ -262,13 +262,13 @@ var expireNodeCmd = &cobra.Command{
 			return
 		}
 
-		SuccessOutput(response.Node, "Node expired", output)
+		SuccessOutput(response.Machine, "Machine expired", output)
 	},
 }
 
 var renameNodeCmd = &cobra.Command{
 	Use:   "rename NEW_NAME",
-	Short: "Renames a node in your network",
+	Short: "Renames a machine in your network",
 	Run: func(cmd *cobra.Command, args []string) {
 		output, _ := cmd.Flags().GetString("output")
 
@@ -291,17 +291,17 @@ var renameNodeCmd = &cobra.Command{
 		if len(args) > 0 {
 			newName = args[0]
 		}
-		request := &v1.RenameNodeRequest{
-			NodeId:  identifier,
-			NewName: newName,
+		request := &v1.RenameMachineRequest{
+			MachineId: identifier,
+			NewName:   newName,
 		}
 
-		response, err := client.RenameNode(ctx, request)
+		response, err := client.RenameMachine(ctx, request)
 		if err != nil {
 			ErrorOutput(
 				err,
 				fmt.Sprintf(
-					"Cannot rename node: %s\n",
+					"Cannot rename machine: %s\n",
 					status.Convert(err).Message(),
 				),
 				output,
@@ -310,7 +310,7 @@ var renameNodeCmd = &cobra.Command{
 			return
 		}
 
-		SuccessOutput(response.Node, "Node renamed", output)
+		SuccessOutput(response.Machine, "Machine renamed", output)
 	},
 }
 
@@ -336,11 +336,11 @@ var deleteNodeCmd = &cobra.Command{
 		defer cancel()
 		defer conn.Close()
 
-		getRequest := &v1.GetNodeRequest{
-			NodeId: identifier,
+		getRequest := &v1.GetMachineRequest{
+			MachineId: identifier,
 		}
 
-		getResponse, err := client.GetNode(ctx, getRequest)
+		getResponse, err := client.GetMachine(ctx, getRequest)
 		if err != nil {
 			ErrorOutput(
 				err,
@@ -354,8 +354,8 @@ var deleteNodeCmd = &cobra.Command{
 			return
 		}
 
-		deleteRequest := &v1.DeleteNodeRequest{
-			NodeId: identifier,
+		deleteRequest := &v1.DeleteMachineRequest{
+			MachineId: identifier,
 		}
 
 		confirm := false
@@ -364,7 +364,7 @@ var deleteNodeCmd = &cobra.Command{
 			prompt := &survey.Confirm{
 				Message: fmt.Sprintf(
 					"Do you want to remove the node %s?",
-					getResponse.GetNode().Name,
+					getResponse.GetMachine().Name,
 				),
 			}
 			err = survey.AskOne(prompt, &confirm)
@@ -374,7 +374,7 @@ var deleteNodeCmd = &cobra.Command{
 		}
 
 		if confirm || force {
-			response, err := client.DeleteNode(ctx, deleteRequest)
+			response, err := client.DeleteMachine(ctx, deleteRequest)
 			if output != "" {
 				SuccessOutput(response, "", output)
 
@@ -436,11 +436,11 @@ var moveNodeCmd = &cobra.Command{
 		defer cancel()
 		defer conn.Close()
 
-		getRequest := &v1.GetNodeRequest{
-			NodeId: identifier,
+		getRequest := &v1.GetMachineRequest{
+			MachineId: identifier,
 		}
 
-		_, err = client.GetNode(ctx, getRequest)
+		_, err = client.GetMachine(ctx, getRequest)
 		if err != nil {
 			ErrorOutput(
 				err,
@@ -454,12 +454,12 @@ var moveNodeCmd = &cobra.Command{
 			return
 		}
 
-		moveRequest := &v1.MoveNodeRequest{
-			NodeId: identifier,
-			User:   user,
+		moveRequest := &v1.MoveMachineRequest{
+			MachineId: identifier,
+			User:      user,
 		}
 
-		moveResponse, err := client.MoveNode(ctx, moveRequest)
+		moveResponse, err := client.MoveMachine(ctx, moveRequest)
 		if err != nil {
 			ErrorOutput(
 				err,
@@ -473,14 +473,14 @@ var moveNodeCmd = &cobra.Command{
 			return
 		}
 
-		SuccessOutput(moveResponse.Node, "Node moved to another user", output)
+		SuccessOutput(moveResponse.Machine, "Node moved to another user", output)
 	},
 }
 
 func nodesToPtables(
 	currentUser string,
 	showTags bool,
-	nodes []*v1.Node,
+	machines []*v1.Machine,
 ) (pterm.TableData, error) {
 	tableHeader := []string{
 		"ID",
@@ -505,23 +505,23 @@ func nodesToPtables(
 	}
 	tableData := pterm.TableData{tableHeader}
 
-	for _, node := range nodes {
+	for _, machine := range machines {
 		var ephemeral bool
-		if node.PreAuthKey != nil && node.PreAuthKey.Ephemeral {
+		if machine.PreAuthKey != nil && machine.PreAuthKey.Ephemeral {
 			ephemeral = true
 		}
 
 		var lastSeen time.Time
 		var lastSeenTime string
-		if node.LastSeen != nil {
-			lastSeen = node.LastSeen.AsTime()
+		if machine.LastSeen != nil {
+			lastSeen = machine.LastSeen.AsTime()
 			lastSeenTime = lastSeen.Format("2006-01-02 15:04:05")
 		}
 
 		var expiry time.Time
 		var expiryTime string
-		if node.Expiry != nil {
-			expiry = node.Expiry.AsTime()
+		if machine.Expiry != nil {
+			expiry = machine.Expiry.AsTime()
 			expiryTime = expiry.Format("2006-01-02 15:04:05")
 		} else {
 			expiryTime = "N/A"
@@ -529,7 +529,7 @@ func nodesToPtables(
 
 		var machineKey key.MachinePublic
 		err := machineKey.UnmarshalText(
-			[]byte(util.MachinePublicKeyEnsurePrefix(node.MachineKey)),
+			[]byte(util.MachinePublicKeyEnsurePrefix(machine.MachineKey)),
 		)
 		if err != nil {
 			machineKey = key.MachinePublic{}
@@ -537,14 +537,14 @@ func nodesToPtables(
 
 		var nodeKey key.NodePublic
 		err = nodeKey.UnmarshalText(
-			[]byte(util.NodePublicKeyEnsurePrefix(node.NodeKey)),
+			[]byte(util.NodePublicKeyEnsurePrefix(machine.NodeKey)),
 		)
 		if err != nil {
 			return nil, err
 		}
 
 		var online string
-		if node.Online {
+		if machine.Online {
 			online = pterm.LightGreen("online")
 		} else {
 			online = pterm.LightRed("offline")
@@ -558,36 +558,36 @@ func nodesToPtables(
 		}
 
 		var forcedTags string
-		for _, tag := range node.ForcedTags {
+		for _, tag := range machine.ForcedTags {
 			forcedTags += "," + tag
 		}
 		forcedTags = strings.TrimLeft(forcedTags, ",")
 		var invalidTags string
-		for _, tag := range node.InvalidTags {
-			if !contains(node.ForcedTags, tag) {
+		for _, tag := range machine.InvalidTags {
+			if !contains(machine.ForcedTags, tag) {
 				invalidTags += "," + pterm.LightRed(tag)
 			}
 		}
 		invalidTags = strings.TrimLeft(invalidTags, ",")
 		var validTags string
-		for _, tag := range node.ValidTags {
-			if !contains(node.ForcedTags, tag) {
+		for _, tag := range machine.ValidTags {
+			if !contains(machine.ForcedTags, tag) {
 				validTags += "," + pterm.LightGreen(tag)
 			}
 		}
 		validTags = strings.TrimLeft(validTags, ",")
 
 		var user string
-		if currentUser == "" || (currentUser == node.User.Name) {
-			user = pterm.LightMagenta(node.User.Name)
+		if currentUser == "" || (currentUser == machine.User.Name) {
+			user = pterm.LightMagenta(machine.User.Name)
 		} else {
 			// Shared into this user
-			user = pterm.LightYellow(node.User.Name)
+			user = pterm.LightYellow(machine.User.Name)
 		}
 
 		var IPV4Address string
 		var IPV6Address string
-		for _, addr := range node.IpAddresses {
+		for _, addr := range machine.IpAddresses {
 			if netip.MustParseAddr(addr).Is4() {
 				IPV4Address = addr
 			} else {
@@ -596,9 +596,9 @@ func nodesToPtables(
 		}
 
 		nodeData := []string{
-			strconv.FormatUint(node.Id, util.Base10),
-			node.Name,
-			node.GetGivenName(),
+			strconv.FormatUint(machine.Id, util.Base10),
+			machine.Name,
+			machine.GetGivenName(),
 			machineKey.ShortString(),
 			nodeKey.ShortString(),
 			user,
@@ -646,17 +646,17 @@ var tagCmd = &cobra.Command{
 		if err != nil {
 			ErrorOutput(
 				err,
-				fmt.Sprintf("Error retrieving list of tags to add to node, %v", err),
+				fmt.Sprintf("Error retrieving list of tags to add to machine, %v", err),
 				output,
 			)
 
 			return
 		}
 
-		// Sending tags to node
+		// Sending tags to machine
 		request := &v1.SetTagsRequest{
-			NodeId: identifier,
-			Tags:   tagsToSet,
+			MachineId: identifier,
+			Tags:      tagsToSet,
 		}
 		resp, err := client.SetTags(ctx, request)
 		if err != nil {
@@ -671,8 +671,8 @@ var tagCmd = &cobra.Command{
 
 		if resp != nil {
 			SuccessOutput(
-				resp.GetNode(),
-				"Node updated",
+				resp.GetMachine(),
+				"Machine updated",
 				output,
 			)
 		}

cmd/headscale/cli/root.go

@@ -51,14 +51,14 @@ func initConfig() {
 
 	cfg, err := types.GetHeadscaleConfig()
 	if err != nil {
-		log.Fatal().Caller().Err(err).Msg("Failed to get headscale configuration")
+		log.Fatal().Caller().Err(err)
 	}
 
 	machineOutput := HasMachineOutputFlag()
 
 	zerolog.SetGlobalLevel(cfg.Log.Level)
 
-	// If the user has requested a "node" readable format,
+	// If the user has requested a "machine" readable format,
 	// then disable login so the output remains valid.
 	if machineOutput {
 		zerolog.SetGlobalLevel(zerolog.Disabled)

cmd/headscale/cli/routes.go

@@ -94,13 +94,13 @@ var listRoutesCmd = &cobra.Command{
 
 			routes = response.Routes
 		} else {
-			response, err := client.GetNodeRoutes(ctx, &v1.GetNodeRoutesRequest{
-				NodeId: machineID,
+			response, err := client.GetMachineRoutes(ctx, &v1.GetMachineRoutesRequest{
+				MachineId: machineID,
 			})
 			if err != nil {
 				ErrorOutput(
 					err,
-					fmt.Sprintf("Cannot get routes for node %d: %s", machineID, status.Convert(err).Message()),
+					fmt.Sprintf("Cannot get routes for machine %d: %s", machineID, status.Convert(err).Message()),
 					output,
 				)
 
@@ -267,7 +267,7 @@ var deleteRouteCmd = &cobra.Command{
 
 // routesToPtables converts the list of routes to a nice table.
 func routesToPtables(routes []*v1.Route) pterm.TableData {
-	tableData := pterm.TableData{{"ID", "Node", "Prefix", "Advertised", "Enabled", "Primary"}}
+	tableData := pterm.TableData{{"ID", "Machine", "Prefix", "Advertised", "Enabled", "Primary"}}
 
 	for _, route := range routes {
 		var isPrimaryStr string
@@ -286,7 +286,7 @@ func routesToPtables(routes []*v1.Route) pterm.TableData {
 		tableData = append(tableData,
 			[]string{
 				strconv.FormatUint(route.Id, Base10),
-				route.Node.GivenName,
+				route.Machine.GivenName,
 				route.Prefix,
 				strconv.FormatBool(route.Advertised),
 				strconv.FormatBool(route.Enabled),

cmd/headscale/cli/utils.go

@@ -154,17 +154,17 @@ func SuccessOutput(result interface{}, override string, outputFormat string) {
 	case "json":
 		jsonBytes, err = json.MarshalIndent(result, "", "\t")
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed to unmarshal output")
+			log.Fatal().Err(err)
 		}
 	case "json-line":
 		jsonBytes, err = json.Marshal(result)
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed to unmarshal output")
+			log.Fatal().Err(err)
 		}
 	case "yaml":
 		jsonBytes, err = yaml.Marshal(result)
 		if err != nil {
-			log.Fatal().Err(err).Msg("failed to unmarshal output")
+			log.Fatal().Err(err)
 		}
 	default:
 		//nolint

flake.lock

@@ -5,11 +5,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1692799911,
-        "narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
+        "lastModified": 1681202837,
+        "narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
+        "rev": "cfacdce06f30d2b68473a46042957675eebb3401",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1693844670,
-        "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=",
+        "lastModified": 1681753173,
+        "narHash": "sha256-MrGmzZWLUqh2VstoikKLFFIELXm/lsf/G9U9zR96VD4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3c15feef7770eb5500a4b8792623e2d6f598c9c1",
+        "rev": "0a4206a51b386e5cda731e8ac78d76ad924c7125",
         "type": "github"
       },
       "original": {

flake.nix

@@ -33,7 +33,7 @@
 
           # When updating go.mod or go.sum, a new sha will need to be calculated,
           # update this if you have a mismatch after doing a change to thos files.
-          vendorSha256 = "sha256-dNE5wgR3oWXlYzPNXp0v/GGwY0/hvhOB5JWCb5EIbg8=";
+          vendorSha256 = "sha256-9Hol8w8HB28AlulshMYYQwOgvGzR47qxzyPrB8G0XSQ=";
 
           ldflags = ["-s" "-w" "-X github.com/juanfont/headscale/cmd/headscale/cli.Version=v${version}"];
         };
@@ -96,7 +96,6 @@
           nfpm
           gotestsum
           gotests
-          ksh
 
           # 'dot' is needed for pprof graphs
           # go tool pprof -http=: <source>

gen/go/headscale/v1/apikey.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
+// 	protoc-gen-go v1.29.1
 // 	protoc        (unknown)
 // source: headscale/v1/apikey.proto
 

gen/go/headscale/v1/device.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
+// 	protoc-gen-go v1.29.1
 // 	protoc        (unknown)
 // source: headscale/v1/device.proto
 

gen/go/headscale/v1/headscale.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
+// 	protoc-gen-go v1.29.1
 // 	protoc        (unknown)
 // source: headscale/v1/headscale.proto
 
@@ -31,252 +31,261 @@ var file_headscale_v1_headscale_proto_rawDesc = []byte{
 	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76,
 	0x31, 0x2f, 0x70, 0x72, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x1a, 0x17, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31,
-	0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x68, 0x65, 0x61,
-	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
-	0x65, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70, 0x69, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74,
-	0x6f, 0x32, 0x85, 0x17, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x53,
-	0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x63, 0x0a, 0x07, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65,
-	0x72, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31,
-	0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x1d, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47,
-	0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1b,
-	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x12, 0x13, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f,
-	0x75, 0x73, 0x65, 0x72, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12, 0x68, 0x0a, 0x0a, 0x43,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64,
-	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55,
-	0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65, 0x61,
-	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x17, 0x82, 0xd3,
-	0xe4, 0x93, 0x02, 0x11, 0x3a, 0x01, 0x2a, 0x22, 0x0c, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31,
-	0x2f, 0x75, 0x73, 0x65, 0x72, 0x12, 0x82, 0x01, 0x0a, 0x0a, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65,
-	0x55, 0x73, 0x65, 0x72, 0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65,
-	0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
-	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52,
-	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x31, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x2b, 0x22,
-	0x29, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x7b, 0x6f,
-	0x6c, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x2f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x2f,
-	0x7b, 0x6e, 0x65, 0x77, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12, 0x6c, 0x0a, 0x0a, 0x44, 0x65,
-	0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
-	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73,
-	0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64,
-	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55,
-	0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1b, 0x82, 0xd3, 0xe4,
-	0x93, 0x02, 0x15, 0x2a, 0x13, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65,
-	0x72, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12, 0x62, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74,
-	0x55, 0x73, 0x65, 0x72, 0x73, 0x12, 0x1e, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
-	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
-	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x73, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x14, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x0e, 0x12, 0x0c,
-	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x12, 0x80, 0x01, 0x0a,
-	0x10, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65,
-	0x79, 0x12, 0x25, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31,
-	0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65,
-	0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
-	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72,
-	0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x22, 0x1d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x17, 0x3a, 0x01, 0x2a, 0x22, 0x12, 0x2f, 0x61, 0x70,
-	0x69, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6b, 0x65, 0x79, 0x12,
-	0x87, 0x01, 0x0a, 0x10, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74,
-	0x68, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65,
-	0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74,
-	0x68, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x68, 0x65,
-	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72,
-	0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x24, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1e, 0x3a, 0x01, 0x2a, 0x22, 0x19,
-	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6b,
-	0x65, 0x79, 0x2f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x12, 0x7a, 0x0a, 0x0f, 0x4c, 0x69, 0x73,
-	0x74, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x24, 0x2e, 0x68,
-	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
-	0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x25, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
-	0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79,
-	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1a, 0x82, 0xd3, 0xe4, 0x93, 0x02,
-	0x14, 0x12, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72, 0x65, 0x61, 0x75,
-	0x74, 0x68, 0x6b, 0x65, 0x79, 0x12, 0x7d, 0x0a, 0x0f, 0x44, 0x65, 0x62, 0x75, 0x67, 0x43, 0x72,
-	0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x24, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
-	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x62, 0x75, 0x67, 0x43, 0x72, 0x65,
-	0x61, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25,
-	0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65,
-	0x62, 0x75, 0x67, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x17, 0x3a, 0x01, 0x2a,
-	0x22, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x64, 0x65, 0x62, 0x75, 0x67, 0x2f,
-	0x6e, 0x6f, 0x64, 0x65, 0x12, 0x66, 0x0a, 0x07, 0x47, 0x65, 0x74, 0x4e, 0x6f, 0x64, 0x65, 0x12,
-	0x1c, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47,
-	0x65, 0x74, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e,
-	0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74,
-	0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1e, 0x82, 0xd3,
-	0xe4, 0x93, 0x02, 0x18, 0x12, 0x16, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f,
-	0x64, 0x65, 0x2f, 0x7b, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x12, 0x6e, 0x0a, 0x07,
-	0x53, 0x65, 0x74, 0x54, 0x61, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
-	0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x67, 0x73, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
-	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x26, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x20, 0x3a, 0x01, 0x2a, 0x22,
-	0x1b, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x7b, 0x6e,
-	0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x74, 0x61, 0x67, 0x73, 0x12, 0x74, 0x0a, 0x0c,
-	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x21, 0x2e, 0x68,
-	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x69,
-	0x73, 0x74, 0x65, 0x72, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x1d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x17, 0x22, 0x15, 0x2f, 0x61, 0x70,
-	0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74,
-	0x65, 0x72, 0x12, 0x6f, 0x0a, 0x0a, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65,
-	0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e,
-	0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
-	0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31,
-	0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x6e, 0x73, 0x65, 0x22, 0x1e, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x18, 0x2a, 0x16, 0x2f, 0x61, 0x70,
-	0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x7b, 0x6e, 0x6f, 0x64, 0x65, 0x5f,
-	0x69, 0x64, 0x7d, 0x12, 0x76, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x4e, 0x6f, 0x64,
-	0x65, 0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31,
-	0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
-	0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
-	0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x25, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1f, 0x22, 0x1d, 0x2f, 0x61,
-	0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x7b, 0x6e, 0x6f, 0x64, 0x65,
-	0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x12, 0x81, 0x01, 0x0a, 0x0a,
-	0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61,
-	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65,
-	0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65,
-	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d,
-	0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x30, 0x82,
-	0xd3, 0xe4, 0x93, 0x02, 0x2a, 0x22, 0x28, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e,
-	0x6f, 0x64, 0x65, 0x2f, 0x7b, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x72, 0x65,
-	0x6e, 0x61, 0x6d, 0x65, 0x2f, 0x7b, 0x6e, 0x65, 0x77, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12,
-	0x62, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x4e, 0x6f, 0x64, 0x65, 0x73, 0x12, 0x1e, 0x2e, 0x68,
-	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
-	0x4e, 0x6f, 0x64, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x68,
-	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
-	0x4e, 0x6f, 0x64, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x14, 0x82,
-	0xd3, 0xe4, 0x93, 0x02, 0x0e, 0x12, 0x0c, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e,
-	0x6f, 0x64, 0x65, 0x12, 0x6e, 0x0a, 0x08, 0x4d, 0x6f, 0x76, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x12,
-	0x1d, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4d,
-	0x6f, 0x76, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e,
-	0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x6f,
-	0x76, 0x65, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x23,
-	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1d, 0x22, 0x1b, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f,
-	0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x7b, 0x6e, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x75,
-	0x73, 0x65, 0x72, 0x12, 0x64, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73,
-	0x12, 0x1e, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e,
-	0x47, 0x65, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e,
-	0x47, 0x65, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x22, 0x16, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x10, 0x12, 0x0e, 0x2f, 0x61, 0x70, 0x69, 0x2f,
-	0x76, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x7c, 0x0a, 0x0b, 0x45, 0x6e, 0x61,
-	0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
-	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x68, 0x65, 0x61,
-	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82,
-	0xd3, 0xe4, 0x93, 0x02, 0x22, 0x22, 0x20, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x72,
-	0x6f, 0x75, 0x74, 0x65, 0x73, 0x2f, 0x7b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x7d,
-	0x2f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x80, 0x01, 0x0a, 0x0c, 0x44, 0x69, 0x73, 0x61,
-	0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
-	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52,
-	0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x68, 0x65,
-	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62,
-	0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x23, 0x22, 0x21, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31,
-	0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x2f, 0x7b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69,
-	0x64, 0x7d, 0x2f, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x7f, 0x0a, 0x0d, 0x47, 0x65,
-	0x74, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x22, 0x2e, 0x68, 0x65,
-	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4e, 0x6f,
-	0x64, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x23, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47,
-	0x65, 0x74, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70,
-	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x25, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1f, 0x12, 0x1d, 0x2f, 0x61,
-	0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2f, 0x7b, 0x6e, 0x6f, 0x64, 0x65,
-	0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x75, 0x0a, 0x0b, 0x44,
-	0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x20, 0x2e, 0x68, 0x65, 0x61,
-	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x68,
+	0x74, 0x6f, 0x1a, 0x1a, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31,
+	0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19,
+	0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x6f, 0x75,
+	0x74, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x68, 0x65, 0x61, 0x64, 0x73,
+	0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70, 0x69, 0x6b, 0x65, 0x79, 0x2e, 0x70,
+	0x72, 0x6f, 0x74, 0x6f, 0x32, 0x8d, 0x18, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61,
+	0x6c, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x63, 0x0a, 0x07, 0x47, 0x65, 0x74,
+	0x55, 0x73, 0x65, 0x72, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65,
+	0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
+	0x31, 0x2e, 0x47, 0x65, 0x74, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x1b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x12, 0x13, 0x2f, 0x61, 0x70, 0x69, 0x2f,
+	0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12, 0x68,
+	0x0a, 0x0a, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x12, 0x1f, 0x2e, 0x68,
+	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61,
+	0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e,
+	0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x17, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x11, 0x3a, 0x01, 0x2a, 0x22, 0x0c, 0x2f, 0x61, 0x70, 0x69,
+	0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x12, 0x82, 0x01, 0x0a, 0x0a, 0x52, 0x65, 0x6e,
+	0x61, 0x6d, 0x65, 0x55, 0x73, 0x65, 0x72, 0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
+	0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x55, 0x73, 0x65,
+	0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
+	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x55, 0x73,
+	0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x31, 0x82, 0xd3, 0xe4, 0x93,
+	0x02, 0x2b, 0x22, 0x29, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72,
+	0x2f, 0x7b, 0x6f, 0x6c, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x2f, 0x72, 0x65, 0x6e, 0x61,
+	0x6d, 0x65, 0x2f, 0x7b, 0x6e, 0x65, 0x77, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12, 0x6c, 0x0a,
+	0x0a, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x12, 0x1f, 0x2e, 0x68, 0x65,
+	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74,
+	0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68,
 	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65,
-	0x74, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x21, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1b, 0x2a, 0x19, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31,
-	0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x2f, 0x7b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69,
-	0x64, 0x7d, 0x12, 0x70, 0x0a, 0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x69, 0x4b,
-	0x65, 0x79, 0x12, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
-	0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
-	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65,
-	0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x19, 0x82, 0xd3, 0xe4, 0x93, 0x02,
-	0x13, 0x3a, 0x01, 0x2a, 0x22, 0x0e, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70,
-	0x69, 0x6b, 0x65, 0x79, 0x12, 0x77, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x41, 0x70,
-	0x69, 0x4b, 0x65, 0x79, 0x12, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65,
-	0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
-	0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x41, 0x70, 0x69,
-	0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x20, 0x82, 0xd3, 0xe4,
-	0x93, 0x02, 0x1a, 0x3a, 0x01, 0x2a, 0x22, 0x15, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f,
-	0x61, 0x70, 0x69, 0x6b, 0x65, 0x79, 0x2f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x12, 0x6a, 0x0a,
-	0x0b, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x20, 0x2e, 0x68,
-	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74,
-	0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21,
-	0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69,
-	0x73, 0x74, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x22, 0x16, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x10, 0x12, 0x0e, 0x2f, 0x61, 0x70, 0x69, 0x2f,
-	0x76, 0x31, 0x2f, 0x61, 0x70, 0x69, 0x6b, 0x65, 0x79, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74,
-	0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6a, 0x75, 0x61, 0x6e, 0x66, 0x6f, 0x6e, 0x74,
-	0x2f, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67,
-	0x6f, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x74, 0x65, 0x55, 0x73, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1b,
+	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x15, 0x2a, 0x13, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f,
+	0x75, 0x73, 0x65, 0x72, 0x2f, 0x7b, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12, 0x62, 0x0a, 0x09, 0x4c,
+	0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72, 0x73, 0x12, 0x1e, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
+	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72,
+	0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
+	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x73, 0x65, 0x72,
+	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x14, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x0e, 0x12, 0x0c, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x12,
+	0x80, 0x01, 0x0a, 0x10, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74,
+	0x68, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65,
+	0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74,
+	0x68, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26, 0x2e, 0x68, 0x65,
+	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74,
+	0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x1d, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x17, 0x3a, 0x01, 0x2a, 0x22, 0x12,
+	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6b,
+	0x65, 0x79, 0x12, 0x87, 0x01, 0x0a, 0x10, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x50, 0x72, 0x65,
+	0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x12, 0x25, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
+	0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x50, 0x72, 0x65,
+	0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x26,
+	0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78,
+	0x70, 0x69, 0x72, 0x65, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x24, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1e, 0x3a, 0x01,
+	0x2a, 0x22, 0x19, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72, 0x65, 0x61, 0x75,
+	0x74, 0x68, 0x6b, 0x65, 0x79, 0x2f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x12, 0x7a, 0x0a, 0x0f,
+	0x4c, 0x69, 0x73, 0x74, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x12,
+	0x24, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c,
+	0x69, 0x73, 0x74, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
+	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x72, 0x65, 0x41, 0x75, 0x74, 0x68,
+	0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x1a, 0x82, 0xd3,
+	0xe4, 0x93, 0x02, 0x14, 0x12, 0x12, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72,
+	0x65, 0x61, 0x75, 0x74, 0x68, 0x6b, 0x65, 0x79, 0x12, 0x89, 0x01, 0x0a, 0x12, 0x44, 0x65, 0x62,
+	0x75, 0x67, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x12,
+	0x27, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44,
+	0x65, 0x62, 0x75, 0x67, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e,
+	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73,
+	0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x62, 0x75, 0x67, 0x43, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x20, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1a, 0x3a, 0x01, 0x2a, 0x22, 0x15, 0x2f,
+	0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x64, 0x65, 0x62, 0x75, 0x67, 0x2f, 0x6d, 0x61, 0x63,
+	0x68, 0x69, 0x6e, 0x65, 0x12, 0x75, 0x0a, 0x0a, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69,
+	0x6e, 0x65, 0x12, 0x1f, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
+	0x31, 0x2e, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e,
+	0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x73,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x24, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1e, 0x12, 0x1c, 0x2f,
+	0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x2f, 0x7b,
+	0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x12, 0x74, 0x0a, 0x07, 0x53,
+	0x65, 0x74, 0x54, 0x61, 0x67, 0x73, 0x12, 0x1c, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61,
+	0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x67, 0x73, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65,
+	0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x54, 0x61, 0x67, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x2c, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x26, 0x3a, 0x01, 0x2a, 0x22, 0x21,
+	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x2f,
+	0x7b, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x74, 0x61, 0x67,
+	0x73, 0x12, 0x80, 0x01, 0x0a, 0x0f, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x4d, 0x61,
+	0x63, 0x68, 0x69, 0x6e, 0x65, 0x12, 0x24, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
+	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x63,
+	0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x68, 0x65,
+	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73,
+	0x74, 0x65, 0x72, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x20, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1a, 0x22, 0x18, 0x2f, 0x61, 0x70, 0x69,
+	0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x2f, 0x72, 0x65, 0x67, 0x69,
+	0x73, 0x74, 0x65, 0x72, 0x12, 0x7e, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4d, 0x61,
+	0x63, 0x68, 0x69, 0x6e, 0x65, 0x12, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
+	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69,
+	0x6e, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x68, 0x65, 0x61, 0x64,
+	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4d,
+	0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x24,
+	0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1e, 0x2a, 0x1c, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f,
+	0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x2f, 0x7b, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65,
+	0x5f, 0x69, 0x64, 0x7d, 0x12, 0x85, 0x01, 0x0a, 0x0d, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x4d,
+	0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x12, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61,
+	0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x4d, 0x61, 0x63, 0x68,
+	0x69, 0x6e, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x68, 0x65, 0x61,
+	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65,
+	0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
+	0x2b, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x25, 0x22, 0x23, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31,
+	0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x2f, 0x7b, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e,
+	0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x12, 0x90, 0x01, 0x0a,
+	0x0d, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x12, 0x22,
+	0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65,
+	0x6e, 0x61, 0x6d, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x23, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
+	0x31, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x36, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x30, 0x22,
+	0x2e, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65,
+	0x2f, 0x7b, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x72, 0x65,
+	0x6e, 0x61, 0x6d, 0x65, 0x2f, 0x7b, 0x6e, 0x65, 0x77, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x7d, 0x12,
+	0x6e, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x73, 0x12,
+	0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c,
+	0x69, 0x73, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
+	0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x73, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x17, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x11, 0x12, 0x0f,
+	0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x12,
+	0x7d, 0x0a, 0x0b, 0x4d, 0x6f, 0x76, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x12, 0x20,
+	0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x6f,
+	0x76, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e,
+	0x4d, 0x6f, 0x76, 0x65, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x6e, 0x73, 0x65, 0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x23, 0x22, 0x21, 0x2f, 0x61, 0x70,
+	0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x2f, 0x7b, 0x6d, 0x61,
+	0x63, 0x68, 0x69, 0x6e, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x75, 0x73, 0x65, 0x72, 0x12, 0x64,
+	0x0a, 0x09, 0x47, 0x65, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x1e, 0x2e, 0x68, 0x65,
+	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x68, 0x65,
+	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x16, 0x82, 0xd3,
+	0xe4, 0x93, 0x02, 0x10, 0x12, 0x0e, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x6f,
+	0x75, 0x74, 0x65, 0x73, 0x12, 0x7c, 0x0a, 0x0b, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x12, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e,
+	0x76, 0x31, 0x2e, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65,
+	0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
+	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x28, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x22,
+	0x22, 0x20, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73,
+	0x2f, 0x7b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x65, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x12, 0x80, 0x01, 0x0a, 0x0c, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x12, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e,
+	0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61,
+	0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x29, 0x82, 0xd3, 0xe4, 0x93,
+	0x02, 0x23, 0x22, 0x21, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74,
+	0x65, 0x73, 0x2f, 0x7b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f, 0x64, 0x69,
+	0x73, 0x61, 0x62, 0x6c, 0x65, 0x12, 0x8e, 0x01, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x63,
+	0x68, 0x69, 0x6e, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x25, 0x2e, 0x68, 0x65, 0x61,
+	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x63,
+	0x68, 0x69, 0x6e, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
+	0x74, 0x1a, 0x26, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31,
+	0x2e, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2b, 0x82, 0xd3, 0xe4, 0x93, 0x02,
+	0x25, 0x12, 0x23, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69,
+	0x6e, 0x65, 0x2f, 0x7b, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x2f,
+	0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x12, 0x75, 0x0a, 0x0b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
+	0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c,
+	0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
+	0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x6f, 0x75,
+	0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x21, 0x82, 0xd3, 0xe4, 0x93,
+	0x02, 0x1b, 0x2a, 0x19, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x72, 0x6f, 0x75, 0x74,
+	0x65, 0x73, 0x2f, 0x7b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x7d, 0x12, 0x70, 0x0a,
+	0x0c, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x12, 0x21, 0x2e,
+	0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
+	0x1a, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e,
+	0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x6e, 0x73, 0x65, 0x22, 0x19, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x13, 0x3a, 0x01, 0x2a, 0x22,
+	0x0e, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70, 0x69, 0x6b, 0x65, 0x79, 0x12,
+	0x77, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x12,
+	0x21, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x45,
+	0x78, 0x70, 0x69, 0x72, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65,
+	0x73, 0x74, 0x1a, 0x22, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76,
+	0x31, 0x2e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x20, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1a, 0x3a, 0x01,
+	0x2a, 0x22, 0x15, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70, 0x69, 0x6b, 0x65,
+	0x79, 0x2f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x12, 0x6a, 0x0a, 0x0b, 0x4c, 0x69, 0x73, 0x74,
+	0x41, 0x70, 0x69, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x20, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63,
+	0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x69, 0x4b, 0x65,
+	0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x68, 0x65, 0x61, 0x64,
+	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x41, 0x70, 0x69,
+	0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x16, 0x82, 0xd3,
+	0xe4, 0x93, 0x02, 0x10, 0x12, 0x0e, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70,
+	0x69, 0x6b, 0x65, 0x79, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x6f, 0x6d, 0x2f, 0x6a, 0x75, 0x61, 0x6e, 0x66, 0x6f, 0x6e, 0x74, 0x2f, 0x68, 0x65, 0x61, 0x64,
+	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x62,
+	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var file_headscale_v1_headscale_proto_goTypes = []interface{}{
-	(*GetUserRequest)(nil),           // 0: headscale.v1.GetUserRequest
-	(*CreateUserRequest)(nil),        // 1: headscale.v1.CreateUserRequest
-	(*RenameUserRequest)(nil),        // 2: headscale.v1.RenameUserRequest
-	(*DeleteUserRequest)(nil),        // 3: headscale.v1.DeleteUserRequest
-	(*ListUsersRequest)(nil),         // 4: headscale.v1.ListUsersRequest
-	(*CreatePreAuthKeyRequest)(nil),  // 5: headscale.v1.CreatePreAuthKeyRequest
-	(*ExpirePreAuthKeyRequest)(nil),  // 6: headscale.v1.ExpirePreAuthKeyRequest
-	(*ListPreAuthKeysRequest)(nil),   // 7: headscale.v1.ListPreAuthKeysRequest
-	(*DebugCreateNodeRequest)(nil),   // 8: headscale.v1.DebugCreateNodeRequest
-	(*GetNodeRequest)(nil),           // 9: headscale.v1.GetNodeRequest
-	(*SetTagsRequest)(nil),           // 10: headscale.v1.SetTagsRequest
-	(*RegisterNodeRequest)(nil),      // 11: headscale.v1.RegisterNodeRequest
-	(*DeleteNodeRequest)(nil),        // 12: headscale.v1.DeleteNodeRequest
-	(*ExpireNodeRequest)(nil),        // 13: headscale.v1.ExpireNodeRequest
-	(*RenameNodeRequest)(nil),        // 14: headscale.v1.RenameNodeRequest
-	(*ListNodesRequest)(nil),         // 15: headscale.v1.ListNodesRequest
-	(*MoveNodeRequest)(nil),          // 16: headscale.v1.MoveNodeRequest
-	(*GetRoutesRequest)(nil),         // 17: headscale.v1.GetRoutesRequest
-	(*EnableRouteRequest)(nil),       // 18: headscale.v1.EnableRouteRequest
-	(*DisableRouteRequest)(nil),      // 19: headscale.v1.DisableRouteRequest
-	(*GetNodeRoutesRequest)(nil),     // 20: headscale.v1.GetNodeRoutesRequest
-	(*DeleteRouteRequest)(nil),       // 21: headscale.v1.DeleteRouteRequest
-	(*CreateApiKeyRequest)(nil),      // 22: headscale.v1.CreateApiKeyRequest
-	(*ExpireApiKeyRequest)(nil),      // 23: headscale.v1.ExpireApiKeyRequest
-	(*ListApiKeysRequest)(nil),       // 24: headscale.v1.ListApiKeysRequest
-	(*GetUserResponse)(nil),          // 25: headscale.v1.GetUserResponse
-	(*CreateUserResponse)(nil),       // 26: headscale.v1.CreateUserResponse
-	(*RenameUserResponse)(nil),       // 27: headscale.v1.RenameUserResponse
-	(*DeleteUserResponse)(nil),       // 28: headscale.v1.DeleteUserResponse
-	(*ListUsersResponse)(nil),        // 29: headscale.v1.ListUsersResponse
-	(*CreatePreAuthKeyResponse)(nil), // 30: headscale.v1.CreatePreAuthKeyResponse
-	(*ExpirePreAuthKeyResponse)(nil), // 31: headscale.v1.ExpirePreAuthKeyResponse
-	(*ListPreAuthKeysResponse)(nil),  // 32: headscale.v1.ListPreAuthKeysResponse
-	(*DebugCreateNodeResponse)(nil),  // 33: headscale.v1.DebugCreateNodeResponse
-	(*GetNodeResponse)(nil),          // 34: headscale.v1.GetNodeResponse
-	(*SetTagsResponse)(nil),          // 35: headscale.v1.SetTagsResponse
-	(*RegisterNodeResponse)(nil),     // 36: headscale.v1.RegisterNodeResponse
-	(*DeleteNodeResponse)(nil),       // 37: headscale.v1.DeleteNodeResponse
-	(*ExpireNodeResponse)(nil),       // 38: headscale.v1.ExpireNodeResponse
-	(*RenameNodeResponse)(nil),       // 39: headscale.v1.RenameNodeResponse
-	(*ListNodesResponse)(nil),        // 40: headscale.v1.ListNodesResponse
-	(*MoveNodeResponse)(nil),         // 41: headscale.v1.MoveNodeResponse
-	(*GetRoutesResponse)(nil),        // 42: headscale.v1.GetRoutesResponse
-	(*EnableRouteResponse)(nil),      // 43: headscale.v1.EnableRouteResponse
-	(*DisableRouteResponse)(nil),     // 44: headscale.v1.DisableRouteResponse
-	(*GetNodeRoutesResponse)(nil),    // 45: headscale.v1.GetNodeRoutesResponse
-	(*DeleteRouteResponse)(nil),      // 46: headscale.v1.DeleteRouteResponse
-	(*CreateApiKeyResponse)(nil),     // 47: headscale.v1.CreateApiKeyResponse
-	(*ExpireApiKeyResponse)(nil),     // 48: headscale.v1.ExpireApiKeyResponse
-	(*ListApiKeysResponse)(nil),      // 49: headscale.v1.ListApiKeysResponse
+	(*GetUserRequest)(nil),             // 0: headscale.v1.GetUserRequest
+	(*CreateUserRequest)(nil),          // 1: headscale.v1.CreateUserRequest
+	(*RenameUserRequest)(nil),          // 2: headscale.v1.RenameUserRequest
+	(*DeleteUserRequest)(nil),          // 3: headscale.v1.DeleteUserRequest
+	(*ListUsersRequest)(nil),           // 4: headscale.v1.ListUsersRequest
+	(*CreatePreAuthKeyRequest)(nil),    // 5: headscale.v1.CreatePreAuthKeyRequest
+	(*ExpirePreAuthKeyRequest)(nil),    // 6: headscale.v1.ExpirePreAuthKeyRequest
+	(*ListPreAuthKeysRequest)(nil),     // 7: headscale.v1.ListPreAuthKeysRequest
+	(*DebugCreateMachineRequest)(nil),  // 8: headscale.v1.DebugCreateMachineRequest
+	(*GetMachineRequest)(nil),          // 9: headscale.v1.GetMachineRequest
+	(*SetTagsRequest)(nil),             // 10: headscale.v1.SetTagsRequest
+	(*RegisterMachineRequest)(nil),     // 11: headscale.v1.RegisterMachineRequest
+	(*DeleteMachineRequest)(nil),       // 12: headscale.v1.DeleteMachineRequest
+	(*ExpireMachineRequest)(nil),       // 13: headscale.v1.ExpireMachineRequest
+	(*RenameMachineRequest)(nil),       // 14: headscale.v1.RenameMachineRequest
+	(*ListMachinesRequest)(nil),        // 15: headscale.v1.ListMachinesRequest
+	(*MoveMachineRequest)(nil),         // 16: headscale.v1.MoveMachineRequest
+	(*GetRoutesRequest)(nil),           // 17: headscale.v1.GetRoutesRequest
+	(*EnableRouteRequest)(nil),         // 18: headscale.v1.EnableRouteRequest
+	(*DisableRouteRequest)(nil),        // 19: headscale.v1.DisableRouteRequest
+	(*GetMachineRoutesRequest)(nil),    // 20: headscale.v1.GetMachineRoutesRequest
+	(*DeleteRouteRequest)(nil),         // 21: headscale.v1.DeleteRouteRequest
+	(*CreateApiKeyRequest)(nil),        // 22: headscale.v1.CreateApiKeyRequest
+	(*ExpireApiKeyRequest)(nil),        // 23: headscale.v1.ExpireApiKeyRequest
+	(*ListApiKeysRequest)(nil),         // 24: headscale.v1.ListApiKeysRequest
+	(*GetUserResponse)(nil),            // 25: headscale.v1.GetUserResponse
+	(*CreateUserResponse)(nil),         // 26: headscale.v1.CreateUserResponse
+	(*RenameUserResponse)(nil),         // 27: headscale.v1.RenameUserResponse
+	(*DeleteUserResponse)(nil),         // 28: headscale.v1.DeleteUserResponse
+	(*ListUsersResponse)(nil),          // 29: headscale.v1.ListUsersResponse
+	(*CreatePreAuthKeyResponse)(nil),   // 30: headscale.v1.CreatePreAuthKeyResponse
+	(*ExpirePreAuthKeyResponse)(nil),   // 31: headscale.v1.ExpirePreAuthKeyResponse
+	(*ListPreAuthKeysResponse)(nil),    // 32: headscale.v1.ListPreAuthKeysResponse
+	(*DebugCreateMachineResponse)(nil), // 33: headscale.v1.DebugCreateMachineResponse
+	(*GetMachineResponse)(nil),         // 34: headscale.v1.GetMachineResponse
+	(*SetTagsResponse)(nil),            // 35: headscale.v1.SetTagsResponse
+	(*RegisterMachineResponse)(nil),    // 36: headscale.v1.RegisterMachineResponse
+	(*DeleteMachineResponse)(nil),      // 37: headscale.v1.DeleteMachineResponse
+	(*ExpireMachineResponse)(nil),      // 38: headscale.v1.ExpireMachineResponse
+	(*RenameMachineResponse)(nil),      // 39: headscale.v1.RenameMachineResponse
+	(*ListMachinesResponse)(nil),       // 40: headscale.v1.ListMachinesResponse
+	(*MoveMachineResponse)(nil),        // 41: headscale.v1.MoveMachineResponse
+	(*GetRoutesResponse)(nil),          // 42: headscale.v1.GetRoutesResponse
+	(*EnableRouteResponse)(nil),        // 43: headscale.v1.EnableRouteResponse
+	(*DisableRouteResponse)(nil),       // 44: headscale.v1.DisableRouteResponse
+	(*GetMachineRoutesResponse)(nil),   // 45: headscale.v1.GetMachineRoutesResponse
+	(*DeleteRouteResponse)(nil),        // 46: headscale.v1.DeleteRouteResponse
+	(*CreateApiKeyResponse)(nil),       // 47: headscale.v1.CreateApiKeyResponse
+	(*ExpireApiKeyResponse)(nil),       // 48: headscale.v1.ExpireApiKeyResponse
+	(*ListApiKeysResponse)(nil),        // 49: headscale.v1.ListApiKeysResponse
 }
 var file_headscale_v1_headscale_proto_depIdxs = []int32{
 	0,  // 0: headscale.v1.HeadscaleService.GetUser:input_type -> headscale.v1.GetUserRequest
@@ -287,19 +296,19 @@ var file_headscale_v1_headscale_proto_depIdxs = []int32{
 	5,  // 5: headscale.v1.HeadscaleService.CreatePreAuthKey:input_type -> headscale.v1.CreatePreAuthKeyRequest
 	6,  // 6: headscale.v1.HeadscaleService.ExpirePreAuthKey:input_type -> headscale.v1.ExpirePreAuthKeyRequest
 	7,  // 7: headscale.v1.HeadscaleService.ListPreAuthKeys:input_type -> headscale.v1.ListPreAuthKeysRequest
-	8,  // 8: headscale.v1.HeadscaleService.DebugCreateNode:input_type -> headscale.v1.DebugCreateNodeRequest
-	9,  // 9: headscale.v1.HeadscaleService.GetNode:input_type -> headscale.v1.GetNodeRequest
+	8,  // 8: headscale.v1.HeadscaleService.DebugCreateMachine:input_type -> headscale.v1.DebugCreateMachineRequest
+	9,  // 9: headscale.v1.HeadscaleService.GetMachine:input_type -> headscale.v1.GetMachineRequest
 	10, // 10: headscale.v1.HeadscaleService.SetTags:input_type -> headscale.v1.SetTagsRequest
-	11, // 11: headscale.v1.HeadscaleService.RegisterNode:input_type -> headscale.v1.RegisterNodeRequest
-	12, // 12: headscale.v1.HeadscaleService.DeleteNode:input_type -> headscale.v1.DeleteNodeRequest
-	13, // 13: headscale.v1.HeadscaleService.ExpireNode:input_type -> headscale.v1.ExpireNodeRequest
-	14, // 14: headscale.v1.HeadscaleService.RenameNode:input_type -> headscale.v1.RenameNodeRequest
-	15, // 15: headscale.v1.HeadscaleService.ListNodes:input_type -> headscale.v1.ListNodesRequest
-	16, // 16: headscale.v1.HeadscaleService.MoveNode:input_type -> headscale.v1.MoveNodeRequest
+	11, // 11: headscale.v1.HeadscaleService.RegisterMachine:input_type -> headscale.v1.RegisterMachineRequest
+	12, // 12: headscale.v1.HeadscaleService.DeleteMachine:input_type -> headscale.v1.DeleteMachineRequest
+	13, // 13: headscale.v1.HeadscaleService.ExpireMachine:input_type -> headscale.v1.ExpireMachineRequest
+	14, // 14: headscale.v1.HeadscaleService.RenameMachine:input_type -> headscale.v1.RenameMachineRequest
+	15, // 15: headscale.v1.HeadscaleService.ListMachines:input_type -> headscale.v1.ListMachinesRequest
+	16, // 16: headscale.v1.HeadscaleService.MoveMachine:input_type -> headscale.v1.MoveMachineRequest
 	17, // 17: headscale.v1.HeadscaleService.GetRoutes:input_type -> headscale.v1.GetRoutesRequest
 	18, // 18: headscale.v1.HeadscaleService.EnableRoute:input_type -> headscale.v1.EnableRouteRequest
 	19, // 19: headscale.v1.HeadscaleService.DisableRoute:input_type -> headscale.v1.DisableRouteRequest
-	20, // 20: headscale.v1.HeadscaleService.GetNodeRoutes:input_type -> headscale.v1.GetNodeRoutesRequest
+	20, // 20: headscale.v1.HeadscaleService.GetMachineRoutes:input_type -> headscale.v1.GetMachineRoutesRequest
 	21, // 21: headscale.v1.HeadscaleService.DeleteRoute:input_type -> headscale.v1.DeleteRouteRequest
 	22, // 22: headscale.v1.HeadscaleService.CreateApiKey:input_type -> headscale.v1.CreateApiKeyRequest
 	23, // 23: headscale.v1.HeadscaleService.ExpireApiKey:input_type -> headscale.v1.ExpireApiKeyRequest
@@ -312,19 +321,19 @@ var file_headscale_v1_headscale_proto_depIdxs = []int32{
 	30, // 30: headscale.v1.HeadscaleService.CreatePreAuthKey:output_type -> headscale.v1.CreatePreAuthKeyResponse
 	31, // 31: headscale.v1.HeadscaleService.ExpirePreAuthKey:output_type -> headscale.v1.ExpirePreAuthKeyResponse
 	32, // 32: headscale.v1.HeadscaleService.ListPreAuthKeys:output_type -> headscale.v1.ListPreAuthKeysResponse
-	33, // 33: headscale.v1.HeadscaleService.DebugCreateNode:output_type -> headscale.v1.DebugCreateNodeResponse
-	34, // 34: headscale.v1.HeadscaleService.GetNode:output_type -> headscale.v1.GetNodeResponse
+	33, // 33: headscale.v1.HeadscaleService.DebugCreateMachine:output_type -> headscale.v1.DebugCreateMachineResponse
+	34, // 34: headscale.v1.HeadscaleService.GetMachine:output_type -> headscale.v1.GetMachineResponse
 	35, // 35: headscale.v1.HeadscaleService.SetTags:output_type -> headscale.v1.SetTagsResponse
-	36, // 36: headscale.v1.HeadscaleService.RegisterNode:output_type -> headscale.v1.RegisterNodeResponse
-	37, // 37: headscale.v1.HeadscaleService.DeleteNode:output_type -> headscale.v1.DeleteNodeResponse
-	38, // 38: headscale.v1.HeadscaleService.ExpireNode:output_type -> headscale.v1.ExpireNodeResponse
-	39, // 39: headscale.v1.HeadscaleService.RenameNode:output_type -> headscale.v1.RenameNodeResponse
-	40, // 40: headscale.v1.HeadscaleService.ListNodes:output_type -> headscale.v1.ListNodesResponse
-	41, // 41: headscale.v1.HeadscaleService.MoveNode:output_type -> headscale.v1.MoveNodeResponse
+	36, // 36: headscale.v1.HeadscaleService.RegisterMachine:output_type -> headscale.v1.RegisterMachineResponse
+	37, // 37: headscale.v1.HeadscaleService.DeleteMachine:output_type -> headscale.v1.DeleteMachineResponse
+	38, // 38: headscale.v1.HeadscaleService.ExpireMachine:output_type -> headscale.v1.ExpireMachineResponse
+	39, // 39: headscale.v1.HeadscaleService.RenameMachine:output_type -> headscale.v1.RenameMachineResponse
+	40, // 40: headscale.v1.HeadscaleService.ListMachines:output_type -> headscale.v1.ListMachinesResponse
+	41, // 41: headscale.v1.HeadscaleService.MoveMachine:output_type -> headscale.v1.MoveMachineResponse
 	42, // 42: headscale.v1.HeadscaleService.GetRoutes:output_type -> headscale.v1.GetRoutesResponse
 	43, // 43: headscale.v1.HeadscaleService.EnableRoute:output_type -> headscale.v1.EnableRouteResponse
 	44, // 44: headscale.v1.HeadscaleService.DisableRoute:output_type -> headscale.v1.DisableRouteResponse
-	45, // 45: headscale.v1.HeadscaleService.GetNodeRoutes:output_type -> headscale.v1.GetNodeRoutesResponse
+	45, // 45: headscale.v1.HeadscaleService.GetMachineRoutes:output_type -> headscale.v1.GetMachineRoutesResponse
 	46, // 46: headscale.v1.HeadscaleService.DeleteRoute:output_type -> headscale.v1.DeleteRouteResponse
 	47, // 47: headscale.v1.HeadscaleService.CreateApiKey:output_type -> headscale.v1.CreateApiKeyResponse
 	48, // 48: headscale.v1.HeadscaleService.ExpireApiKey:output_type -> headscale.v1.ExpireApiKeyResponse
@@ -343,7 +352,7 @@ func file_headscale_v1_headscale_proto_init() {
 	}
 	file_headscale_v1_user_proto_init()
 	file_headscale_v1_preauthkey_proto_init()
-	file_headscale_v1_node_proto_init()
+	file_headscale_v1_machine_proto_init()
 	file_headscale_v1_routes_proto_init()
 	file_headscale_v1_apikey_proto_init()
 	type x struct{}

gen/go/headscale/v1/headscale_grpc.pb.go

@@ -19,31 +19,31 @@ import (
 const _ = grpc.SupportPackageIsVersion7
 
 const (
-	HeadscaleService_GetUser_FullMethodName          = "/headscale.v1.HeadscaleService/GetUser"
-	HeadscaleService_CreateUser_FullMethodName       = "/headscale.v1.HeadscaleService/CreateUser"
-	HeadscaleService_RenameUser_FullMethodName       = "/headscale.v1.HeadscaleService/RenameUser"
-	HeadscaleService_DeleteUser_FullMethodName       = "/headscale.v1.HeadscaleService/DeleteUser"
-	HeadscaleService_ListUsers_FullMethodName        = "/headscale.v1.HeadscaleService/ListUsers"
-	HeadscaleService_CreatePreAuthKey_FullMethodName = "/headscale.v1.HeadscaleService/CreatePreAuthKey"
-	HeadscaleService_ExpirePreAuthKey_FullMethodName = "/headscale.v1.HeadscaleService/ExpirePreAuthKey"
-	HeadscaleService_ListPreAuthKeys_FullMethodName  = "/headscale.v1.HeadscaleService/ListPreAuthKeys"
-	HeadscaleService_DebugCreateNode_FullMethodName  = "/headscale.v1.HeadscaleService/DebugCreateNode"
-	HeadscaleService_GetNode_FullMethodName          = "/headscale.v1.HeadscaleService/GetNode"
-	HeadscaleService_SetTags_FullMethodName          = "/headscale.v1.HeadscaleService/SetTags"
-	HeadscaleService_RegisterNode_FullMethodName     = "/headscale.v1.HeadscaleService/RegisterNode"
-	HeadscaleService_DeleteNode_FullMethodName       = "/headscale.v1.HeadscaleService/DeleteNode"
-	HeadscaleService_ExpireNode_FullMethodName       = "/headscale.v1.HeadscaleService/ExpireNode"
-	HeadscaleService_RenameNode_FullMethodName       = "/headscale.v1.HeadscaleService/RenameNode"
-	HeadscaleService_ListNodes_FullMethodName        = "/headscale.v1.HeadscaleService/ListNodes"
-	HeadscaleService_MoveNode_FullMethodName         = "/headscale.v1.HeadscaleService/MoveNode"
-	HeadscaleService_GetRoutes_FullMethodName        = "/headscale.v1.HeadscaleService/GetRoutes"
-	HeadscaleService_EnableRoute_FullMethodName      = "/headscale.v1.HeadscaleService/EnableRoute"
-	HeadscaleService_DisableRoute_FullMethodName     = "/headscale.v1.HeadscaleService/DisableRoute"
-	HeadscaleService_GetNodeRoutes_FullMethodName    = "/headscale.v1.HeadscaleService/GetNodeRoutes"
-	HeadscaleService_DeleteRoute_FullMethodName      = "/headscale.v1.HeadscaleService/DeleteRoute"
-	HeadscaleService_CreateApiKey_FullMethodName     = "/headscale.v1.HeadscaleService/CreateApiKey"
-	HeadscaleService_ExpireApiKey_FullMethodName     = "/headscale.v1.HeadscaleService/ExpireApiKey"
-	HeadscaleService_ListApiKeys_FullMethodName      = "/headscale.v1.HeadscaleService/ListApiKeys"
+	HeadscaleService_GetUser_FullMethodName            = "/headscale.v1.HeadscaleService/GetUser"
+	HeadscaleService_CreateUser_FullMethodName         = "/headscale.v1.HeadscaleService/CreateUser"
+	HeadscaleService_RenameUser_FullMethodName         = "/headscale.v1.HeadscaleService/RenameUser"
+	HeadscaleService_DeleteUser_FullMethodName         = "/headscale.v1.HeadscaleService/DeleteUser"
+	HeadscaleService_ListUsers_FullMethodName          = "/headscale.v1.HeadscaleService/ListUsers"
+	HeadscaleService_CreatePreAuthKey_FullMethodName   = "/headscale.v1.HeadscaleService/CreatePreAuthKey"
+	HeadscaleService_ExpirePreAuthKey_FullMethodName   = "/headscale.v1.HeadscaleService/ExpirePreAuthKey"
+	HeadscaleService_ListPreAuthKeys_FullMethodName    = "/headscale.v1.HeadscaleService/ListPreAuthKeys"
+	HeadscaleService_DebugCreateMachine_FullMethodName = "/headscale.v1.HeadscaleService/DebugCreateMachine"
+	HeadscaleService_GetMachine_FullMethodName         = "/headscale.v1.HeadscaleService/GetMachine"
+	HeadscaleService_SetTags_FullMethodName            = "/headscale.v1.HeadscaleService/SetTags"
+	HeadscaleService_RegisterMachine_FullMethodName    = "/headscale.v1.HeadscaleService/RegisterMachine"
+	HeadscaleService_DeleteMachine_FullMethodName      = "/headscale.v1.HeadscaleService/DeleteMachine"
+	HeadscaleService_ExpireMachine_FullMethodName      = "/headscale.v1.HeadscaleService/ExpireMachine"
+	HeadscaleService_RenameMachine_FullMethodName      = "/headscale.v1.HeadscaleService/RenameMachine"
+	HeadscaleService_ListMachines_FullMethodName       = "/headscale.v1.HeadscaleService/ListMachines"
+	HeadscaleService_MoveMachine_FullMethodName        = "/headscale.v1.HeadscaleService/MoveMachine"
+	HeadscaleService_GetRoutes_FullMethodName          = "/headscale.v1.HeadscaleService/GetRoutes"
+	HeadscaleService_EnableRoute_FullMethodName        = "/headscale.v1.HeadscaleService/EnableRoute"
+	HeadscaleService_DisableRoute_FullMethodName       = "/headscale.v1.HeadscaleService/DisableRoute"
+	HeadscaleService_GetMachineRoutes_FullMethodName   = "/headscale.v1.HeadscaleService/GetMachineRoutes"
+	HeadscaleService_DeleteRoute_FullMethodName        = "/headscale.v1.HeadscaleService/DeleteRoute"
+	HeadscaleService_CreateApiKey_FullMethodName       = "/headscale.v1.HeadscaleService/CreateApiKey"
+	HeadscaleService_ExpireApiKey_FullMethodName       = "/headscale.v1.HeadscaleService/ExpireApiKey"
+	HeadscaleService_ListApiKeys_FullMethodName        = "/headscale.v1.HeadscaleService/ListApiKeys"
 )
 
 // HeadscaleServiceClient is the client API for HeadscaleService service.
@@ -60,21 +60,21 @@ type HeadscaleServiceClient interface {
 	CreatePreAuthKey(ctx context.Context, in *CreatePreAuthKeyRequest, opts ...grpc.CallOption) (*CreatePreAuthKeyResponse, error)
 	ExpirePreAuthKey(ctx context.Context, in *ExpirePreAuthKeyRequest, opts ...grpc.CallOption) (*ExpirePreAuthKeyResponse, error)
 	ListPreAuthKeys(ctx context.Context, in *ListPreAuthKeysRequest, opts ...grpc.CallOption) (*ListPreAuthKeysResponse, error)
-	// --- Node start ---
-	DebugCreateNode(ctx context.Context, in *DebugCreateNodeRequest, opts ...grpc.CallOption) (*DebugCreateNodeResponse, error)
-	GetNode(ctx context.Context, in *GetNodeRequest, opts ...grpc.CallOption) (*GetNodeResponse, error)
+	// --- Machine start ---
+	DebugCreateMachine(ctx context.Context, in *DebugCreateMachineRequest, opts ...grpc.CallOption) (*DebugCreateMachineResponse, error)
+	GetMachine(ctx context.Context, in *GetMachineRequest, opts ...grpc.CallOption) (*GetMachineResponse, error)
 	SetTags(ctx context.Context, in *SetTagsRequest, opts ...grpc.CallOption) (*SetTagsResponse, error)
-	RegisterNode(ctx context.Context, in *RegisterNodeRequest, opts ...grpc.CallOption) (*RegisterNodeResponse, error)
-	DeleteNode(ctx context.Context, in *DeleteNodeRequest, opts ...grpc.CallOption) (*DeleteNodeResponse, error)
-	ExpireNode(ctx context.Context, in *ExpireNodeRequest, opts ...grpc.CallOption) (*ExpireNodeResponse, error)
-	RenameNode(ctx context.Context, in *RenameNodeRequest, opts ...grpc.CallOption) (*RenameNodeResponse, error)
-	ListNodes(ctx context.Context, in *ListNodesRequest, opts ...grpc.CallOption) (*ListNodesResponse, error)
-	MoveNode(ctx context.Context, in *MoveNodeRequest, opts ...grpc.CallOption) (*MoveNodeResponse, error)
+	RegisterMachine(ctx context.Context, in *RegisterMachineRequest, opts ...grpc.CallOption) (*RegisterMachineResponse, error)
+	DeleteMachine(ctx context.Context, in *DeleteMachineRequest, opts ...grpc.CallOption) (*DeleteMachineResponse, error)
+	ExpireMachine(ctx context.Context, in *ExpireMachineRequest, opts ...grpc.CallOption) (*ExpireMachineResponse, error)
+	RenameMachine(ctx context.Context, in *RenameMachineRequest, opts ...grpc.CallOption) (*RenameMachineResponse, error)
+	ListMachines(ctx context.Context, in *ListMachinesRequest, opts ...grpc.CallOption) (*ListMachinesResponse, error)
+	MoveMachine(ctx context.Context, in *MoveMachineRequest, opts ...grpc.CallOption) (*MoveMachineResponse, error)
 	// --- Route start ---
 	GetRoutes(ctx context.Context, in *GetRoutesRequest, opts ...grpc.CallOption) (*GetRoutesResponse, error)
 	EnableRoute(ctx context.Context, in *EnableRouteRequest, opts ...grpc.CallOption) (*EnableRouteResponse, error)
 	DisableRoute(ctx context.Context, in *DisableRouteRequest, opts ...grpc.CallOption) (*DisableRouteResponse, error)
-	GetNodeRoutes(ctx context.Context, in *GetNodeRoutesRequest, opts ...grpc.CallOption) (*GetNodeRoutesResponse, error)
+	GetMachineRoutes(ctx context.Context, in *GetMachineRoutesRequest, opts ...grpc.CallOption) (*GetMachineRoutesResponse, error)
 	DeleteRoute(ctx context.Context, in *DeleteRouteRequest, opts ...grpc.CallOption) (*DeleteRouteResponse, error)
 	// --- ApiKeys start ---
 	CreateApiKey(ctx context.Context, in *CreateApiKeyRequest, opts ...grpc.CallOption) (*CreateApiKeyResponse, error)
@@ -162,18 +162,18 @@ func (c *headscaleServiceClient) ListPreAuthKeys(ctx context.Context, in *ListPr
 	return out, nil
 }
 
-func (c *headscaleServiceClient) DebugCreateNode(ctx context.Context, in *DebugCreateNodeRequest, opts ...grpc.CallOption) (*DebugCreateNodeResponse, error) {
-	out := new(DebugCreateNodeResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_DebugCreateNode_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) DebugCreateMachine(ctx context.Context, in *DebugCreateMachineRequest, opts ...grpc.CallOption) (*DebugCreateMachineResponse, error) {
+	out := new(DebugCreateMachineResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_DebugCreateMachine_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *headscaleServiceClient) GetNode(ctx context.Context, in *GetNodeRequest, opts ...grpc.CallOption) (*GetNodeResponse, error) {
-	out := new(GetNodeResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_GetNode_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) GetMachine(ctx context.Context, in *GetMachineRequest, opts ...grpc.CallOption) (*GetMachineResponse, error) {
+	out := new(GetMachineResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_GetMachine_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -189,54 +189,54 @@ func (c *headscaleServiceClient) SetTags(ctx context.Context, in *SetTagsRequest
 	return out, nil
 }
 
-func (c *headscaleServiceClient) RegisterNode(ctx context.Context, in *RegisterNodeRequest, opts ...grpc.CallOption) (*RegisterNodeResponse, error) {
-	out := new(RegisterNodeResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_RegisterNode_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) RegisterMachine(ctx context.Context, in *RegisterMachineRequest, opts ...grpc.CallOption) (*RegisterMachineResponse, error) {
+	out := new(RegisterMachineResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_RegisterMachine_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *headscaleServiceClient) DeleteNode(ctx context.Context, in *DeleteNodeRequest, opts ...grpc.CallOption) (*DeleteNodeResponse, error) {
-	out := new(DeleteNodeResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_DeleteNode_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) DeleteMachine(ctx context.Context, in *DeleteMachineRequest, opts ...grpc.CallOption) (*DeleteMachineResponse, error) {
+	out := new(DeleteMachineResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_DeleteMachine_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *headscaleServiceClient) ExpireNode(ctx context.Context, in *ExpireNodeRequest, opts ...grpc.CallOption) (*ExpireNodeResponse, error) {
-	out := new(ExpireNodeResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_ExpireNode_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) ExpireMachine(ctx context.Context, in *ExpireMachineRequest, opts ...grpc.CallOption) (*ExpireMachineResponse, error) {
+	out := new(ExpireMachineResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_ExpireMachine_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *headscaleServiceClient) RenameNode(ctx context.Context, in *RenameNodeRequest, opts ...grpc.CallOption) (*RenameNodeResponse, error) {
-	out := new(RenameNodeResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_RenameNode_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) RenameMachine(ctx context.Context, in *RenameMachineRequest, opts ...grpc.CallOption) (*RenameMachineResponse, error) {
+	out := new(RenameMachineResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_RenameMachine_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *headscaleServiceClient) ListNodes(ctx context.Context, in *ListNodesRequest, opts ...grpc.CallOption) (*ListNodesResponse, error) {
-	out := new(ListNodesResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_ListNodes_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) ListMachines(ctx context.Context, in *ListMachinesRequest, opts ...grpc.CallOption) (*ListMachinesResponse, error) {
+	out := new(ListMachinesResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_ListMachines_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-func (c *headscaleServiceClient) MoveNode(ctx context.Context, in *MoveNodeRequest, opts ...grpc.CallOption) (*MoveNodeResponse, error) {
-	out := new(MoveNodeResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_MoveNode_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) MoveMachine(ctx context.Context, in *MoveMachineRequest, opts ...grpc.CallOption) (*MoveMachineResponse, error) {
+	out := new(MoveMachineResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_MoveMachine_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -270,9 +270,9 @@ func (c *headscaleServiceClient) DisableRoute(ctx context.Context, in *DisableRo
 	return out, nil
 }
 
-func (c *headscaleServiceClient) GetNodeRoutes(ctx context.Context, in *GetNodeRoutesRequest, opts ...grpc.CallOption) (*GetNodeRoutesResponse, error) {
-	out := new(GetNodeRoutesResponse)
-	err := c.cc.Invoke(ctx, HeadscaleService_GetNodeRoutes_FullMethodName, in, out, opts...)
+func (c *headscaleServiceClient) GetMachineRoutes(ctx context.Context, in *GetMachineRoutesRequest, opts ...grpc.CallOption) (*GetMachineRoutesResponse, error) {
+	out := new(GetMachineRoutesResponse)
+	err := c.cc.Invoke(ctx, HeadscaleService_GetMachineRoutes_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
@@ -329,21 +329,21 @@ type HeadscaleServiceServer interface {
 	CreatePreAuthKey(context.Context, *CreatePreAuthKeyRequest) (*CreatePreAuthKeyResponse, error)
 	ExpirePreAuthKey(context.Context, *ExpirePreAuthKeyRequest) (*ExpirePreAuthKeyResponse, error)
 	ListPreAuthKeys(context.Context, *ListPreAuthKeysRequest) (*ListPreAuthKeysResponse, error)
-	// --- Node start ---
-	DebugCreateNode(context.Context, *DebugCreateNodeRequest) (*DebugCreateNodeResponse, error)
-	GetNode(context.Context, *GetNodeRequest) (*GetNodeResponse, error)
+	// --- Machine start ---
+	DebugCreateMachine(context.Context, *DebugCreateMachineRequest) (*DebugCreateMachineResponse, error)
+	GetMachine(context.Context, *GetMachineRequest) (*GetMachineResponse, error)
 	SetTags(context.Context, *SetTagsRequest) (*SetTagsResponse, error)
-	RegisterNode(context.Context, *RegisterNodeRequest) (*RegisterNodeResponse, error)
-	DeleteNode(context.Context, *DeleteNodeRequest) (*DeleteNodeResponse, error)
-	ExpireNode(context.Context, *ExpireNodeRequest) (*ExpireNodeResponse, error)
-	RenameNode(context.Context, *RenameNodeRequest) (*RenameNodeResponse, error)
-	ListNodes(context.Context, *ListNodesRequest) (*ListNodesResponse, error)
-	MoveNode(context.Context, *MoveNodeRequest) (*MoveNodeResponse, error)
+	RegisterMachine(context.Context, *RegisterMachineRequest) (*RegisterMachineResponse, error)
+	DeleteMachine(context.Context, *DeleteMachineRequest) (*DeleteMachineResponse, error)
+	ExpireMachine(context.Context, *ExpireMachineRequest) (*ExpireMachineResponse, error)
+	RenameMachine(context.Context, *RenameMachineRequest) (*RenameMachineResponse, error)
+	ListMachines(context.Context, *ListMachinesRequest) (*ListMachinesResponse, error)
+	MoveMachine(context.Context, *MoveMachineRequest) (*MoveMachineResponse, error)
 	// --- Route start ---
 	GetRoutes(context.Context, *GetRoutesRequest) (*GetRoutesResponse, error)
 	EnableRoute(context.Context, *EnableRouteRequest) (*EnableRouteResponse, error)
 	DisableRoute(context.Context, *DisableRouteRequest) (*DisableRouteResponse, error)
-	GetNodeRoutes(context.Context, *GetNodeRoutesRequest) (*GetNodeRoutesResponse, error)
+	GetMachineRoutes(context.Context, *GetMachineRoutesRequest) (*GetMachineRoutesResponse, error)
 	DeleteRoute(context.Context, *DeleteRouteRequest) (*DeleteRouteResponse, error)
 	// --- ApiKeys start ---
 	CreateApiKey(context.Context, *CreateApiKeyRequest) (*CreateApiKeyResponse, error)
@@ -380,32 +380,32 @@ func (UnimplementedHeadscaleServiceServer) ExpirePreAuthKey(context.Context, *Ex
 func (UnimplementedHeadscaleServiceServer) ListPreAuthKeys(context.Context, *ListPreAuthKeysRequest) (*ListPreAuthKeysResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method ListPreAuthKeys not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) DebugCreateNode(context.Context, *DebugCreateNodeRequest) (*DebugCreateNodeResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method DebugCreateNode not implemented")
+func (UnimplementedHeadscaleServiceServer) DebugCreateMachine(context.Context, *DebugCreateMachineRequest) (*DebugCreateMachineResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DebugCreateMachine not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) GetNode(context.Context, *GetNodeRequest) (*GetNodeResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetNode not implemented")
+func (UnimplementedHeadscaleServiceServer) GetMachine(context.Context, *GetMachineRequest) (*GetMachineResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetMachine not implemented")
 }
 func (UnimplementedHeadscaleServiceServer) SetTags(context.Context, *SetTagsRequest) (*SetTagsResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method SetTags not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) RegisterNode(context.Context, *RegisterNodeRequest) (*RegisterNodeResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method RegisterNode not implemented")
+func (UnimplementedHeadscaleServiceServer) RegisterMachine(context.Context, *RegisterMachineRequest) (*RegisterMachineResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RegisterMachine not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) DeleteNode(context.Context, *DeleteNodeRequest) (*DeleteNodeResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method DeleteNode not implemented")
+func (UnimplementedHeadscaleServiceServer) DeleteMachine(context.Context, *DeleteMachineRequest) (*DeleteMachineResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteMachine not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) ExpireNode(context.Context, *ExpireNodeRequest) (*ExpireNodeResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method ExpireNode not implemented")
+func (UnimplementedHeadscaleServiceServer) ExpireMachine(context.Context, *ExpireMachineRequest) (*ExpireMachineResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ExpireMachine not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) RenameNode(context.Context, *RenameNodeRequest) (*RenameNodeResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method RenameNode not implemented")
+func (UnimplementedHeadscaleServiceServer) RenameMachine(context.Context, *RenameMachineRequest) (*RenameMachineResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RenameMachine not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) ListNodes(context.Context, *ListNodesRequest) (*ListNodesResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method ListNodes not implemented")
+func (UnimplementedHeadscaleServiceServer) ListMachines(context.Context, *ListMachinesRequest) (*ListMachinesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method ListMachines not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) MoveNode(context.Context, *MoveNodeRequest) (*MoveNodeResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method MoveNode not implemented")
+func (UnimplementedHeadscaleServiceServer) MoveMachine(context.Context, *MoveMachineRequest) (*MoveMachineResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method MoveMachine not implemented")
 }
 func (UnimplementedHeadscaleServiceServer) GetRoutes(context.Context, *GetRoutesRequest) (*GetRoutesResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method GetRoutes not implemented")
@@ -416,8 +416,8 @@ func (UnimplementedHeadscaleServiceServer) EnableRoute(context.Context, *EnableR
 func (UnimplementedHeadscaleServiceServer) DisableRoute(context.Context, *DisableRouteRequest) (*DisableRouteResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method DisableRoute not implemented")
 }
-func (UnimplementedHeadscaleServiceServer) GetNodeRoutes(context.Context, *GetNodeRoutesRequest) (*GetNodeRoutesResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method GetNodeRoutes not implemented")
+func (UnimplementedHeadscaleServiceServer) GetMachineRoutes(context.Context, *GetMachineRoutesRequest) (*GetMachineRoutesResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetMachineRoutes not implemented")
 }
 func (UnimplementedHeadscaleServiceServer) DeleteRoute(context.Context, *DeleteRouteRequest) (*DeleteRouteResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method DeleteRoute not implemented")
@@ -588,38 +588,38 @@ func _HeadscaleService_ListPreAuthKeys_Handler(srv interface{}, ctx context.Cont
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_DebugCreateNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(DebugCreateNodeRequest)
+func _HeadscaleService_DebugCreateMachine_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DebugCreateMachineRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).DebugCreateNode(ctx, in)
+		return srv.(HeadscaleServiceServer).DebugCreateMachine(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_DebugCreateNode_FullMethodName,
+		FullMethod: HeadscaleService_DebugCreateMachine_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).DebugCreateNode(ctx, req.(*DebugCreateNodeRequest))
+		return srv.(HeadscaleServiceServer).DebugCreateMachine(ctx, req.(*DebugCreateMachineRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_GetNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetNodeRequest)
+func _HeadscaleService_GetMachine_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetMachineRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).GetNode(ctx, in)
+		return srv.(HeadscaleServiceServer).GetMachine(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_GetNode_FullMethodName,
+		FullMethod: HeadscaleService_GetMachine_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).GetNode(ctx, req.(*GetNodeRequest))
+		return srv.(HeadscaleServiceServer).GetMachine(ctx, req.(*GetMachineRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -642,110 +642,110 @@ func _HeadscaleService_SetTags_Handler(srv interface{}, ctx context.Context, dec
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_RegisterNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RegisterNodeRequest)
+func _HeadscaleService_RegisterMachine_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RegisterMachineRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).RegisterNode(ctx, in)
+		return srv.(HeadscaleServiceServer).RegisterMachine(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_RegisterNode_FullMethodName,
+		FullMethod: HeadscaleService_RegisterMachine_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).RegisterNode(ctx, req.(*RegisterNodeRequest))
+		return srv.(HeadscaleServiceServer).RegisterMachine(ctx, req.(*RegisterMachineRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_DeleteNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(DeleteNodeRequest)
+func _HeadscaleService_DeleteMachine_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteMachineRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).DeleteNode(ctx, in)
+		return srv.(HeadscaleServiceServer).DeleteMachine(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_DeleteNode_FullMethodName,
+		FullMethod: HeadscaleService_DeleteMachine_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).DeleteNode(ctx, req.(*DeleteNodeRequest))
+		return srv.(HeadscaleServiceServer).DeleteMachine(ctx, req.(*DeleteMachineRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_ExpireNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ExpireNodeRequest)
+func _HeadscaleService_ExpireMachine_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ExpireMachineRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).ExpireNode(ctx, in)
+		return srv.(HeadscaleServiceServer).ExpireMachine(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_ExpireNode_FullMethodName,
+		FullMethod: HeadscaleService_ExpireMachine_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).ExpireNode(ctx, req.(*ExpireNodeRequest))
+		return srv.(HeadscaleServiceServer).ExpireMachine(ctx, req.(*ExpireMachineRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_RenameNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(RenameNodeRequest)
+func _HeadscaleService_RenameMachine_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RenameMachineRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).RenameNode(ctx, in)
+		return srv.(HeadscaleServiceServer).RenameMachine(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_RenameNode_FullMethodName,
+		FullMethod: HeadscaleService_RenameMachine_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).RenameNode(ctx, req.(*RenameNodeRequest))
+		return srv.(HeadscaleServiceServer).RenameMachine(ctx, req.(*RenameMachineRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_ListNodes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ListNodesRequest)
+func _HeadscaleService_ListMachines_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ListMachinesRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).ListNodes(ctx, in)
+		return srv.(HeadscaleServiceServer).ListMachines(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_ListNodes_FullMethodName,
+		FullMethod: HeadscaleService_ListMachines_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).ListNodes(ctx, req.(*ListNodesRequest))
+		return srv.(HeadscaleServiceServer).ListMachines(ctx, req.(*ListMachinesRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_MoveNode_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(MoveNodeRequest)
+func _HeadscaleService_MoveMachine_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MoveMachineRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).MoveNode(ctx, in)
+		return srv.(HeadscaleServiceServer).MoveMachine(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_MoveNode_FullMethodName,
+		FullMethod: HeadscaleService_MoveMachine_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).MoveNode(ctx, req.(*MoveNodeRequest))
+		return srv.(HeadscaleServiceServer).MoveMachine(ctx, req.(*MoveMachineRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -804,20 +804,20 @@ func _HeadscaleService_DisableRoute_Handler(srv interface{}, ctx context.Context
 	return interceptor(ctx, in, info, handler)
 }
 
-func _HeadscaleService_GetNodeRoutes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(GetNodeRoutesRequest)
+func _HeadscaleService_GetMachineRoutes_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(GetMachineRoutesRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(HeadscaleServiceServer).GetNodeRoutes(ctx, in)
+		return srv.(HeadscaleServiceServer).GetMachineRoutes(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: HeadscaleService_GetNodeRoutes_FullMethodName,
+		FullMethod: HeadscaleService_GetMachineRoutes_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(HeadscaleServiceServer).GetNodeRoutes(ctx, req.(*GetNodeRoutesRequest))
+		return srv.(HeadscaleServiceServer).GetMachineRoutes(ctx, req.(*GetMachineRoutesRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
@@ -934,40 +934,40 @@ var HeadscaleService_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _HeadscaleService_ListPreAuthKeys_Handler,
 		},
 		{
-			MethodName: "DebugCreateNode",
-			Handler:    _HeadscaleService_DebugCreateNode_Handler,
+			MethodName: "DebugCreateMachine",
+			Handler:    _HeadscaleService_DebugCreateMachine_Handler,
 		},
 		{
-			MethodName: "GetNode",
-			Handler:    _HeadscaleService_GetNode_Handler,
+			MethodName: "GetMachine",
+			Handler:    _HeadscaleService_GetMachine_Handler,
 		},
 		{
 			MethodName: "SetTags",
 			Handler:    _HeadscaleService_SetTags_Handler,
 		},
 		{
-			MethodName: "RegisterNode",
-			Handler:    _HeadscaleService_RegisterNode_Handler,
+			MethodName: "RegisterMachine",
+			Handler:    _HeadscaleService_RegisterMachine_Handler,
 		},
 		{
-			MethodName: "DeleteNode",
-			Handler:    _HeadscaleService_DeleteNode_Handler,
+			MethodName: "DeleteMachine",
+			Handler:    _HeadscaleService_DeleteMachine_Handler,
 		},
 		{
-			MethodName: "ExpireNode",
-			Handler:    _HeadscaleService_ExpireNode_Handler,
+			MethodName: "ExpireMachine",
+			Handler:    _HeadscaleService_ExpireMachine_Handler,
 		},
 		{
-			MethodName: "RenameNode",
-			Handler:    _HeadscaleService_RenameNode_Handler,
+			MethodName: "RenameMachine",
+			Handler:    _HeadscaleService_RenameMachine_Handler,
 		},
 		{
-			MethodName: "ListNodes",
-			Handler:    _HeadscaleService_ListNodes_Handler,
+			MethodName: "ListMachines",
+			Handler:    _HeadscaleService_ListMachines_Handler,
 		},
 		{
-			MethodName: "MoveNode",
-			Handler:    _HeadscaleService_MoveNode_Handler,
+			MethodName: "MoveMachine",
+			Handler:    _HeadscaleService_MoveMachine_Handler,
 		},
 		{
 			MethodName: "GetRoutes",
@@ -982,8 +982,8 @@ var HeadscaleService_ServiceDesc = grpc.ServiceDesc{
 			Handler:    _HeadscaleService_DisableRoute_Handler,
 		},
 		{
-			MethodName: "GetNodeRoutes",
-			Handler:    _HeadscaleService_GetNodeRoutes_Handler,
+			MethodName: "GetMachineRoutes",
+			Handler:    _HeadscaleService_GetMachineRoutes_Handler,
 		},
 		{
 			MethodName: "DeleteRoute",

gen/go/headscale/v1/preauthkey.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
+// 	protoc-gen-go v1.29.1
 // 	protoc        (unknown)
 // source: headscale/v1/preauthkey.proto
 

gen/go/headscale/v1/routes.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
+// 	protoc-gen-go v1.29.1
 // 	protoc        (unknown)
 // source: headscale/v1/routes.proto
 
@@ -27,7 +27,7 @@ type Route struct {
 	unknownFields protoimpl.UnknownFields
 
 	Id         uint64                 `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	Node       *Node                  `protobuf:"bytes,2,opt,name=node,proto3" json:"node,omitempty"`
+	Machine    *Machine               `protobuf:"bytes,2,opt,name=machine,proto3" json:"machine,omitempty"`
 	Prefix     string                 `protobuf:"bytes,3,opt,name=prefix,proto3" json:"prefix,omitempty"`
 	Advertised bool                   `protobuf:"varint,4,opt,name=advertised,proto3" json:"advertised,omitempty"`
 	Enabled    bool                   `protobuf:"varint,5,opt,name=enabled,proto3" json:"enabled,omitempty"`
@@ -76,9 +76,9 @@ func (x *Route) GetId() uint64 {
 	return 0
 }
 
-func (x *Route) GetNode() *Node {
+func (x *Route) GetMachine() *Machine {
 	if x != nil {
-		return x.Node
+		return x.Machine
 	}
 	return nil
 }
@@ -387,16 +387,16 @@ func (*DisableRouteResponse) Descriptor() ([]byte, []int) {
 	return file_headscale_v1_routes_proto_rawDescGZIP(), []int{6}
 }
 
-type GetNodeRoutesRequest struct {
+type GetMachineRoutesRequest struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
 
-	NodeId uint64 `protobuf:"varint,1,opt,name=node_id,json=nodeId,proto3" json:"node_id,omitempty"`
+	MachineId uint64 `protobuf:"varint,1,opt,name=machine_id,json=machineId,proto3" json:"machine_id,omitempty"`
 }
 
-func (x *GetNodeRoutesRequest) Reset() {
-	*x = GetNodeRoutesRequest{}
+func (x *GetMachineRoutesRequest) Reset() {
+	*x = GetMachineRoutesRequest{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_headscale_v1_routes_proto_msgTypes[7]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -404,13 +404,13 @@ func (x *GetNodeRoutesRequest) Reset() {
 	}
 }
 
-func (x *GetNodeRoutesRequest) String() string {
+func (x *GetMachineRoutesRequest) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*GetNodeRoutesRequest) ProtoMessage() {}
+func (*GetMachineRoutesRequest) ProtoMessage() {}
 
-func (x *GetNodeRoutesRequest) ProtoReflect() protoreflect.Message {
+func (x *GetMachineRoutesRequest) ProtoReflect() protoreflect.Message {
 	mi := &file_headscale_v1_routes_proto_msgTypes[7]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -422,19 +422,19 @@ func (x *GetNodeRoutesRequest) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use GetNodeRoutesRequest.ProtoReflect.Descriptor instead.
-func (*GetNodeRoutesRequest) Descriptor() ([]byte, []int) {
+// Deprecated: Use GetMachineRoutesRequest.ProtoReflect.Descriptor instead.
+func (*GetMachineRoutesRequest) Descriptor() ([]byte, []int) {
 	return file_headscale_v1_routes_proto_rawDescGZIP(), []int{7}
 }
 
-func (x *GetNodeRoutesRequest) GetNodeId() uint64 {
+func (x *GetMachineRoutesRequest) GetMachineId() uint64 {
 	if x != nil {
-		return x.NodeId
+		return x.MachineId
 	}
 	return 0
 }
 
-type GetNodeRoutesResponse struct {
+type GetMachineRoutesResponse struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields
@@ -442,8 +442,8 @@ type GetNodeRoutesResponse struct {
 	Routes []*Route `protobuf:"bytes,1,rep,name=routes,proto3" json:"routes,omitempty"`
 }
 
-func (x *GetNodeRoutesResponse) Reset() {
-	*x = GetNodeRoutesResponse{}
+func (x *GetMachineRoutesResponse) Reset() {
+	*x = GetMachineRoutesResponse{}
 	if protoimpl.UnsafeEnabled {
 		mi := &file_headscale_v1_routes_proto_msgTypes[8]
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -451,13 +451,13 @@ func (x *GetNodeRoutesResponse) Reset() {
 	}
 }
 
-func (x *GetNodeRoutesResponse) String() string {
+func (x *GetMachineRoutesResponse) String() string {
 	return protoimpl.X.MessageStringOf(x)
 }
 
-func (*GetNodeRoutesResponse) ProtoMessage() {}
+func (*GetMachineRoutesResponse) ProtoMessage() {}
 
-func (x *GetNodeRoutesResponse) ProtoReflect() protoreflect.Message {
+func (x *GetMachineRoutesResponse) ProtoReflect() protoreflect.Message {
 	mi := &file_headscale_v1_routes_proto_msgTypes[8]
 	if protoimpl.UnsafeEnabled && x != nil {
 		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
@@ -469,12 +469,12 @@ func (x *GetNodeRoutesResponse) ProtoReflect() protoreflect.Message {
 	return mi.MessageOf(x)
 }
 
-// Deprecated: Use GetNodeRoutesResponse.ProtoReflect.Descriptor instead.
-func (*GetNodeRoutesResponse) Descriptor() ([]byte, []int) {
+// Deprecated: Use GetMachineRoutesResponse.ProtoReflect.Descriptor instead.
+func (*GetMachineRoutesResponse) Descriptor() ([]byte, []int) {
 	return file_headscale_v1_routes_proto_rawDescGZIP(), []int{8}
 }
 
-func (x *GetNodeRoutesResponse) GetRoutes() []*Route {
+func (x *GetMachineRoutesResponse) GetRoutes() []*Route {
 	if x != nil {
 		return x.Routes
 	}
@@ -573,61 +573,62 @@ var file_headscale_v1_routes_proto_rawDesc = []byte{
 	0x6f, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, 0x68, 0x65, 0x61,
 	0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
 	0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73,
-	0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x68, 0x65, 0x61, 0x64,
-	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x2e, 0x70, 0x72,
-	0x6f, 0x74, 0x6f, 0x22, 0xe1, 0x02, 0x0a, 0x05, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x0e, 0x0a,
-	0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x02, 0x69, 0x64, 0x12, 0x26, 0x0a,
-	0x04, 0x6e, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x68, 0x65,
-	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x52,
-	0x04, 0x6e, 0x6f, 0x64, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18,
-	0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1e, 0x0a,
-	0x0a, 0x61, 0x64, 0x76, 0x65, 0x72, 0x74, 0x69, 0x73, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x08, 0x52, 0x0a, 0x61, 0x64, 0x76, 0x65, 0x72, 0x74, 0x69, 0x73, 0x65, 0x64, 0x12, 0x18, 0x0a,
-	0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07,
-	0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x73, 0x5f, 0x70, 0x72,
-	0x69, 0x6d, 0x61, 0x72, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x50,
-	0x72, 0x69, 0x6d, 0x61, 0x72, 0x79, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x64, 0x5f, 0x61, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f,
-	0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d,
-	0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41,
-	0x74, 0x12, 0x39, 0x0a, 0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18,
-	0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
-	0x70, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x39, 0x0a, 0x0a,
-	0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b,
-	0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62,
-	0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x64, 0x65,
-	0x6c, 0x65, 0x74, 0x65, 0x64, 0x41, 0x74, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x52, 0x6f,
-	0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x40, 0x0a, 0x11, 0x47,
-	0x65, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x12, 0x2b, 0x0a, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b,
-	0x32, 0x13, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0x2f, 0x0a,
-	0x12, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75,
-	0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18,
-	0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x49, 0x64, 0x22, 0x15,
-	0x0a, 0x13, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x30, 0x0a, 0x13, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x49, 0x64, 0x22, 0x16, 0x0a, 0x14, 0x44, 0x69, 0x73, 0x61, 0x62,
-	0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x2f, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x6e, 0x6f, 0x64, 0x65, 0x5f,
-	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x06, 0x6e, 0x6f, 0x64, 0x65, 0x49, 0x64,
-	0x22, 0x44, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x4e, 0x6f, 0x64, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65,
-	0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x06, 0x72, 0x6f, 0x75,
-	0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x68, 0x65, 0x61, 0x64,
-	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x06,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0x2f, 0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65,
-	0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07,
-	0x72, 0x6f, 0x75, 0x74, 0x65, 0x49, 0x64, 0x22, 0x15, 0x0a, 0x13, 0x44, 0x65, 0x6c, 0x65, 0x74,
-	0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x29,
-	0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6a, 0x75, 0x61,
-	0x6e, 0x66, 0x6f, 0x6e, 0x74, 0x2f, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f,
-	0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x33,
+	0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x68, 0x65, 0x61, 0x64,
+	0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xea, 0x02, 0x0a, 0x05, 0x52, 0x6f, 0x75, 0x74, 0x65,
+	0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x02, 0x69, 0x64,
+	0x12, 0x2f, 0x0a, 0x07, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x15, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31,
+	0x2e, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x07, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e,
+	0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28,
+	0x09, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1e, 0x0a, 0x0a, 0x61, 0x64, 0x76,
+	0x65, 0x72, 0x74, 0x69, 0x73, 0x65, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x61,
+	0x64, 0x76, 0x65, 0x72, 0x74, 0x69, 0x73, 0x65, 0x64, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62,
+	0x6c, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x73, 0x5f, 0x70, 0x72, 0x69, 0x6d, 0x61, 0x72,
+	0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x50, 0x72, 0x69, 0x6d, 0x61,
+	0x72, 0x79, 0x12, 0x39, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74,
+	0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
+	0x6d, 0x70, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x39, 0x0a,
+	0x0a, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28,
+	0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x75,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x39, 0x0a, 0x0a, 0x64, 0x65, 0x6c, 0x65,
+	0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
+	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
+	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65,
+	0x64, 0x41, 0x74, 0x22, 0x12, 0x0a, 0x10, 0x47, 0x65, 0x74, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x40, 0x0a, 0x11, 0x47, 0x65, 0x74, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x06,
+	0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x68,
+	0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0x2f, 0x0a, 0x12, 0x45, 0x6e, 0x61,
+	0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12,
+	0x19, 0x0a, 0x08, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
+	0x04, 0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x49, 0x64, 0x22, 0x15, 0x0a, 0x13, 0x45, 0x6e,
+	0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x22, 0x30, 0x0a, 0x13, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f, 0x75, 0x74,
+	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x6f, 0x75, 0x74,
+	0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x72, 0x6f, 0x75, 0x74,
+	0x65, 0x49, 0x64, 0x22, 0x16, 0x0a, 0x14, 0x44, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x6f,
+	0x75, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x38, 0x0a, 0x17, 0x47,
+	0x65, 0x74, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52,
+	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e,
+	0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x6d, 0x61, 0x63, 0x68,
+	0x69, 0x6e, 0x65, 0x49, 0x64, 0x22, 0x47, 0x0a, 0x18, 0x47, 0x65, 0x74, 0x4d, 0x61, 0x63, 0x68,
+	0x69, 0x6e, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x65, 0x12, 0x2b, 0x0a, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28,
+	0x0b, 0x32, 0x13, 0x2e, 0x68, 0x65, 0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2e, 0x76, 0x31,
+	0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x06, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x73, 0x22, 0x2f,
+	0x0a, 0x12, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x71,
+	0x75, 0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x69, 0x64,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x07, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x49, 0x64, 0x22,
+	0x15, 0x0a, 0x13, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x29, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62,
+	0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6a, 0x75, 0x61, 0x6e, 0x66, 0x6f, 0x6e, 0x74, 0x2f, 0x68, 0x65,
+	0x61, 0x64, 0x73, 0x63, 0x61, 0x6c, 0x65, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -644,27 +645,27 @@ func file_headscale_v1_routes_proto_rawDescGZIP() []byte {
 
 var file_headscale_v1_routes_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
 var file_headscale_v1_routes_proto_goTypes = []interface{}{
-	(*Route)(nil),                 // 0: headscale.v1.Route
-	(*GetRoutesRequest)(nil),      // 1: headscale.v1.GetRoutesRequest
-	(*GetRoutesResponse)(nil),     // 2: headscale.v1.GetRoutesResponse
-	(*EnableRouteRequest)(nil),    // 3: headscale.v1.EnableRouteRequest
-	(*EnableRouteResponse)(nil),   // 4: headscale.v1.EnableRouteResponse
-	(*DisableRouteRequest)(nil),   // 5: headscale.v1.DisableRouteRequest
-	(*DisableRouteResponse)(nil),  // 6: headscale.v1.DisableRouteResponse
-	(*GetNodeRoutesRequest)(nil),  // 7: headscale.v1.GetNodeRoutesRequest
-	(*GetNodeRoutesResponse)(nil), // 8: headscale.v1.GetNodeRoutesResponse
-	(*DeleteRouteRequest)(nil),    // 9: headscale.v1.DeleteRouteRequest
-	(*DeleteRouteResponse)(nil),   // 10: headscale.v1.DeleteRouteResponse
-	(*Node)(nil),                  // 11: headscale.v1.Node
-	(*timestamppb.Timestamp)(nil), // 12: google.protobuf.Timestamp
+	(*Route)(nil),                    // 0: headscale.v1.Route
+	(*GetRoutesRequest)(nil),         // 1: headscale.v1.GetRoutesRequest
+	(*GetRoutesResponse)(nil),        // 2: headscale.v1.GetRoutesResponse
+	(*EnableRouteRequest)(nil),       // 3: headscale.v1.EnableRouteRequest
+	(*EnableRouteResponse)(nil),      // 4: headscale.v1.EnableRouteResponse
+	(*DisableRouteRequest)(nil),      // 5: headscale.v1.DisableRouteRequest
+	(*DisableRouteResponse)(nil),     // 6: headscale.v1.DisableRouteResponse
+	(*GetMachineRoutesRequest)(nil),  // 7: headscale.v1.GetMachineRoutesRequest
+	(*GetMachineRoutesResponse)(nil), // 8: headscale.v1.GetMachineRoutesResponse
+	(*DeleteRouteRequest)(nil),       // 9: headscale.v1.DeleteRouteRequest
+	(*DeleteRouteResponse)(nil),      // 10: headscale.v1.DeleteRouteResponse
+	(*Machine)(nil),                  // 11: headscale.v1.Machine
+	(*timestamppb.Timestamp)(nil),    // 12: google.protobuf.Timestamp
 }
 var file_headscale_v1_routes_proto_depIdxs = []int32{
-	11, // 0: headscale.v1.Route.node:type_name -> headscale.v1.Node
+	11, // 0: headscale.v1.Route.machine:type_name -> headscale.v1.Machine
 	12, // 1: headscale.v1.Route.created_at:type_name -> google.protobuf.Timestamp
 	12, // 2: headscale.v1.Route.updated_at:type_name -> google.protobuf.Timestamp
 	12, // 3: headscale.v1.Route.deleted_at:type_name -> google.protobuf.Timestamp
 	0,  // 4: headscale.v1.GetRoutesResponse.routes:type_name -> headscale.v1.Route
-	0,  // 5: headscale.v1.GetNodeRoutesResponse.routes:type_name -> headscale.v1.Route
+	0,  // 5: headscale.v1.GetMachineRoutesResponse.routes:type_name -> headscale.v1.Route
 	6,  // [6:6] is the sub-list for method output_type
 	6,  // [6:6] is the sub-list for method input_type
 	6,  // [6:6] is the sub-list for extension type_name
@@ -677,7 +678,7 @@ func file_headscale_v1_routes_proto_init() {
 	if File_headscale_v1_routes_proto != nil {
 		return
 	}
-	file_headscale_v1_node_proto_init()
+	file_headscale_v1_machine_proto_init()
 	if !protoimpl.UnsafeEnabled {
 		file_headscale_v1_routes_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
 			switch v := v.(*Route); i {
@@ -764,7 +765,7 @@ func file_headscale_v1_routes_proto_init() {
 			}
 		}
 		file_headscale_v1_routes_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetNodeRoutesRequest); i {
+			switch v := v.(*GetMachineRoutesRequest); i {
 			case 0:
 				return &v.state
 			case 1:
@@ -776,7 +777,7 @@ func file_headscale_v1_routes_proto_init() {
 			}
 		}
 		file_headscale_v1_routes_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*GetNodeRoutesResponse); i {
+			switch v := v.(*GetMachineRoutesResponse); i {
 			case 0:
 				return &v.state
 			case 1:

gen/go/headscale/v1/user.pb.go

@@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.31.0
+// 	protoc-gen-go v1.29.1
 // 	protoc        (unknown)
 // source: headscale/v1/user.proto
 

gen/openapiv2/headscale/v1/headscale.swagger.json

@@ -101,15 +101,15 @@
         ]
       }
     },
-    "/api/v1/debug/node": {
+    "/api/v1/debug/machine": {
       "post": {
-        "summary": "--- Node start ---",
-        "operationId": "HeadscaleService_DebugCreateNode",
+        "summary": "--- Machine start ---",
+        "operationId": "HeadscaleService_DebugCreateMachine",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1DebugCreateNodeResponse"
+              "$ref": "#/definitions/v1DebugCreateMachineResponse"
             }
           },
           "default": {
@@ -125,7 +125,7 @@
             "in": "body",
             "required": true,
             "schema": {
-              "$ref": "#/definitions/v1DebugCreateNodeRequest"
+              "$ref": "#/definitions/v1DebugCreateMachineRequest"
             }
           }
         ],
@@ -134,14 +134,14 @@
         ]
       }
     },
-    "/api/v1/node": {
+    "/api/v1/machine": {
       "get": {
-        "operationId": "HeadscaleService_ListNodes",
+        "operationId": "HeadscaleService_ListMachines",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1ListNodesResponse"
+              "$ref": "#/definitions/v1ListMachinesResponse"
             }
           },
           "default": {
@@ -164,14 +164,14 @@
         ]
       }
     },
-    "/api/v1/node/register": {
+    "/api/v1/machine/register": {
       "post": {
-        "operationId": "HeadscaleService_RegisterNode",
+        "operationId": "HeadscaleService_RegisterMachine",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1RegisterNodeResponse"
+              "$ref": "#/definitions/v1RegisterMachineResponse"
             }
           },
           "default": {
@@ -200,14 +200,14 @@
         ]
       }
     },
-    "/api/v1/node/{nodeId}": {
+    "/api/v1/machine/{machineId}": {
       "get": {
-        "operationId": "HeadscaleService_GetNode",
+        "operationId": "HeadscaleService_GetMachine",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1GetNodeResponse"
+              "$ref": "#/definitions/v1GetMachineResponse"
             }
           },
           "default": {
@@ -219,7 +219,7 @@
         },
         "parameters": [
           {
-            "name": "nodeId",
+            "name": "machineId",
             "in": "path",
             "required": true,
             "type": "string",
@@ -231,12 +231,12 @@
         ]
       },
       "delete": {
-        "operationId": "HeadscaleService_DeleteNode",
+        "operationId": "HeadscaleService_DeleteMachine",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1DeleteNodeResponse"
+              "$ref": "#/definitions/v1DeleteMachineResponse"
             }
           },
           "default": {
@@ -248,7 +248,7 @@
         },
         "parameters": [
           {
-            "name": "nodeId",
+            "name": "machineId",
             "in": "path",
             "required": true,
             "type": "string",
@@ -260,14 +260,14 @@
         ]
       }
     },
-    "/api/v1/node/{nodeId}/expire": {
+    "/api/v1/machine/{machineId}/expire": {
       "post": {
-        "operationId": "HeadscaleService_ExpireNode",
+        "operationId": "HeadscaleService_ExpireMachine",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1ExpireNodeResponse"
+              "$ref": "#/definitions/v1ExpireMachineResponse"
             }
           },
           "default": {
@@ -279,7 +279,7 @@
         },
         "parameters": [
           {
-            "name": "nodeId",
+            "name": "machineId",
             "in": "path",
             "required": true,
             "type": "string",
@@ -291,14 +291,14 @@
         ]
       }
     },
-    "/api/v1/node/{nodeId}/rename/{newName}": {
+    "/api/v1/machine/{machineId}/rename/{newName}": {
       "post": {
-        "operationId": "HeadscaleService_RenameNode",
+        "operationId": "HeadscaleService_RenameMachine",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1RenameNodeResponse"
+              "$ref": "#/definitions/v1RenameMachineResponse"
             }
           },
           "default": {
@@ -310,7 +310,7 @@
         },
         "parameters": [
           {
-            "name": "nodeId",
+            "name": "machineId",
             "in": "path",
             "required": true,
             "type": "string",
@@ -328,14 +328,14 @@
         ]
       }
     },
-    "/api/v1/node/{nodeId}/routes": {
+    "/api/v1/machine/{machineId}/routes": {
       "get": {
-        "operationId": "HeadscaleService_GetNodeRoutes",
+        "operationId": "HeadscaleService_GetMachineRoutes",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1GetNodeRoutesResponse"
+              "$ref": "#/definitions/v1GetMachineRoutesResponse"
             }
           },
           "default": {
@@ -347,7 +347,7 @@
         },
         "parameters": [
           {
-            "name": "nodeId",
+            "name": "machineId",
             "in": "path",
             "required": true,
             "type": "string",
@@ -359,7 +359,7 @@
         ]
       }
     },
-    "/api/v1/node/{nodeId}/tags": {
+    "/api/v1/machine/{machineId}/tags": {
       "post": {
         "operationId": "HeadscaleService_SetTags",
         "responses": {
@@ -378,7 +378,7 @@
         },
         "parameters": [
           {
-            "name": "nodeId",
+            "name": "machineId",
             "in": "path",
             "required": true,
             "type": "string",
@@ -406,14 +406,14 @@
         ]
       }
     },
-    "/api/v1/node/{nodeId}/user": {
+    "/api/v1/machine/{machineId}/user": {
       "post": {
-        "operationId": "HeadscaleService_MoveNode",
+        "operationId": "HeadscaleService_MoveMachine",
         "responses": {
           "200": {
             "description": "A successful response.",
             "schema": {
-              "$ref": "#/definitions/v1MoveNodeResponse"
+              "$ref": "#/definitions/v1MoveMachineResponse"
             }
           },
           "default": {
@@ -425,7 +425,7 @@
         },
         "parameters": [
           {
-            "name": "nodeId",
+            "name": "machineId",
             "in": "path",
             "required": true,
             "type": "string",
@@ -917,7 +917,7 @@
         }
       }
     },
-    "v1DebugCreateNodeRequest": {
+    "v1DebugCreateMachineRequest": {
       "type": "object",
       "properties": {
         "user": {
@@ -937,15 +937,15 @@
         }
       }
     },
-    "v1DebugCreateNodeResponse": {
+    "v1DebugCreateMachineResponse": {
       "type": "object",
       "properties": {
-        "node": {
-          "$ref": "#/definitions/v1Node"
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
         }
       }
     },
-    "v1DeleteNodeResponse": {
+    "v1DeleteMachineResponse": {
       "type": "object"
     },
     "v1DeleteRouteResponse": {
@@ -971,11 +971,11 @@
     "v1ExpireApiKeyResponse": {
       "type": "object"
     },
-    "v1ExpireNodeResponse": {
+    "v1ExpireMachineResponse": {
       "type": "object",
       "properties": {
-        "node": {
-          "$ref": "#/definitions/v1Node"
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
         }
       }
     },
@@ -993,15 +993,15 @@
     "v1ExpirePreAuthKeyResponse": {
       "type": "object"
     },
-    "v1GetNodeResponse": {
+    "v1GetMachineResponse": {
       "type": "object",
       "properties": {
-        "node": {
-          "$ref": "#/definitions/v1Node"
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
         }
       }
     },
-    "v1GetNodeRoutesResponse": {
+    "v1GetMachineRoutesResponse": {
       "type": "object",
       "properties": {
         "routes": {
@@ -1042,13 +1042,13 @@
         }
       }
     },
-    "v1ListNodesResponse": {
+    "v1ListMachinesResponse": {
       "type": "object",
       "properties": {
-        "nodes": {
+        "machines": {
           "type": "array",
           "items": {
-            "$ref": "#/definitions/v1Node"
+            "$ref": "#/definitions/v1Machine"
           }
         }
       }
@@ -1075,15 +1075,7 @@
         }
       }
     },
-    "v1MoveNodeResponse": {
-      "type": "object",
-      "properties": {
-        "node": {
-          "$ref": "#/definitions/v1Node"
-        }
-      }
-    },
-    "v1Node": {
+    "v1Machine": {
       "type": "object",
       "properties": {
         "id": {
@@ -1159,6 +1151,14 @@
         }
       }
     },
+    "v1MoveMachineResponse": {
+      "type": "object",
+      "properties": {
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
+        }
+      }
+    },
     "v1PreAuthKey": {
       "type": "object",
       "properties": {
@@ -1196,6 +1196,14 @@
         }
       }
     },
+    "v1RegisterMachineResponse": {
+      "type": "object",
+      "properties": {
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
+        }
+      }
+    },
     "v1RegisterMethod": {
       "type": "string",
       "enum": [
@@ -1206,19 +1214,11 @@
       ],
       "default": "REGISTER_METHOD_UNSPECIFIED"
     },
-    "v1RegisterNodeResponse": {
+    "v1RenameMachineResponse": {
       "type": "object",
       "properties": {
-        "node": {
-          "$ref": "#/definitions/v1Node"
-        }
-      }
-    },
-    "v1RenameNodeResponse": {
-      "type": "object",
-      "properties": {
-        "node": {
-          "$ref": "#/definitions/v1Node"
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
         }
       }
     },
@@ -1237,8 +1237,8 @@
           "type": "string",
           "format": "uint64"
         },
-        "node": {
-          "$ref": "#/definitions/v1Node"
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
         },
         "prefix": {
           "type": "string"
@@ -1269,8 +1269,8 @@
     "v1SetTagsResponse": {
       "type": "object",
       "properties": {
-        "node": {
-          "$ref": "#/definitions/v1Node"
+        "machine": {
+          "$ref": "#/definitions/v1Machine"
         }
       }
     },

gen/openapiv2/headscale/v1/machine.swagger.json

@@ -1,7 +1,7 @@
 {
   "swagger": "2.0",
   "info": {
-    "title": "headscale/v1/node.proto",
+    "title": "headscale/v1/machine.proto",
     "version": "version not set"
   },
   "consumes": [

go.mod

@@ -61,7 +61,7 @@ require (
 	github.com/containerd/console v1.0.3 // indirect
 	github.com/containerd/continuity v0.3.0 // indirect
 	github.com/docker/cli v23.0.5+incompatible // indirect
-	github.com/docker/docker v24.0.4+incompatible // indirect
+	github.com/docker/docker v23.0.5+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect

go.sum

@@ -109,8 +109,8 @@ github.com/deckarep/golang-set/v2 v2.3.0 h1:qs18EKUfHm2X9fA50Mr/M5hccg2tNnVqsiBI
 github.com/deckarep/golang-set/v2 v2.3.0/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4=
 github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
 github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v24.0.4+incompatible h1:s/LVDftw9hjblvqIeTiGYXBCD95nOEEl7qRsRrIOuQI=
-github.com/docker/docker v24.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v23.0.5+incompatible h1:DaxtlTJjFSnLOXVNUBU1+6kXGz2lpDoEAH6QoxaSg8k=
+github.com/docker/docker v23.0.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
 github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
 github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=

hscontrol/app.go

@@ -8,10 +8,9 @@ import (
 	"io"
 	"net"
 	"net/http"
-	_ "net/http/pprof" //nolint
 	"os"
 	"os/signal"
-	"runtime"
+	"sort"
 	"strconv"
 	"strings"
 	"sync"
@@ -21,19 +20,19 @@ import (
 	"github.com/coreos/go-oidc/v3/oidc"
 	"github.com/gorilla/mux"
 	grpcMiddleware "github.com/grpc-ecosystem/go-grpc-middleware"
-	grpcRuntime "github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
+	"github.com/grpc-ecosystem/grpc-gateway/v2/runtime"
 	"github.com/juanfont/headscale"
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
 	"github.com/juanfont/headscale/hscontrol/db"
 	"github.com/juanfont/headscale/hscontrol/derp"
 	derpServer "github.com/juanfont/headscale/hscontrol/derp/server"
-	"github.com/juanfont/headscale/hscontrol/notifier"
 	"github.com/juanfont/headscale/hscontrol/policy"
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/patrickmn/go-cache"
 	zerolog "github.com/philip-bui/grpc-zerolog"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/puzpuzpuz/xsync/v2"
 	zl "github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"golang.org/x/crypto/acme"
@@ -85,7 +84,7 @@ type Headscale struct {
 
 	ACLPolicy *policy.ACLPolicy
 
-	nodeNotifier *notifier.Notifier
+	lastStateChange *xsync.MapOf[string, time.Time]
 
 	oidcProvider *oidc.Provider
 	oauth2Config *oauth2.Config
@@ -94,13 +93,12 @@ type Headscale struct {
 
 	shutdownChan       chan struct{}
 	pollNetMapStreamWG sync.WaitGroup
+
+	stateUpdateChan       chan struct{}
+	cancelStateUpdateChan chan struct{}
 }
 
 func NewHeadscale(cfg *types.Config) (*Headscale, error) {
-	if _, enableProfile := os.LookupEnv("HEADSCALE_PROFILING_ENABLED"); enableProfile {
-		runtime.SetBlockProfileRate(1)
-	}
-
 	privateKey, err := readOrCreatePrivateKey(cfg.PrivateKeyPath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read or create private key: %w", err)
@@ -160,14 +158,19 @@ func NewHeadscale(cfg *types.Config) (*Headscale, error) {
 		noisePrivateKey:    noisePrivateKey,
 		registrationCache:  registrationCache,
 		pollNetMapStreamWG: sync.WaitGroup{},
-		nodeNotifier:       notifier.NewNotifier(),
+		lastStateChange:    xsync.NewMapOf[time.Time](),
+
+		stateUpdateChan:       make(chan struct{}),
+		cancelStateUpdateChan: make(chan struct{}),
 	}
 
+	go app.watchStateChannel()
+
 	database, err := db.NewHeadscaleDatabase(
 		cfg.DBtype,
 		dbString,
 		app.dbDebug,
-		app.nodeNotifier,
+		app.stateUpdateChan,
 		cfg.IPPrefixes,
 		cfg.BaseDomain)
 	if err != nil {
@@ -200,11 +203,7 @@ func NewHeadscale(cfg *types.Config) (*Headscale, error) {
 
 	if cfg.DERP.ServerEnabled {
 		// TODO(kradalby): replace this key with a dedicated DERP key.
-		embeddedDERPServer, err := derpServer.NewDERPServer(
-			cfg.ServerURL,
-			key.NodePrivate(*privateKey),
-			&cfg.DERP,
-		)
+		embeddedDERPServer, err := derpServer.NewDERPServer(cfg.ServerURL, key.NodePrivate(*privateKey), &cfg.DERP)
 		if err != nil {
 			return nil, err
 		}
@@ -220,25 +219,21 @@ func (h *Headscale) redirect(w http.ResponseWriter, req *http.Request) {
 	http.Redirect(w, req, target, http.StatusFound)
 }
 
-// expireEphemeralNodes deletes ephemeral node records that have not been
+// expireEphemeralNodes deletes ephemeral machine records that have not been
 // seen for longer than h.cfg.EphemeralNodeInactivityTimeout.
 func (h *Headscale) expireEphemeralNodes(milliSeconds int64) {
 	ticker := time.NewTicker(time.Duration(milliSeconds) * time.Millisecond)
 	for range ticker.C {
-		h.db.ExpireEphemeralNodes(h.cfg.EphemeralNodeInactivityTimeout)
+		h.db.ExpireEphemeralMachines(h.cfg.EphemeralNodeInactivityTimeout)
 	}
 }
 
-// expireExpiredMachines expires nodes that have an explicit expiry set
+// expireExpiredMachines expires machines that have an explicit expiry set
 // after that expiry time has passed.
-func (h *Headscale) expireExpiredMachines(intervalMs int64) {
-	interval := time.Duration(intervalMs) * time.Millisecond
-	ticker := time.NewTicker(interval)
-
-	lastCheck := time.Unix(0, 0)
-
+func (h *Headscale) expireExpiredMachines(milliSeconds int64) {
+	ticker := time.NewTicker(time.Duration(milliSeconds) * time.Millisecond)
 	for range ticker.C {
-		lastCheck = h.db.ExpireExpiredNodes(lastCheck)
+		h.db.ExpireExpiredMachines(h.getLastStateChange())
 	}
 }
 
@@ -263,10 +258,7 @@ func (h *Headscale) scheduledDERPMapUpdateWorker(cancelChan <-chan struct{}) {
 				h.DERPMap.Regions[region.RegionID] = &region
 			}
 
-			h.nodeNotifier.NotifyAll(types.StateUpdate{
-				Type:    types.StateDERPUpdated,
-				DERPMap: *h.DERPMap,
-			})
+			h.setLastStateChangeToNow()
 		}
 	}
 }
@@ -441,9 +433,8 @@ func (h *Headscale) ensureUnixSocketIsAbsent() error {
 	return os.Remove(h.cfg.UnixSocket)
 }
 
-func (h *Headscale) createRouter(grpcMux *grpcRuntime.ServeMux) *mux.Router {
+func (h *Headscale) createRouter(grpcMux *runtime.ServeMux) *mux.Router {
 	router := mux.NewRouter()
-	router.PathPrefix("/debug/pprof/").Handler(http.DefaultServeMux)
 
 	router.HandleFunc(ts2021UpgradePath, h.NoiseUpgradeHandler).Methods(http.MethodPost)
 
@@ -550,7 +541,7 @@ func (h *Headscale) Serve() error {
 		return fmt.Errorf("failed change permission of gRPC socket: %w", err)
 	}
 
-	grpcGatewayMux := grpcRuntime.NewServeMux()
+	grpcGatewayMux := runtime.NewServeMux()
 
 	// Make the grpc-gateway connect to grpc over socket
 	grpcGatewayConn, err := grpc.Dial(
@@ -731,9 +722,7 @@ func (h *Headscale) Serve() error {
 						Str("path", aclPath).
 						Msg("ACL policy successfully reloaded, notifying nodes of change")
 
-					h.nodeNotifier.NotifyAll(types.StateUpdate{
-						Type: types.StateFullUpdate,
-					})
+					h.setLastStateChangeToNow()
 				}
 
 			default:
@@ -771,6 +760,10 @@ func (h *Headscale) Serve() error {
 				// Stop listening (and unlink the socket if unix type):
 				socketListener.Close()
 
+				<-h.cancelStateUpdateChan
+				close(h.stateUpdateChan)
+				close(h.cancelStateUpdateChan)
+
 				// Close db connections
 				err = h.db.Close()
 				if err != nil {
@@ -782,8 +775,6 @@ func (h *Headscale) Serve() error {
 
 				// And we're done:
 				cancel()
-
-				return
 			}
 		}
 	}
@@ -868,6 +859,73 @@ func (h *Headscale) getTLSSettings() (*tls.Config, error) {
 	}
 }
 
+// TODO(kradalby): baby steps, make this more robust.
+func (h *Headscale) watchStateChannel() {
+	for {
+		select {
+		case <-h.stateUpdateChan:
+			h.setLastStateChangeToNow()
+
+		case <-h.cancelStateUpdateChan:
+			return
+		}
+	}
+}
+
+func (h *Headscale) setLastStateChangeToNow() {
+	var err error
+
+	now := time.Now().UTC()
+
+	users, err := h.db.ListUsers()
+	if err != nil {
+		log.Error().
+			Caller().
+			Err(err).
+			Msg("failed to fetch all users, failing to update last changed state.")
+	}
+
+	for _, user := range users {
+		lastStateUpdate.WithLabelValues(user.Name, "headscale").Set(float64(now.Unix()))
+		if h.lastStateChange == nil {
+			h.lastStateChange = xsync.NewMapOf[time.Time]()
+		}
+		h.lastStateChange.Store(user.Name, now)
+	}
+}
+
+func (h *Headscale) getLastStateChange(users ...types.User) time.Time {
+	times := []time.Time{}
+
+	// getLastStateChange takes a list of users as a "filter", if no users
+	// are past, then use the entier list of users and look for the last update
+	if len(users) > 0 {
+		for _, user := range users {
+			if lastChange, ok := h.lastStateChange.Load(user.Name); ok {
+				times = append(times, lastChange)
+			}
+		}
+	} else {
+		h.lastStateChange.Range(func(key string, value time.Time) bool {
+			times = append(times, value)
+
+			return true
+		})
+	}
+
+	sort.Slice(times, func(i, j int) bool {
+		return times[i].After(times[j])
+	})
+
+	log.Trace().Msgf("Latest times %#v", times)
+
+	if len(times) == 0 {
+		return time.Now().UTC()
+	} else {
+		return times[0]
+	}
+}
+
 func notFoundHandler(
 	writer http.ResponseWriter,
 	req *http.Request,

hscontrol/assets/oidc_callback_template.html

@@ -1,4 +1,4 @@
-<!doctype html>
+<!DOCTYPE html>
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
@@ -7,19 +7,9 @@
     <style>
       body {
         font-size: 14px;
-        font-family:
-          system-ui,
-          -apple-system,
-          BlinkMacSystemFont,
-          "Segoe UI",
-          "Roboto",
-          "Oxygen",
-          "Ubuntu",
-          "Cantarell",
-          "Fira Sans",
-          "Droid Sans",
-          "Helvetica Neue",
-          sans-serif;
+        font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI",
+          "Roboto", "Oxygen", "Ubuntu", "Cantarell", "Fira Sans", "Droid Sans",
+          "Helvetica Neue", sans-serif;
       }
 
       hr {

hscontrol/auth.go

@@ -27,9 +27,9 @@ func (h *Headscale) handleRegister(
 	isNoise bool,
 ) {
 	now := time.Now().UTC()
-	node, err := h.db.GetNodeByAnyKey(machineKey, registerRequest.NodeKey, registerRequest.OldNodeKey)
+	machine, err := h.db.GetMachineByAnyKey(machineKey, registerRequest.NodeKey, registerRequest.OldNodeKey)
 	if errors.Is(err, gorm.ErrRecordNotFound) {
-		// If the node has AuthKey set, handle registration via PreAuthKeys
+		// If the machine has AuthKey set, handle registration via PreAuthKeys
 		if registerRequest.Auth.AuthKey != "" {
 			h.handleAuthKey(writer, registerRequest, machineKey, isNoise)
 
@@ -40,7 +40,7 @@ func (h *Headscale) handleRegister(
 		//
 		// TODO(juan): We could use this field to improve our protocol implementation,
 		// and hold the request until the client closes it, or the interactive
-		// login is completed (i.e., the user registers the node).
+		// login is completed (i.e., the user registers the machine).
 		// This is not implemented yet, as it is no strictly required. The only side-effect
 		// is that the client will hammer headscale with requests until it gets a
 		// successful RegisterResponse.
@@ -48,19 +48,19 @@ func (h *Headscale) handleRegister(
 			if _, ok := h.registrationCache.Get(util.NodePublicKeyStripPrefix(registerRequest.NodeKey)); ok {
 				log.Debug().
 					Caller().
-					Str("node", registerRequest.Hostinfo.Hostname).
+					Str("machine", registerRequest.Hostinfo.Hostname).
 					Str("machine_key", machineKey.ShortString()).
 					Str("node_key", registerRequest.NodeKey.ShortString()).
 					Str("node_key_old", registerRequest.OldNodeKey.ShortString()).
 					Str("follow_up", registerRequest.Followup).
 					Bool("noise", isNoise).
-					Msg("Node is waiting for interactive login")
+					Msg("Machine is waiting for interactive login")
 
 				select {
 				case <-req.Context().Done():
 					return
 				case <-time.After(registrationHoldoff):
-					h.handleNewNode(writer, registerRequest, machineKey, isNoise)
+					h.handleNewMachine(writer, registerRequest, machineKey, isNoise)
 
 					return
 				}
@@ -69,13 +69,13 @@ func (h *Headscale) handleRegister(
 
 		log.Info().
 			Caller().
-			Str("node", registerRequest.Hostinfo.Hostname).
+			Str("machine", registerRequest.Hostinfo.Hostname).
 			Str("machine_key", machineKey.ShortString()).
 			Str("node_key", registerRequest.NodeKey.ShortString()).
 			Str("node_key_old", registerRequest.OldNodeKey.ShortString()).
 			Str("follow_up", registerRequest.Followup).
 			Bool("noise", isNoise).
-			Msg("New node not yet in the database")
+			Msg("New machine not yet in the database")
 
 		givenName, err := h.db.GenerateGivenName(
 			machineKey.String(),
@@ -86,17 +86,16 @@ func (h *Headscale) handleRegister(
 				Caller().
 				Str("func", "RegistrationHandler").
 				Str("hostinfo.name", registerRequest.Hostinfo.Hostname).
-				Err(err).
-				Msg("Failed to generate given name for node")
+				Err(err)
 
 			return
 		}
 
-		// The node did not have a key to authenticate, which means
+		// The machine did not have a key to authenticate, which means
 		// that we rely on a method that calls back some how (OpenID or CLI)
-		// We create the node and then keep it around until a callback
+		// We create the machine and then keep it around until a callback
 		// happens
-		newNode := types.Node{
+		newMachine := types.Machine{
 			MachineKey: util.MachinePublicKeyStripPrefix(machineKey),
 			Hostname:   registerRequest.Hostinfo.Hostname,
 			GivenName:  givenName,
@@ -109,41 +108,41 @@ func (h *Headscale) handleRegister(
 			log.Trace().
 				Caller().
 				Bool("noise", isNoise).
-				Str("node", registerRequest.Hostinfo.Hostname).
+				Str("machine", registerRequest.Hostinfo.Hostname).
 				Time("expiry", registerRequest.Expiry).
 				Msg("Non-zero expiry time requested")
-			newNode.Expiry = &registerRequest.Expiry
+			newMachine.Expiry = &registerRequest.Expiry
 		}
 
 		h.registrationCache.Set(
-			newNode.NodeKey,
-			newNode,
+			newMachine.NodeKey,
+			newMachine,
 			registerCacheExpiration,
 		)
 
-		h.handleNewNode(writer, registerRequest, machineKey, isNoise)
+		h.handleNewMachine(writer, registerRequest, machineKey, isNoise)
 
 		return
 	}
 
-	// The node is already in the DB. This could mean one of the following:
-	// - The node is authenticated and ready to /map
+	// The machine is already in the DB. This could mean one of the following:
+	// - The machine is authenticated and ready to /map
 	// - We are doing a key refresh
-	// - The node is logged out (or expired) and pending to be authorized. TODO(juan): We need to keep alive the connection here
-	if node != nil {
+	// - The machine is logged out (or expired) and pending to be authorized. TODO(juan): We need to keep alive the connection here
+	if machine != nil {
 		// (juan): For a while we had a bug where we were not storing the MachineKey for the nodes using the TS2021,
 		// due to a misunderstanding of the protocol https://github.com/juanfont/headscale/issues/1054
-		// So if we have a not valid MachineKey (but we were able to fetch the node with the NodeKeys), we update it.
+		// So if we have a not valid MachineKey (but we were able to fetch the machine with the NodeKeys), we update it.
 		var storedMachineKey key.MachinePublic
 		err = storedMachineKey.UnmarshalText(
-			[]byte(util.MachinePublicKeyEnsurePrefix(node.MachineKey)),
+			[]byte(util.MachinePublicKeyEnsurePrefix(machine.MachineKey)),
 		)
 		if err != nil || storedMachineKey.IsZero() {
-			if err := h.db.NodeSetMachineKey(node, machineKey); err != nil {
+			if err := h.db.MachineSetMachineKey(machine, machineKey); err != nil {
 				log.Error().
 					Caller().
 					Str("func", "RegistrationHandler").
-					Str("node", node.Hostname).
+					Str("machine", machine.Hostname).
 					Err(err).
 					Msg("Error saving machine key to database")
 
@@ -154,34 +153,34 @@ func (h *Headscale) handleRegister(
 		// If the NodeKey stored in headscale is the same as the key presented in a registration
 		// request, then we have a node that is either:
 		// - Trying to log out (sending a expiry in the past)
-		// - A valid, registered node, looking for /map
-		// - Expired node wanting to reauthenticate
-		if node.NodeKey == util.NodePublicKeyStripPrefix(registerRequest.NodeKey) {
+		// - A valid, registered machine, looking for /map
+		// - Expired machine wanting to reauthenticate
+		if machine.NodeKey == util.NodePublicKeyStripPrefix(registerRequest.NodeKey) {
 			// The client sends an Expiry in the past if the client is requesting to expire the key (aka logout)
 			//   https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L648
 			if !registerRequest.Expiry.IsZero() &&
 				registerRequest.Expiry.UTC().Before(now) {
-				h.handleNodeLogOut(writer, *node, machineKey, isNoise)
+				h.handleMachineLogOut(writer, *machine, machineKey, isNoise)
 
 				return
 			}
 
-			// If node is not expired, and it is register, we have a already accepted this node,
+			// If machine is not expired, and it is register, we have a already accepted this machine,
 			// let it proceed with a valid registration
-			if !node.IsExpired() {
-				h.handleNodeWithValidRegistration(writer, *node, machineKey, isNoise)
+			if !machine.IsExpired() {
+				h.handleMachineWithValidRegistration(writer, *machine, machineKey, isNoise)
 
 				return
 			}
 		}
 
 		// The NodeKey we have matches OldNodeKey, which means this is a refresh after a key expiration
-		if node.NodeKey == util.NodePublicKeyStripPrefix(registerRequest.OldNodeKey) &&
-			!node.IsExpired() {
-			h.handleNodeKeyRefresh(
+		if machine.NodeKey == util.NodePublicKeyStripPrefix(registerRequest.OldNodeKey) &&
+			!machine.IsExpired() {
+			h.handleMachineKeyRefresh(
 				writer,
 				registerRequest,
-				*node,
+				*machine,
 				machineKey,
 				isNoise,
 			)
@@ -197,20 +196,20 @@ func (h *Headscale) handleRegister(
 			}
 		}
 
-		// The node has expired or it is logged out
-		h.handleNodeExpiredOrLoggedOut(writer, registerRequest, *node, machineKey, isNoise)
+		// The machine has expired or it is logged out
+		h.handleMachineExpiredOrLoggedOut(writer, registerRequest, *machine, machineKey, isNoise)
 
 		// TODO(juan): RegisterRequest includes an Expiry time, that we could optionally use
-		node.Expiry = &time.Time{}
+		machine.Expiry = &time.Time{}
 
 		// If we are here it means the client needs to be reauthorized,
 		// we need to make sure the NodeKey matches the one in the request
 		// TODO(juan): What happens when using fast user switching between two
 		// headscale-managed tailnets?
-		node.NodeKey = util.NodePublicKeyStripPrefix(registerRequest.NodeKey)
+		machine.NodeKey = util.NodePublicKeyStripPrefix(registerRequest.NodeKey)
 		h.registrationCache.Set(
 			util.NodePublicKeyStripPrefix(registerRequest.NodeKey),
-			*node,
+			*machine,
 			registerCacheExpiration,
 		)
 
@@ -231,7 +230,7 @@ func (h *Headscale) handleAuthKey(
 ) {
 	log.Debug().
 		Caller().
-		Str("node", registerRequest.Hostinfo.Hostname).
+		Str("machine", registerRequest.Hostinfo.Hostname).
 		Bool("noise", isNoise).
 		Msgf("Processing auth key for %s", registerRequest.Hostinfo.Hostname)
 	resp := tailcfg.RegisterResponse{}
@@ -241,7 +240,7 @@ func (h *Headscale) handleAuthKey(
 		log.Error().
 			Caller().
 			Bool("noise", isNoise).
-			Str("node", registerRequest.Hostinfo.Hostname).
+			Str("machine", registerRequest.Hostinfo.Hostname).
 			Err(err).
 			Msg("Failed authentication via AuthKey")
 		resp.MachineAuthorized = false
@@ -251,11 +250,11 @@ func (h *Headscale) handleAuthKey(
 			log.Error().
 				Caller().
 				Bool("noise", isNoise).
-				Str("node", registerRequest.Hostinfo.Hostname).
+				Str("machine", registerRequest.Hostinfo.Hostname).
 				Err(err).
 				Msg("Cannot encode message")
 			http.Error(writer, "Internal server error", http.StatusInternalServerError)
-			nodeRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
+			machineRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
 				Inc()
 
 			return
@@ -275,14 +274,14 @@ func (h *Headscale) handleAuthKey(
 		log.Error().
 			Caller().
 			Bool("noise", isNoise).
-			Str("node", registerRequest.Hostinfo.Hostname).
+			Str("machine", registerRequest.Hostinfo.Hostname).
 			Msg("Failed authentication via AuthKey")
 
 		if pak != nil {
-			nodeRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
+			machineRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
 				Inc()
 		} else {
-			nodeRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", "unknown").Inc()
+			machineRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", "unknown").Inc()
 		}
 
 		return
@@ -291,33 +290,33 @@ func (h *Headscale) handleAuthKey(
 	log.Debug().
 		Caller().
 		Bool("noise", isNoise).
-		Str("node", registerRequest.Hostinfo.Hostname).
+		Str("machine", registerRequest.Hostinfo.Hostname).
 		Msg("Authentication key was valid, proceeding to acquire IP addresses")
 
 	nodeKey := util.NodePublicKeyStripPrefix(registerRequest.NodeKey)
 
-	// retrieve node information if it exist
+	// retrieve machine information if it exist
 	// The error is not important, because if it does not
-	// exist, then this is a new node and we will move
+	// exist, then this is a new machine and we will move
 	// on to registration.
-	node, _ := h.db.GetNodeByAnyKey(machineKey, registerRequest.NodeKey, registerRequest.OldNodeKey)
-	if node != nil {
+	machine, _ := h.db.GetMachineByAnyKey(machineKey, registerRequest.NodeKey, registerRequest.OldNodeKey)
+	if machine != nil {
 		log.Trace().
 			Caller().
 			Bool("noise", isNoise).
-			Str("node", node.Hostname).
-			Msg("node was already registered before, refreshing with new auth key")
+			Str("machine", machine.Hostname).
+			Msg("machine was already registered before, refreshing with new auth key")
 
-		node.NodeKey = nodeKey
-		node.AuthKeyID = uint(pak.ID)
-		err := h.db.NodeSetExpiry(node, registerRequest.Expiry)
+		machine.NodeKey = nodeKey
+		machine.AuthKeyID = uint(pak.ID)
+		err := h.db.RefreshMachine(machine, registerRequest.Expiry)
 		if err != nil {
 			log.Error().
 				Caller().
 				Bool("noise", isNoise).
-				Str("node", node.Hostname).
+				Str("machine", machine.Hostname).
 				Err(err).
-				Msg("Failed to refresh node")
+				Msg("Failed to refresh machine")
 
 			return
 		}
@@ -325,16 +324,16 @@ func (h *Headscale) handleAuthKey(
 		aclTags := pak.Proto().AclTags
 		if len(aclTags) > 0 {
 			// This conditional preserves the existing behaviour, although SaaS would reset the tags on auth-key login
-			err = h.db.SetTags(node, aclTags)
+			err = h.db.SetTags(machine, aclTags)
 
 			if err != nil {
 				log.Error().
 					Caller().
 					Bool("noise", isNoise).
-					Str("node", node.Hostname).
+					Str("machine", machine.Hostname).
 					Strs("aclTags", aclTags).
 					Err(err).
-					Msg("Failed to set tags after refreshing node")
+					Msg("Failed to set tags after refreshing machine")
 
 				return
 			}
@@ -349,13 +348,12 @@ func (h *Headscale) handleAuthKey(
 				Bool("noise", isNoise).
 				Str("func", "RegistrationHandler").
 				Str("hostinfo.name", registerRequest.Hostinfo.Hostname).
-				Err(err).
-				Msg("Failed to generate given name for node")
+				Err(err)
 
 			return
 		}
 
-		nodeToRegister := types.Node{
+		machineToRegister := types.Machine{
 			Hostname:       registerRequest.Hostinfo.Hostname,
 			GivenName:      givenName,
 			UserID:         pak.User.ID,
@@ -368,16 +366,16 @@ func (h *Headscale) handleAuthKey(
 			ForcedTags:     pak.Proto().AclTags,
 		}
 
-		node, err = h.db.RegisterNode(
-			nodeToRegister,
+		machine, err = h.db.RegisterMachine(
+			machineToRegister,
 		)
 		if err != nil {
 			log.Error().
 				Caller().
 				Bool("noise", isNoise).
 				Err(err).
-				Msg("could not register node")
-			nodeRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
+				Msg("could not register machine")
+			machineRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
 				Inc()
 			http.Error(writer, "Internal server error", http.StatusInternalServerError)
 
@@ -392,7 +390,7 @@ func (h *Headscale) handleAuthKey(
 			Bool("noise", isNoise).
 			Err(err).
 			Msg("Failed to use pre-auth key")
-		nodeRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
+		machineRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
 			Inc()
 		http.Error(writer, "Internal server error", http.StatusInternalServerError)
 
@@ -410,16 +408,16 @@ func (h *Headscale) handleAuthKey(
 		log.Error().
 			Caller().
 			Bool("noise", isNoise).
-			Str("node", registerRequest.Hostinfo.Hostname).
+			Str("machine", registerRequest.Hostinfo.Hostname).
 			Err(err).
 			Msg("Cannot encode message")
-		nodeRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
+		machineRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "error", pak.User.Name).
 			Inc()
 		http.Error(writer, "Internal server error", http.StatusInternalServerError)
 
 		return
 	}
-	nodeRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "success", pak.User.Name).
+	machineRegistrations.WithLabelValues("new", util.RegisterMethodAuthKey, "success", pak.User.Name).
 		Inc()
 	writer.Header().Set("Content-Type", "application/json; charset=utf-8")
 	writer.WriteHeader(http.StatusOK)
@@ -434,14 +432,14 @@ func (h *Headscale) handleAuthKey(
 
 	log.Info().
 		Bool("noise", isNoise).
-		Str("node", registerRequest.Hostinfo.Hostname).
-		Str("ips", strings.Join(node.IPAddresses.StringSlice(), ", ")).
+		Str("machine", registerRequest.Hostinfo.Hostname).
+		Str("ips", strings.Join(machine.IPAddresses.StringSlice(), ", ")).
 		Msg("Successfully authenticated via AuthKey")
 }
 
-// handleNewNode exposes for both legacy and Noise the functionality to get a URL
-// for authorizing the node. This url is then showed to the user by the local Tailscale client.
-func (h *Headscale) handleNewNode(
+// handleNewMachine exposes for both legacy and Noise the functionality to get a URL
+// for authorizing the machine. This url is then showed to the user by the local Tailscale client.
+func (h *Headscale) handleNewMachine(
 	writer http.ResponseWriter,
 	registerRequest tailcfg.RegisterRequest,
 	machineKey key.MachinePublic,
@@ -449,11 +447,11 @@ func (h *Headscale) handleNewNode(
 ) {
 	resp := tailcfg.RegisterResponse{}
 
-	// The node registration is new, redirect the client to the registration URL
+	// The machine registration is new, redirect the client to the registration URL
 	log.Debug().
 		Caller().
 		Bool("noise", isNoise).
-		Str("node", registerRequest.Hostinfo.Hostname).
+		Str("machine", registerRequest.Hostinfo.Hostname).
 		Msg("The node seems to be new, sending auth url")
 
 	if h.oauth2Config != nil {
@@ -495,13 +493,13 @@ func (h *Headscale) handleNewNode(
 		Caller().
 		Bool("noise", isNoise).
 		Str("AuthURL", resp.AuthURL).
-		Str("node", registerRequest.Hostinfo.Hostname).
+		Str("machine", registerRequest.Hostinfo.Hostname).
 		Msg("Successfully sent auth url")
 }
 
-func (h *Headscale) handleNodeLogOut(
+func (h *Headscale) handleMachineLogOut(
 	writer http.ResponseWriter,
-	node types.Node,
+	machine types.Machine,
 	machineKey key.MachinePublic,
 	isNoise bool,
 ) {
@@ -509,17 +507,16 @@ func (h *Headscale) handleNodeLogOut(
 
 	log.Info().
 		Bool("noise", isNoise).
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Msg("Client requested logout")
 
-	now := time.Now()
-	err := h.db.NodeSetExpiry(&node, now)
+	err := h.db.ExpireMachine(&machine)
 	if err != nil {
 		log.Error().
 			Caller().
 			Bool("noise", isNoise).
 			Err(err).
-			Msg("Failed to expire node")
+			Msg("Failed to expire machine")
 		http.Error(writer, "Internal server error", http.StatusInternalServerError)
 
 		return
@@ -528,7 +525,7 @@ func (h *Headscale) handleNodeLogOut(
 	resp.AuthURL = ""
 	resp.MachineAuthorized = false
 	resp.NodeKeyExpired = true
-	resp.User = *node.User.TailscaleUser()
+	resp.User = *machine.User.TailscaleUser()
 	respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
 	if err != nil {
 		log.Error().
@@ -554,13 +551,13 @@ func (h *Headscale) handleNodeLogOut(
 		return
 	}
 
-	if node.IsEphemeral() {
-		err = h.db.DeleteNode(&node)
+	if machine.IsEphemeral() {
+		err = h.db.HardDeleteMachine(&machine)
 		if err != nil {
 			log.Error().
 				Err(err).
-				Str("node", node.Hostname).
-				Msg("Cannot delete ephemeral node from the database")
+				Str("machine", machine.Hostname).
+				Msg("Cannot delete ephemeral machine from the database")
 		}
 
 		return
@@ -569,29 +566,29 @@ func (h *Headscale) handleNodeLogOut(
 	log.Info().
 		Caller().
 		Bool("noise", isNoise).
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Msg("Successfully logged out")
 }
 
-func (h *Headscale) handleNodeWithValidRegistration(
+func (h *Headscale) handleMachineWithValidRegistration(
 	writer http.ResponseWriter,
-	node types.Node,
+	machine types.Machine,
 	machineKey key.MachinePublic,
 	isNoise bool,
 ) {
 	resp := tailcfg.RegisterResponse{}
 
-	// The node registration is valid, respond with redirect to /map
+	// The machine registration is valid, respond with redirect to /map
 	log.Debug().
 		Caller().
 		Bool("noise", isNoise).
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Msg("Client is registered and we have the current NodeKey. All clear to /map")
 
 	resp.AuthURL = ""
 	resp.MachineAuthorized = true
-	resp.User = *node.User.TailscaleUser()
-	resp.Login = *node.User.TailscaleLogin()
+	resp.User = *machine.User.TailscaleUser()
+	resp.Login = *machine.User.TailscaleLogin()
 
 	respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
 	if err != nil {
@@ -600,13 +597,13 @@ func (h *Headscale) handleNodeWithValidRegistration(
 			Bool("noise", isNoise).
 			Err(err).
 			Msg("Cannot encode message")
-		nodeRegistrations.WithLabelValues("update", "web", "error", node.User.Name).
+		machineRegistrations.WithLabelValues("update", "web", "error", machine.User.Name).
 			Inc()
 		http.Error(writer, "Internal server error", http.StatusInternalServerError)
 
 		return
 	}
-	nodeRegistrations.WithLabelValues("update", "web", "success", node.User.Name).
+	machineRegistrations.WithLabelValues("update", "web", "success", machine.User.Name).
 		Inc()
 
 	writer.Header().Set("Content-Type", "application/json; charset=utf-8")
@@ -623,14 +620,14 @@ func (h *Headscale) handleNodeWithValidRegistration(
 	log.Info().
 		Caller().
 		Bool("noise", isNoise).
-		Str("node", node.Hostname).
-		Msg("Node successfully authorized")
+		Str("machine", machine.Hostname).
+		Msg("Machine successfully authorized")
 }
 
-func (h *Headscale) handleNodeKeyRefresh(
+func (h *Headscale) handleMachineKeyRefresh(
 	writer http.ResponseWriter,
 	registerRequest tailcfg.RegisterRequest,
-	node types.Node,
+	machine types.Machine,
 	machineKey key.MachinePublic,
 	isNoise bool,
 ) {
@@ -639,10 +636,10 @@ func (h *Headscale) handleNodeKeyRefresh(
 	log.Info().
 		Caller().
 		Bool("noise", isNoise).
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Msg("We have the OldNodeKey in the database. This is a key refresh")
 
-	err := h.db.NodeSetNodeKey(&node, registerRequest.NodeKey)
+	err := h.db.MachineSetNodeKey(&machine, registerRequest.NodeKey)
 	if err != nil {
 		log.Error().
 			Caller().
@@ -654,7 +651,7 @@ func (h *Headscale) handleNodeKeyRefresh(
 	}
 
 	resp.AuthURL = ""
-	resp.User = *node.User.TailscaleUser()
+	resp.User = *machine.User.TailscaleUser()
 	respBody, err := mapper.MarshalResponse(resp, isNoise, h.privateKey2019, machineKey)
 	if err != nil {
 		log.Error().
@@ -683,14 +680,14 @@ func (h *Headscale) handleNodeKeyRefresh(
 		Bool("noise", isNoise).
 		Str("node_key", registerRequest.NodeKey.ShortString()).
 		Str("old_node_key", registerRequest.OldNodeKey.ShortString()).
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Msg("Node key successfully refreshed")
 }
 
-func (h *Headscale) handleNodeExpiredOrLoggedOut(
+func (h *Headscale) handleMachineExpiredOrLoggedOut(
 	writer http.ResponseWriter,
 	registerRequest tailcfg.RegisterRequest,
-	node types.Node,
+	machine types.Machine,
 	machineKey key.MachinePublic,
 	isNoise bool,
 ) {
@@ -706,11 +703,11 @@ func (h *Headscale) handleNodeExpiredOrLoggedOut(
 	log.Trace().
 		Caller().
 		Bool("noise", isNoise).
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Str("machine_key", machineKey.ShortString()).
 		Str("node_key", registerRequest.NodeKey.ShortString()).
 		Str("node_key_old", registerRequest.OldNodeKey.ShortString()).
-		Msg("Node registration has expired or logged out. Sending a auth url to register")
+		Msg("Machine registration has expired or logged out. Sending a auth url to register")
 
 	if h.oauth2Config != nil {
 		resp.AuthURL = fmt.Sprintf("%s/oidc/register/%s",
@@ -729,13 +726,13 @@ func (h *Headscale) handleNodeExpiredOrLoggedOut(
 			Bool("noise", isNoise).
 			Err(err).
 			Msg("Cannot encode message")
-		nodeRegistrations.WithLabelValues("reauth", "web", "error", node.User.Name).
+		machineRegistrations.WithLabelValues("reauth", "web", "error", machine.User.Name).
 			Inc()
 		http.Error(writer, "Internal server error", http.StatusInternalServerError)
 
 		return
 	}
-	nodeRegistrations.WithLabelValues("reauth", "web", "success", node.User.Name).
+	machineRegistrations.WithLabelValues("reauth", "web", "success", machine.User.Name).
 		Inc()
 
 	writer.Header().Set("Content-Type", "application/json; charset=utf-8")
@@ -755,6 +752,6 @@ func (h *Headscale) handleNodeExpiredOrLoggedOut(
 		Str("machine_key", machineKey.ShortString()).
 		Str("node_key", registerRequest.NodeKey.ShortString()).
 		Str("node_key_old", registerRequest.OldNodeKey.ShortString()).
-		Str("node", node.Hostname).
-		Msg("Node logged out. Sent AuthURL for reauthentication")
+		Str("machine", machine.Hostname).
+		Msg("Machine logged out. Sent AuthURL for reauthentication")
 }

hscontrol/auth_legacy.go

@@ -39,7 +39,7 @@ func (h *Headscale) RegistrationHandler(
 			Caller().
 			Err(err).
 			Msg("Cannot parse machine key")
-		nodeRegistrations.WithLabelValues("unknown", "web", "error", "unknown").Inc()
+		machineRegistrations.WithLabelValues("unknown", "web", "error", "unknown").Inc()
 		http.Error(writer, "Cannot parse machine key", http.StatusBadRequest)
 
 		return
@@ -51,7 +51,7 @@ func (h *Headscale) RegistrationHandler(
 			Caller().
 			Err(err).
 			Msg("Cannot decode message")
-		nodeRegistrations.WithLabelValues("unknown", "web", "error", "unknown").Inc()
+		machineRegistrations.WithLabelValues("unknown", "web", "error", "unknown").Inc()
 		http.Error(writer, "Cannot decode message", http.StatusBadRequest)
 
 		return

hscontrol/auth_noise.go

@@ -9,7 +9,7 @@ import (
 	"tailscale.com/tailcfg"
 )
 
-// // NoiseRegistrationHandler handles the actual registration process of a node.
+// // NoiseRegistrationHandler handles the actual registration process of a machine.
 func (ns *noiseServer) NoiseRegistrationHandler(
 	writer http.ResponseWriter,
 	req *http.Request,
@@ -23,7 +23,6 @@ func (ns *noiseServer) NoiseRegistrationHandler(
 
 	log.Trace().
 		Any("headers", req.Header).
-		Caller().
 		Msg("Headers")
 
 	body, _ := io.ReadAll(req.Body)
@@ -33,7 +32,7 @@ func (ns *noiseServer) NoiseRegistrationHandler(
 			Caller().
 			Err(err).
 			Msg("Cannot parse RegisterRequest")
-		nodeRegistrations.WithLabelValues("unknown", "web", "error", "unknown").Inc()
+		machineRegistrations.WithLabelValues("unknown", "web", "error", "unknown").Inc()
 		http.Error(writer, "Internal error", http.StatusInternalServerError)
 
 		return

hscontrol/db/addresses.go

@@ -17,8 +17,8 @@ import (
 
 var ErrCouldNotAllocateIP = errors.New("could not find any suitable IP")
 
-func (hsdb *HSDatabase) getAvailableIPs() (types.NodeAddresses, error) {
-	var ips types.NodeAddresses
+func (hsdb *HSDatabase) getAvailableIPs() (types.MachineAddresses, error) {
+	var ips types.MachineAddresses
 	var err error
 	for _, ipPrefix := range hsdb.ipPrefixes {
 		var ip *netip.Addr
@@ -69,11 +69,11 @@ func (hsdb *HSDatabase) getUsedIPs() (*netipx.IPSet, error) {
 	// but this was quick to get running and it should be enough
 	// to begin experimenting with a dual stack tailnet.
 	var addressesSlices []string
-	hsdb.db.Model(&types.Node{}).Pluck("ip_addresses", &addressesSlices)
+	hsdb.db.Model(&types.Machine{}).Pluck("ip_addresses", &addressesSlices)
 
 	var ips netipx.IPSetBuilder
 	for _, slice := range addressesSlices {
-		var machineAddresses types.NodeAddresses
+		var machineAddresses types.MachineAddresses
 		err := machineAddresses.Scan(slice)
 		if err != nil {
 			return &netipx.IPSet{}, fmt.Errorf(

hscontrol/db/addresses_test.go

@@ -30,21 +30,21 @@ func (s *Suite) TestGetUsedIps(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "testnode")
+	_, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.NotNil)
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		IPAddresses:    ips,
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
 	usedIps, err := db.getUsedIPs()
 
@@ -58,11 +58,13 @@ func (s *Suite) TestGetUsedIps(c *check.C) {
 	c.Assert(usedIps.Equal(expectedIPSet), check.Equals, true)
 	c.Assert(usedIps.Contains(expected), check.Equals, true)
 
-	node1, err := db.GetNodeByID(0)
+	machine1, err := db.GetMachineByID(0)
 	c.Assert(err, check.IsNil)
 
-	c.Assert(len(node1.IPAddresses), check.Equals, 1)
-	c.Assert(node1.IPAddresses[0], check.Equals, expected)
+	c.Assert(len(machine1.IPAddresses), check.Equals, 1)
+	c.Assert(machine1.IPAddresses[0], check.Equals, expected)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (s *Suite) TestGetMultiIp(c *check.C) {
@@ -78,21 +80,21 @@ func (s *Suite) TestGetMultiIp(c *check.C) {
 		pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 		c.Assert(err, check.IsNil)
 
-		_, err = db.GetNode("test", "testnode")
+		_, err = db.GetMachine("test", "testmachine")
 		c.Assert(err, check.NotNil)
 
-		node := types.Node{
+		machine := types.Machine{
 			ID:             uint64(index),
 			MachineKey:     "foo",
 			NodeKey:        "bar",
 			DiscoKey:       "faa",
-			Hostname:       "testnode",
+			Hostname:       "testmachine",
 			UserID:         user.ID,
 			RegisterMethod: util.RegisterMethodAuthKey,
 			AuthKeyID:      uint(pak.ID),
 			IPAddresses:    ips,
 		}
-		db.db.Save(&node)
+		db.db.Save(&machine)
 
 		db.ipAllocationMutex.Unlock()
 	}
@@ -119,20 +121,20 @@ func (s *Suite) TestGetMultiIp(c *check.C) {
 	c.Assert(usedIps.Contains(expected300), check.Equals, true)
 
 	// Check that we can read back the IPs
-	node1, err := db.GetNodeByID(1)
+	machine1, err := db.GetMachineByID(1)
 	c.Assert(err, check.IsNil)
-	c.Assert(len(node1.IPAddresses), check.Equals, 1)
+	c.Assert(len(machine1.IPAddresses), check.Equals, 1)
 	c.Assert(
-		node1.IPAddresses[0],
+		machine1.IPAddresses[0],
 		check.Equals,
 		netip.MustParseAddr("10.27.0.1"),
 	)
 
-	node50, err := db.GetNodeByID(50)
+	machine50, err := db.GetMachineByID(50)
 	c.Assert(err, check.IsNil)
-	c.Assert(len(node50.IPAddresses), check.Equals, 1)
+	c.Assert(len(machine50.IPAddresses), check.Equals, 1)
 	c.Assert(
-		node50.IPAddresses[0],
+		machine50.IPAddresses[0],
 		check.Equals,
 		netip.MustParseAddr("10.27.0.50"),
 	)
@@ -151,9 +153,11 @@ func (s *Suite) TestGetMultiIp(c *check.C) {
 
 	c.Assert(len(nextIP2), check.Equals, 1)
 	c.Assert(nextIP2[0].String(), check.Equals, expectedNextIP.String())
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
-func (s *Suite) TestGetAvailableIpNodeWithoutIP(c *check.C) {
+func (s *Suite) TestGetAvailableIpMachineWithoutIP(c *check.C) {
 	ips, err := db.getAvailableIPs()
 	c.Assert(err, check.IsNil)
 
@@ -168,24 +172,26 @@ func (s *Suite) TestGetAvailableIpNodeWithoutIP(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "testnode")
+	_, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.NotNil)
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
 	ips2, err := db.getAvailableIPs()
 	c.Assert(err, check.IsNil)
 
 	c.Assert(len(ips2), check.Equals, 1)
 	c.Assert(ips2[0].String(), check.Equals, expected.String())
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }

hscontrol/db/api_key.go

@@ -22,9 +22,6 @@ var ErrAPIKeyFailedToParse = errors.New("failed to parse ApiKey")
 func (hsdb *HSDatabase) CreateAPIKey(
 	expiration *time.Time,
 ) (string, *types.APIKey, error) {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
 	prefix, err := util.GenerateRandomStringURLSafe(apiPrefixLength)
 	if err != nil {
 		return "", nil, err
@@ -58,9 +55,6 @@ func (hsdb *HSDatabase) CreateAPIKey(
 
 // ListAPIKeys returns the list of ApiKeys for a user.
 func (hsdb *HSDatabase) ListAPIKeys() ([]types.APIKey, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
 	keys := []types.APIKey{}
 	if err := hsdb.db.Find(&keys).Error; err != nil {
 		return nil, err
@@ -71,9 +65,6 @@ func (hsdb *HSDatabase) ListAPIKeys() ([]types.APIKey, error) {
 
 // GetAPIKey returns a ApiKey for a given key.
 func (hsdb *HSDatabase) GetAPIKey(prefix string) (*types.APIKey, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
 	key := types.APIKey{}
 	if result := hsdb.db.First(&key, "prefix = ?", prefix); result.Error != nil {
 		return nil, result.Error
@@ -84,9 +75,6 @@ func (hsdb *HSDatabase) GetAPIKey(prefix string) (*types.APIKey, error) {
 
 // GetAPIKeyByID returns a ApiKey for a given id.
 func (hsdb *HSDatabase) GetAPIKeyByID(id uint64) (*types.APIKey, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
 	key := types.APIKey{}
 	if result := hsdb.db.Find(&types.APIKey{ID: id}).First(&key); result.Error != nil {
 		return nil, result.Error
@@ -98,9 +86,6 @@ func (hsdb *HSDatabase) GetAPIKeyByID(id uint64) (*types.APIKey, error) {
 // DestroyAPIKey destroys a ApiKey. Returns error if the ApiKey
 // does not exist.
 func (hsdb *HSDatabase) DestroyAPIKey(key types.APIKey) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
 	if result := hsdb.db.Unscoped().Delete(key); result.Error != nil {
 		return result.Error
 	}
@@ -110,9 +95,6 @@ func (hsdb *HSDatabase) DestroyAPIKey(key types.APIKey) error {
 
 // ExpireAPIKey marks a ApiKey as expired.
 func (hsdb *HSDatabase) ExpireAPIKey(key *types.APIKey) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
 	if err := hsdb.db.Model(&key).Update("Expiration", time.Now()).Error; err != nil {
 		return err
 	}
@@ -121,9 +103,6 @@ func (hsdb *HSDatabase) ExpireAPIKey(key *types.APIKey) error {
 }
 
 func (hsdb *HSDatabase) ValidateAPIKey(keyStr string) (bool, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
 	prefix, hash, found := strings.Cut(keyStr, ".")
 	if !found {
 		return false, ErrAPIKeyFailedToParse

hscontrol/db/api_key_test.go

@@ -22,6 +22,8 @@ func (*Suite) TestCreateAPIKey(c *check.C) {
 	keys, err := db.ListAPIKeys()
 	c.Assert(err, check.IsNil)
 	c.Assert(len(keys), check.Equals, 1)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (*Suite) TestAPIKeyDoesNotExist(c *check.C) {
@@ -39,6 +41,8 @@ func (*Suite) TestValidateAPIKeyOk(c *check.C) {
 	valid, err := db.ValidateAPIKey(apiKeyStr)
 	c.Assert(err, check.IsNil)
 	c.Assert(valid, check.Equals, true)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (*Suite) TestValidateAPIKeyNotOk(c *check.C) {
@@ -67,6 +71,8 @@ func (*Suite) TestValidateAPIKeyNotOk(c *check.C) {
 	validWithErr, err := db.ValidateAPIKey("produceerrorkey")
 	c.Assert(err, check.NotNil)
 	c.Assert(validWithErr, check.Equals, false)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (*Suite) TestExpireAPIKey(c *check.C) {
@@ -86,4 +92,6 @@ func (*Suite) TestExpireAPIKey(c *check.C) {
 	notValid, err := db.ValidateAPIKey(apiKeyStr)
 	c.Assert(err, check.IsNil)
 	c.Assert(notValid, check.Equals, false)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }

hscontrol/db/db.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	"github.com/glebarez/sqlite"
-	"github.com/juanfont/headscale/hscontrol/notifier"
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/rs/zerolog/log"
@@ -37,10 +36,8 @@ type KV struct {
 }
 
 type HSDatabase struct {
-	db       *gorm.DB
-	notifier *notifier.Notifier
-
-	mu sync.RWMutex
+	db              *gorm.DB
+	notifyStateChan chan<- struct{}
 
 	ipAllocationMutex sync.Mutex
 
@@ -53,7 +50,7 @@ type HSDatabase struct {
 func NewHeadscaleDatabase(
 	dbType, connectionAddr string,
 	debug bool,
-	notifier *notifier.Notifier,
+	notifyStateChan chan<- struct{},
 	ipPrefixes []netip.Prefix,
 	baseDomain string,
 ) (*HSDatabase, error) {
@@ -63,8 +60,8 @@ func NewHeadscaleDatabase(
 	}
 
 	db := HSDatabase{
-		db:       dbConn,
-		notifier: notifier,
+		db:              dbConn,
+		notifyStateChan: notifyStateChan,
 
 		ipPrefixes: ipPrefixes,
 		baseDomain: baseDomain,
@@ -78,53 +75,49 @@ func NewHeadscaleDatabase(
 
 	_ = dbConn.Migrator().RenameTable("namespaces", "users")
 
-	// the big rename from Machine to Node
-	_ = dbConn.Migrator().RenameTable("machines", "nodes")
-	_ = dbConn.Migrator().RenameColumn(&types.Route{}, "machine_id", "node_id")
-
 	err = dbConn.AutoMigrate(types.User{})
 	if err != nil {
 		return nil, err
 	}
 
-	_ = dbConn.Migrator().RenameColumn(&types.Node{}, "namespace_id", "user_id")
+	_ = dbConn.Migrator().RenameColumn(&types.Machine{}, "namespace_id", "user_id")
 	_ = dbConn.Migrator().RenameColumn(&types.PreAuthKey{}, "namespace_id", "user_id")
 
-	_ = dbConn.Migrator().RenameColumn(&types.Node{}, "ip_address", "ip_addresses")
-	_ = dbConn.Migrator().RenameColumn(&types.Node{}, "name", "hostname")
+	_ = dbConn.Migrator().RenameColumn(&types.Machine{}, "ip_address", "ip_addresses")
+	_ = dbConn.Migrator().RenameColumn(&types.Machine{}, "name", "hostname")
 
 	// GivenName is used as the primary source of DNS names, make sure
 	// the field is populated and normalized if it was not when the
-	// node was registered.
-	_ = dbConn.Migrator().RenameColumn(&types.Node{}, "nickname", "given_name")
+	// machine was registered.
+	_ = dbConn.Migrator().RenameColumn(&types.Machine{}, "nickname", "given_name")
 
-	// If the MacNodehine table has a column for registered,
+	// If the Machine table has a column for registered,
 	// find all occourences of "false" and drop them. Then
 	// remove the column.
-	if dbConn.Migrator().HasColumn(&types.Node{}, "registered") {
+	if dbConn.Migrator().HasColumn(&types.Machine{}, "registered") {
 		log.Info().
-			Msg(`Database has legacy "registered" column in node, removing...`)
+			Msg(`Database has legacy "registered" column in machine, removing...`)
 
-		nodes := types.Nodes{}
-		if err := dbConn.Not("registered").Find(&nodes).Error; err != nil {
+		machines := types.Machines{}
+		if err := dbConn.Not("registered").Find(&machines).Error; err != nil {
 			log.Error().Err(err).Msg("Error accessing db")
 		}
 
-		for _, node := range nodes {
+		for _, machine := range machines {
 			log.Info().
-				Str("node", node.Hostname).
-				Str("machine_key", node.MachineKey).
-				Msg("Deleting unregistered node")
-			if err := dbConn.Delete(&types.Node{}, node.ID).Error; err != nil {
+				Str("machine", machine.Hostname).
+				Str("machine_key", machine.MachineKey).
+				Msg("Deleting unregistered machine")
+			if err := dbConn.Delete(&types.Machine{}, machine.ID).Error; err != nil {
 				log.Error().
 					Err(err).
-					Str("node", node.Hostname).
-					Str("machine_key", node.MachineKey).
-					Msg("Error deleting unregistered node")
+					Str("machine", machine.Hostname).
+					Str("machine_key", machine.MachineKey).
+					Msg("Error deleting unregistered machine")
 			}
 		}
 
-		err := dbConn.Migrator().DropColumn(&types.Node{}, "registered")
+		err := dbConn.Migrator().DropColumn(&types.Machine{}, "registered")
 		if err != nil {
 			log.Error().Err(err).Msg("Error dropping registered column")
 		}
@@ -135,21 +128,21 @@ func NewHeadscaleDatabase(
 		return nil, err
 	}
 
-	if dbConn.Migrator().HasColumn(&types.Node{}, "enabled_routes") {
-		log.Info().Msgf("Database has legacy enabled_routes column in node, migrating...")
+	if dbConn.Migrator().HasColumn(&types.Machine{}, "enabled_routes") {
+		log.Info().Msgf("Database has legacy enabled_routes column in machine, migrating...")
 
-		type NodeAux struct {
+		type MachineAux struct {
 			ID            uint64
 			EnabledRoutes types.IPPrefixes
 		}
 
-		nodesAux := []NodeAux{}
-		err := dbConn.Table("nodes").Select("id, enabled_routes").Scan(&nodesAux).Error
+		machinesAux := []MachineAux{}
+		err := dbConn.Table("machines").Select("id, enabled_routes").Scan(&machinesAux).Error
 		if err != nil {
 			log.Fatal().Err(err).Msg("Error accessing db")
 		}
-		for _, node := range nodesAux {
-			for _, prefix := range node.EnabledRoutes {
+		for _, machine := range machinesAux {
+			for _, prefix := range machine.EnabledRoutes {
 				if err != nil {
 					log.Error().
 						Err(err).
@@ -159,8 +152,8 @@ func NewHeadscaleDatabase(
 					continue
 				}
 
-				err = dbConn.Preload("Node").
-					Where("node_id = ? AND prefix = ?", node.ID, types.IPPrefix(prefix)).
+				err = dbConn.Preload("Machine").
+					Where("machine_id = ? AND prefix = ?", machine.ID, types.IPPrefix(prefix)).
 					First(&types.Route{}).
 					Error
 				if err == nil {
@@ -172,7 +165,7 @@ func NewHeadscaleDatabase(
 				}
 
 				route := types.Route{
-					NodeID:     node.ID,
+					MachineID:  machine.ID,
 					Advertised: true,
 					Enabled:    true,
 					Prefix:     types.IPPrefix(prefix),
@@ -181,50 +174,50 @@ func NewHeadscaleDatabase(
 					log.Error().Err(err).Msg("Error creating route")
 				} else {
 					log.Info().
-						Uint64("node_id", route.NodeID).
+						Uint64("machine_id", route.MachineID).
 						Str("prefix", prefix.String()).
 						Msg("Route migrated")
 				}
 			}
 		}
 
-		err = dbConn.Migrator().DropColumn(&types.Node{}, "enabled_routes")
+		err = dbConn.Migrator().DropColumn(&types.Machine{}, "enabled_routes")
 		if err != nil {
 			log.Error().Err(err).Msg("Error dropping enabled_routes column")
 		}
 	}
 
-	err = dbConn.AutoMigrate(&types.Node{})
+	err = dbConn.AutoMigrate(&types.Machine{})
 	if err != nil {
 		return nil, err
 	}
 
-	if dbConn.Migrator().HasColumn(&types.Node{}, "given_name") {
-		nodes := types.Nodes{}
-		if err := dbConn.Find(&nodes).Error; err != nil {
+	if dbConn.Migrator().HasColumn(&types.Machine{}, "given_name") {
+		machines := types.Machines{}
+		if err := dbConn.Find(&machines).Error; err != nil {
 			log.Error().Err(err).Msg("Error accessing db")
 		}
 
-		for item, node := range nodes {
-			if node.GivenName == "" {
+		for item, machine := range machines {
+			if machine.GivenName == "" {
 				normalizedHostname, err := util.NormalizeToFQDNRulesConfigFromViper(
-					node.Hostname,
+					machine.Hostname,
 				)
 				if err != nil {
 					log.Error().
 						Caller().
-						Str("hostname", node.Hostname).
+						Str("hostname", machine.Hostname).
 						Err(err).
-						Msg("Failed to normalize node hostname in DB migration")
+						Msg("Failed to normalize machine hostname in DB migration")
 				}
 
-				err = db.RenameNode(nodes[item], normalizedHostname)
+				err = db.RenameMachine(&machines[item], normalizedHostname)
 				if err != nil {
 					log.Error().
 						Caller().
-						Str("hostname", node.Hostname).
+						Str("hostname", machine.Hostname).
 						Err(err).
-						Msg("Failed to save normalized node name in DB migration")
+						Msg("Failed to save normalized machine name in DB migration")
 				}
 			}
 		}
@@ -304,6 +297,10 @@ func openDB(dbType, connectionAddr string, debug bool) (*gorm.DB, error) {
 	)
 }
 
+func (hsdb *HSDatabase) notifyStateChange() {
+	hsdb.notifyStateChan <- struct{}{}
+}
+
 // getValue returns the value for the given key in KV.
 func (hsdb *HSDatabase) getValue(key string) (string, error) {
 	var row KV

hscontrol/db/machine.go

@@ -0,0 +1,776 @@
+package db
+
+import (
+	"errors"
+	"fmt"
+	"net/netip"
+	"sort"
+	"strings"
+	"time"
+
+	"github.com/juanfont/headscale/hscontrol/types"
+	"github.com/juanfont/headscale/hscontrol/util"
+	"github.com/patrickmn/go-cache"
+	"github.com/rs/zerolog/log"
+	"gorm.io/gorm"
+	"tailscale.com/types/key"
+)
+
+const (
+	MachineGivenNameHashLength = 8
+	MachineGivenNameTrimSize   = 2
+)
+
+var (
+	ErrMachineNotFound                  = errors.New("machine not found")
+	ErrMachineRouteIsNotAvailable       = errors.New("route is not available on machine")
+	ErrMachineNotFoundRegistrationCache = errors.New(
+		"machine not found in registration cache",
+	)
+	ErrCouldNotConvertMachineInterface = errors.New("failed to convert machine interface")
+	ErrDifferentRegisteredUser         = errors.New(
+		"machine was previously registered with a different user",
+	)
+)
+
+// ListPeers returns all peers of machine, regardless of any Policy or if the node is expired.
+func (hsdb *HSDatabase) ListPeers(machine *types.Machine) (types.Machines, error) {
+	log.Trace().
+		Caller().
+		Str("machine", machine.Hostname).
+		Msg("Finding direct peers")
+
+	machines := types.Machines{}
+	if err := hsdb.db.
+		Preload("AuthKey").
+		Preload("AuthKey.User").
+		Preload("User").
+		Preload("Routes").
+		Where("node_key <> ?",
+			machine.NodeKey).Find(&machines).Error; err != nil {
+		return types.Machines{}, err
+	}
+
+	sort.Slice(machines, func(i, j int) bool { return machines[i].ID < machines[j].ID })
+
+	log.Trace().
+		Caller().
+		Str("machine", machine.Hostname).
+		Msgf("Found peers: %s", machines.String())
+
+	return machines, nil
+}
+
+func (hsdb *HSDatabase) ListMachines() ([]types.Machine, error) {
+	machines := []types.Machine{}
+	if err := hsdb.db.
+		Preload("AuthKey").
+		Preload("AuthKey.User").
+		Preload("User").
+		Preload("Routes").
+		Find(&machines).Error; err != nil {
+		return nil, err
+	}
+
+	return machines, nil
+}
+
+func (hsdb *HSDatabase) ListMachinesByGivenName(givenName string) (types.Machines, error) {
+	machines := types.Machines{}
+	if err := hsdb.db.
+		Preload("AuthKey").
+		Preload("AuthKey.User").
+		Preload("User").
+		Preload("Routes").
+		Where("given_name = ?", givenName).Find(&machines).Error; err != nil {
+		return nil, err
+	}
+
+	return machines, nil
+}
+
+// GetMachine finds a Machine by name and user and returns the Machine struct.
+func (hsdb *HSDatabase) GetMachine(user string, name string) (*types.Machine, error) {
+	machines, err := hsdb.ListMachinesByUser(user)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, m := range machines {
+		if m.Hostname == name {
+			return &m, nil
+		}
+	}
+
+	return nil, ErrMachineNotFound
+}
+
+// GetMachineByGivenName finds a Machine by given name and user and returns the Machine struct.
+func (hsdb *HSDatabase) GetMachineByGivenName(
+	user string,
+	givenName string,
+) (*types.Machine, error) {
+	machines, err := hsdb.ListMachinesByUser(user)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, m := range machines {
+		if m.GivenName == givenName {
+			return &m, nil
+		}
+	}
+
+	return nil, ErrMachineNotFound
+}
+
+// GetMachineByID finds a Machine by ID and returns the Machine struct.
+func (hsdb *HSDatabase) GetMachineByID(id uint64) (*types.Machine, error) {
+	mach := types.Machine{}
+	if result := hsdb.db.
+		Preload("AuthKey").
+		Preload("AuthKey.User").
+		Preload("User").
+		Preload("Routes").
+		Find(&types.Machine{ID: id}).First(&mach); result.Error != nil {
+		return nil, result.Error
+	}
+
+	return &mach, nil
+}
+
+// GetMachineByMachineKey finds a Machine by its MachineKey and returns the Machine struct.
+func (hsdb *HSDatabase) GetMachineByMachineKey(
+	machineKey key.MachinePublic,
+) (*types.Machine, error) {
+	mach := types.Machine{}
+	if result := hsdb.db.
+		Preload("AuthKey").
+		Preload("AuthKey.User").
+		Preload("User").
+		Preload("Routes").
+		First(&mach, "machine_key = ?", util.MachinePublicKeyStripPrefix(machineKey)); result.Error != nil {
+		return nil, result.Error
+	}
+
+	return &mach, nil
+}
+
+// GetMachineByNodeKey finds a Machine by its current NodeKey.
+func (hsdb *HSDatabase) GetMachineByNodeKey(
+	nodeKey key.NodePublic,
+) (*types.Machine, error) {
+	machine := types.Machine{}
+	if result := hsdb.db.
+		Preload("AuthKey").
+		Preload("AuthKey.User").
+		Preload("User").
+		Preload("Routes").
+		First(&machine, "node_key = ?",
+			util.NodePublicKeyStripPrefix(nodeKey)); result.Error != nil {
+		return nil, result.Error
+	}
+
+	return &machine, nil
+}
+
+// GetMachineByAnyNodeKey finds a Machine by its MachineKey, its current NodeKey or the old one, and returns the Machine struct.
+func (hsdb *HSDatabase) GetMachineByAnyKey(
+	machineKey key.MachinePublic, nodeKey key.NodePublic, oldNodeKey key.NodePublic,
+) (*types.Machine, error) {
+	machine := types.Machine{}
+	if result := hsdb.db.
+		Preload("AuthKey").
+		Preload("AuthKey.User").
+		Preload("User").
+		Preload("Routes").
+		First(&machine, "machine_key = ? OR node_key = ? OR node_key = ?",
+			util.MachinePublicKeyStripPrefix(machineKey),
+			util.NodePublicKeyStripPrefix(nodeKey),
+			util.NodePublicKeyStripPrefix(oldNodeKey)); result.Error != nil {
+		return nil, result.Error
+	}
+
+	return &machine, nil
+}
+
+// TODO(kradalby): rename this, it sounds like a mix of getting and setting to db
+// UpdateMachineFromDatabase takes a Machine struct pointer (typically already loaded from database
+// and updates it with the latest data from the database.
+func (hsdb *HSDatabase) UpdateMachineFromDatabase(machine *types.Machine) error {
+	if result := hsdb.db.Find(machine).First(&machine); result.Error != nil {
+		return result.Error
+	}
+
+	return nil
+}
+
+// SetTags takes a Machine struct pointer and update the forced tags.
+func (hsdb *HSDatabase) SetTags(
+	machine *types.Machine,
+	tags []string,
+) error {
+	newTags := []string{}
+	for _, tag := range tags {
+		if !util.StringOrPrefixListContains(newTags, tag) {
+			newTags = append(newTags, tag)
+		}
+	}
+	machine.ForcedTags = newTags
+
+	hsdb.notifyStateChange()
+
+	if err := hsdb.db.Save(machine).Error; err != nil {
+		return fmt.Errorf("failed to update tags for machine in the database: %w", err)
+	}
+
+	return nil
+}
+
+// ExpireMachine takes a Machine struct and sets the expire field to now.
+func (hsdb *HSDatabase) ExpireMachine(machine *types.Machine) error {
+	now := time.Now()
+	machine.Expiry = &now
+
+	hsdb.notifyStateChange()
+
+	if err := hsdb.db.Save(machine).Error; err != nil {
+		return fmt.Errorf("failed to expire machine in the database: %w", err)
+	}
+
+	return nil
+}
+
+// RenameMachine takes a Machine struct and a new GivenName for the machines
+// and renames it.
+func (hsdb *HSDatabase) RenameMachine(machine *types.Machine, newName string) error {
+	err := util.CheckForFQDNRules(
+		newName,
+	)
+	if err != nil {
+		log.Error().
+			Caller().
+			Str("func", "RenameMachine").
+			Str("machine", machine.Hostname).
+			Str("newName", newName).
+			Err(err)
+
+		return err
+	}
+	machine.GivenName = newName
+
+	hsdb.notifyStateChange()
+
+	if err := hsdb.db.Save(machine).Error; err != nil {
+		return fmt.Errorf("failed to rename machine in the database: %w", err)
+	}
+
+	return nil
+}
+
+// RefreshMachine takes a Machine struct and  a new expiry time.
+func (hsdb *HSDatabase) RefreshMachine(machine *types.Machine, expiry time.Time) error {
+	now := time.Now()
+
+	machine.LastSuccessfulUpdate = &now
+	machine.Expiry = &expiry
+
+	hsdb.notifyStateChange()
+
+	if err := hsdb.db.Save(machine).Error; err != nil {
+		return fmt.Errorf(
+			"failed to refresh machine (update expiration) in the database: %w",
+			err,
+		)
+	}
+
+	return nil
+}
+
+// DeleteMachine softs deletes a Machine from the database.
+func (hsdb *HSDatabase) DeleteMachine(machine *types.Machine) error {
+	err := hsdb.DeleteMachineRoutes(machine)
+	if err != nil {
+		return err
+	}
+
+	if err := hsdb.db.Delete(&machine).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (hsdb *HSDatabase) TouchMachine(machine *types.Machine) error {
+	return hsdb.db.Updates(types.Machine{
+		ID:                   machine.ID,
+		LastSeen:             machine.LastSeen,
+		LastSuccessfulUpdate: machine.LastSuccessfulUpdate,
+	}).Error
+}
+
+// HardDeleteMachine hard deletes a Machine from the database.
+func (hsdb *HSDatabase) HardDeleteMachine(machine *types.Machine) error {
+	err := hsdb.DeleteMachineRoutes(machine)
+	if err != nil {
+		return err
+	}
+
+	if err := hsdb.db.Unscoped().Delete(&machine).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (hsdb *HSDatabase) IsOutdated(machine *types.Machine, lastChange time.Time) bool {
+	if err := hsdb.UpdateMachineFromDatabase(machine); err != nil {
+		// It does not seem meaningful to propagate this error as the end result
+		// will have to be that the machine has to be considered outdated.
+		return true
+	}
+
+	// Get the last update from all headscale users to compare with our nodes
+	// last update.
+	// TODO(kradalby): Only request updates from users where we can talk to nodes
+	// This would mostly be for a bit of performance, and can be calculated based on
+	// ACLs.
+	lastUpdate := machine.CreatedAt
+	if machine.LastSuccessfulUpdate != nil {
+		lastUpdate = *machine.LastSuccessfulUpdate
+	}
+	log.Trace().
+		Caller().
+		Str("machine", machine.Hostname).
+		Time("last_successful_update", lastChange).
+		Time("last_state_change", lastUpdate).
+		Msgf("Checking if %s is missing updates", machine.Hostname)
+
+	return lastUpdate.Before(lastChange)
+}
+
+func (hsdb *HSDatabase) RegisterMachineFromAuthCallback(
+	cache *cache.Cache,
+	nodeKeyStr string,
+	userName string,
+	machineExpiry *time.Time,
+	registrationMethod string,
+) (*types.Machine, error) {
+	nodeKey := key.NodePublic{}
+	err := nodeKey.UnmarshalText([]byte(nodeKeyStr))
+	if err != nil {
+		return nil, err
+	}
+
+	log.Debug().
+		Str("nodeKey", nodeKey.ShortString()).
+		Str("userName", userName).
+		Str("registrationMethod", registrationMethod).
+		Str("expiresAt", fmt.Sprintf("%v", machineExpiry)).
+		Msg("Registering machine from API/CLI or auth callback")
+
+	if machineInterface, ok := cache.Get(util.NodePublicKeyStripPrefix(nodeKey)); ok {
+		if registrationMachine, ok := machineInterface.(types.Machine); ok {
+			user, err := hsdb.GetUser(userName)
+			if err != nil {
+				return nil, fmt.Errorf(
+					"failed to find user in register machine from auth callback, %w",
+					err,
+				)
+			}
+
+			// Registration of expired machine with different user
+			if registrationMachine.ID != 0 &&
+				registrationMachine.UserID != user.ID {
+				return nil, ErrDifferentRegisteredUser
+			}
+
+			registrationMachine.UserID = user.ID
+			registrationMachine.RegisterMethod = registrationMethod
+
+			if machineExpiry != nil {
+				registrationMachine.Expiry = machineExpiry
+			}
+
+			machine, err := hsdb.RegisterMachine(
+				registrationMachine,
+			)
+
+			if err == nil {
+				cache.Delete(nodeKeyStr)
+			}
+
+			return machine, err
+		} else {
+			return nil, ErrCouldNotConvertMachineInterface
+		}
+	}
+
+	return nil, ErrMachineNotFoundRegistrationCache
+}
+
+// RegisterMachine is executed from the CLI to register a new Machine using its MachineKey.
+func (hsdb *HSDatabase) RegisterMachine(machine types.Machine,
+) (*types.Machine, error) {
+	log.Debug().
+		Str("machine", machine.Hostname).
+		Str("machine_key", machine.MachineKey).
+		Str("node_key", machine.NodeKey).
+		Str("user", machine.User.Name).
+		Msg("Registering machine")
+
+	// If the machine exists and we had already IPs for it, we just save it
+	// so we store the machine.Expire and machine.Nodekey that has been set when
+	// adding it to the registrationCache
+	if len(machine.IPAddresses) > 0 {
+		if err := hsdb.db.Save(&machine).Error; err != nil {
+			return nil, fmt.Errorf("failed register existing machine in the database: %w", err)
+		}
+
+		log.Trace().
+			Caller().
+			Str("machine", machine.Hostname).
+			Str("machine_key", machine.MachineKey).
+			Str("node_key", machine.NodeKey).
+			Str("user", machine.User.Name).
+			Msg("Machine authorized again")
+
+		return &machine, nil
+	}
+
+	hsdb.ipAllocationMutex.Lock()
+	defer hsdb.ipAllocationMutex.Unlock()
+
+	ips, err := hsdb.getAvailableIPs()
+	if err != nil {
+		log.Error().
+			Caller().
+			Err(err).
+			Str("machine", machine.Hostname).
+			Msg("Could not find IP for the new machine")
+
+		return nil, err
+	}
+
+	machine.IPAddresses = ips
+
+	if err := hsdb.db.Save(&machine).Error; err != nil {
+		return nil, fmt.Errorf("failed register(save) machine in the database: %w", err)
+	}
+
+	log.Trace().
+		Caller().
+		Str("machine", machine.Hostname).
+		Str("ip", strings.Join(ips.StringSlice(), ",")).
+		Msg("Machine registered with the database")
+
+	return &machine, nil
+}
+
+// MachineSetNodeKey sets the node key of a machine and saves it to the database.
+func (hsdb *HSDatabase) MachineSetNodeKey(machine *types.Machine, nodeKey key.NodePublic) error {
+	machine.NodeKey = util.NodePublicKeyStripPrefix(nodeKey)
+
+	if err := hsdb.db.Save(machine).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MachineSetMachineKey sets the machine key of a machine and saves it to the database.
+func (hsdb *HSDatabase) MachineSetMachineKey(
+	machine *types.Machine,
+	nodeKey key.MachinePublic,
+) error {
+	machine.MachineKey = util.MachinePublicKeyStripPrefix(nodeKey)
+
+	if err := hsdb.db.Save(machine).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MachineSave saves a machine object to the database, prefer to use a specific save method rather
+// than this. It is intended to be used when we are changing or.
+func (hsdb *HSDatabase) MachineSave(machine *types.Machine) error {
+	if err := hsdb.db.Save(machine).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// GetAdvertisedRoutes returns the routes that are be advertised by the given machine.
+func (hsdb *HSDatabase) GetAdvertisedRoutes(machine *types.Machine) ([]netip.Prefix, error) {
+	routes := types.Routes{}
+
+	err := hsdb.db.
+		Preload("Machine").
+		Where("machine_id = ? AND advertised = ?", machine.ID, true).Find(&routes).Error
+	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		log.Error().
+			Caller().
+			Err(err).
+			Str("machine", machine.Hostname).
+			Msg("Could not get advertised routes for machine")
+
+		return nil, err
+	}
+
+	prefixes := []netip.Prefix{}
+	for _, route := range routes {
+		prefixes = append(prefixes, netip.Prefix(route.Prefix))
+	}
+
+	return prefixes, nil
+}
+
+// GetEnabledRoutes returns the routes that are enabled for the machine.
+func (hsdb *HSDatabase) GetEnabledRoutes(machine *types.Machine) ([]netip.Prefix, error) {
+	routes := types.Routes{}
+
+	err := hsdb.db.
+		Preload("Machine").
+		Where("machine_id = ? AND advertised = ? AND enabled = ?", machine.ID, true, true).
+		Find(&routes).Error
+	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
+		log.Error().
+			Caller().
+			Err(err).
+			Str("machine", machine.Hostname).
+			Msg("Could not get enabled routes for machine")
+
+		return nil, err
+	}
+
+	prefixes := []netip.Prefix{}
+	for _, route := range routes {
+		prefixes = append(prefixes, netip.Prefix(route.Prefix))
+	}
+
+	return prefixes, nil
+}
+
+func (hsdb *HSDatabase) IsRoutesEnabled(machine *types.Machine, routeStr string) bool {
+	route, err := netip.ParsePrefix(routeStr)
+	if err != nil {
+		return false
+	}
+
+	enabledRoutes, err := hsdb.GetEnabledRoutes(machine)
+	if err != nil {
+		log.Error().Err(err).Msg("Could not get enabled routes")
+
+		return false
+	}
+
+	for _, enabledRoute := range enabledRoutes {
+		if route == enabledRoute {
+			return true
+		}
+	}
+
+	return false
+}
+
+// enableRoutes enables new routes based on a list of new routes.
+func (hsdb *HSDatabase) enableRoutes(machine *types.Machine, routeStrs ...string) error {
+	newRoutes := make([]netip.Prefix, len(routeStrs))
+	for index, routeStr := range routeStrs {
+		route, err := netip.ParsePrefix(routeStr)
+		if err != nil {
+			return err
+		}
+
+		newRoutes[index] = route
+	}
+
+	advertisedRoutes, err := hsdb.GetAdvertisedRoutes(machine)
+	if err != nil {
+		return err
+	}
+
+	for _, newRoute := range newRoutes {
+		if !util.StringOrPrefixListContains(advertisedRoutes, newRoute) {
+			return fmt.Errorf(
+				"route (%s) is not available on node %s: %w",
+				machine.Hostname,
+				newRoute, ErrMachineRouteIsNotAvailable,
+			)
+		}
+	}
+
+	// Separate loop so we don't leave things in a half-updated state
+	for _, prefix := range newRoutes {
+		route := types.Route{}
+		err := hsdb.db.Preload("Machine").
+			Where("machine_id = ? AND prefix = ?", machine.ID, types.IPPrefix(prefix)).
+			First(&route).Error
+		if err == nil {
+			route.Enabled = true
+
+			// Mark already as primary if there is only this node offering this subnet
+			// (and is not an exit route)
+			if !route.IsExitRoute() {
+				route.IsPrimary = hsdb.isUniquePrefix(route)
+			}
+
+			err = hsdb.db.Save(&route).Error
+			if err != nil {
+				return fmt.Errorf("failed to enable route: %w", err)
+			}
+		} else {
+			return fmt.Errorf("failed to find route: %w", err)
+		}
+	}
+
+	hsdb.notifyStateChange()
+
+	return nil
+}
+
+func (hsdb *HSDatabase) generateGivenName(suppliedName string, randomSuffix bool) (string, error) {
+	normalizedHostname, err := util.NormalizeToFQDNRulesConfigFromViper(
+		suppliedName,
+	)
+	if err != nil {
+		return "", err
+	}
+
+	if randomSuffix {
+		// Trim if a hostname will be longer than 63 chars after adding the hash.
+		trimmedHostnameLength := util.LabelHostnameLength - MachineGivenNameHashLength - MachineGivenNameTrimSize
+		if len(normalizedHostname) > trimmedHostnameLength {
+			normalizedHostname = normalizedHostname[:trimmedHostnameLength]
+		}
+
+		suffix, err := util.GenerateRandomStringDNSSafe(MachineGivenNameHashLength)
+		if err != nil {
+			return "", err
+		}
+
+		normalizedHostname += "-" + suffix
+	}
+
+	return normalizedHostname, nil
+}
+
+func (hsdb *HSDatabase) GenerateGivenName(machineKey string, suppliedName string) (string, error) {
+	givenName, err := hsdb.generateGivenName(suppliedName, false)
+	if err != nil {
+		return "", err
+	}
+
+	// Tailscale rules (may differ) https://tailscale.com/kb/1098/machine-names/
+	machines, err := hsdb.ListMachinesByGivenName(givenName)
+	if err != nil {
+		return "", err
+	}
+
+	for _, machine := range machines {
+		if machine.MachineKey != machineKey && machine.GivenName == givenName {
+			postfixedName, err := hsdb.generateGivenName(suppliedName, true)
+			if err != nil {
+				return "", err
+			}
+
+			givenName = postfixedName
+		}
+	}
+
+	return givenName, nil
+}
+
+func (hsdb *HSDatabase) ExpireEphemeralMachines(inactivityThreshhold time.Duration) {
+	users, err := hsdb.ListUsers()
+	if err != nil {
+		log.Error().Err(err).Msg("Error listing users")
+
+		return
+	}
+
+	for _, user := range users {
+		machines, err := hsdb.ListMachinesByUser(user.Name)
+		if err != nil {
+			log.Error().
+				Err(err).
+				Str("user", user.Name).
+				Msg("Error listing machines in user")
+
+			return
+		}
+
+		expiredFound := false
+		for idx, machine := range machines {
+			if machine.IsEphemeral() && machine.LastSeen != nil &&
+				time.Now().
+					After(machine.LastSeen.Add(inactivityThreshhold)) {
+				expiredFound = true
+				log.Info().
+					Str("machine", machine.Hostname).
+					Msg("Ephemeral client removed from database")
+
+				err = hsdb.HardDeleteMachine(&machines[idx])
+				if err != nil {
+					log.Error().
+						Err(err).
+						Str("machine", machine.Hostname).
+						Msg("🤮 Cannot delete ephemeral machine from the database")
+				}
+			}
+		}
+
+		if expiredFound {
+			hsdb.notifyStateChange()
+		}
+	}
+}
+
+func (hsdb *HSDatabase) ExpireExpiredMachines(lastChange time.Time) {
+	users, err := hsdb.ListUsers()
+	if err != nil {
+		log.Error().Err(err).Msg("Error listing users")
+
+		return
+	}
+
+	for _, user := range users {
+		machines, err := hsdb.ListMachinesByUser(user.Name)
+		if err != nil {
+			log.Error().
+				Err(err).
+				Str("user", user.Name).
+				Msg("Error listing machines in user")
+
+			return
+		}
+
+		expiredFound := false
+		for index, machine := range machines {
+			if machine.IsExpired() &&
+				machine.Expiry.After(lastChange) {
+				expiredFound = true
+
+				err := hsdb.ExpireMachine(&machines[index])
+				if err != nil {
+					log.Error().
+						Err(err).
+						Str("machine", machine.Hostname).
+						Str("name", machine.GivenName).
+						Msg("🤮 Cannot expire machine")
+				} else {
+					log.Info().
+						Str("machine", machine.Hostname).
+						Str("name", machine.GivenName).
+						Msg("Machine successfully expired")
+				}
+			}
+		}
+
+		if expiredFound {
+			hsdb.notifyStateChange()
+		}
+	}
+}

hscontrol/db/machine_test.go

@@ -15,95 +15,101 @@ import (
 	"tailscale.com/types/key"
 )
 
-func (s *Suite) TestGetNode(c *check.C) {
+func (s *Suite) TestGetMachine(c *check.C) {
 	user, err := db.CreateUser("test")
 	c.Assert(err, check.IsNil)
 
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "testnode")
+	_, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.NotNil)
 
-	node := &types.Node{
+	machine := &types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(node)
+	db.db.Save(machine)
 
-	_, err = db.GetNode("test", "testnode")
+	_, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.IsNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
-func (s *Suite) TestGetNodeByID(c *check.C) {
+func (s *Suite) TestGetMachineByID(c *check.C) {
 	user, err := db.CreateUser("test")
 	c.Assert(err, check.IsNil)
 
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNodeByID(0)
+	_, err = db.GetMachineByID(0)
 	c.Assert(err, check.NotNil)
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
-	_, err = db.GetNodeByID(0)
+	_, err = db.GetMachineByID(0)
 	c.Assert(err, check.IsNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
-func (s *Suite) TestGetNodeByNodeKey(c *check.C) {
+func (s *Suite) TestGetMachineByNodeKey(c *check.C) {
 	user, err := db.CreateUser("test")
 	c.Assert(err, check.IsNil)
 
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNodeByID(0)
+	_, err = db.GetMachineByID(0)
 	c.Assert(err, check.NotNil)
 
 	nodeKey := key.NewNode()
 	machineKey := key.NewMachine()
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     util.MachinePublicKeyStripPrefix(machineKey.Public()),
 		NodeKey:        util.NodePublicKeyStripPrefix(nodeKey.Public()),
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
-	_, err = db.GetNodeByNodeKey(nodeKey.Public())
+	_, err = db.GetMachineByNodeKey(nodeKey.Public())
 	c.Assert(err, check.IsNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
-func (s *Suite) TestGetNodeByAnyNodeKey(c *check.C) {
+func (s *Suite) TestGetMachineByAnyNodeKey(c *check.C) {
 	user, err := db.CreateUser("test")
 	c.Assert(err, check.IsNil)
 
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNodeByID(0)
+	_, err = db.GetMachineByID(0)
 	c.Assert(err, check.NotNil)
 
 	nodeKey := key.NewNode()
@@ -111,42 +117,70 @@ func (s *Suite) TestGetNodeByAnyNodeKey(c *check.C) {
 
 	machineKey := key.NewMachine()
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     util.MachinePublicKeyStripPrefix(machineKey.Public()),
 		NodeKey:        util.NodePublicKeyStripPrefix(nodeKey.Public()),
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
-	_, err = db.GetNodeByAnyKey(machineKey.Public(), nodeKey.Public(), oldNodeKey.Public())
+	_, err = db.GetMachineByAnyKey(machineKey.Public(), nodeKey.Public(), oldNodeKey.Public())
 	c.Assert(err, check.IsNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
-func (s *Suite) TestHardDeleteNode(c *check.C) {
+func (s *Suite) TestDeleteMachine(c *check.C) {
 	user, err := db.CreateUser("test")
 	c.Assert(err, check.IsNil)
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode3",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(1),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
-	err = db.DeleteNode(&node)
+	err = db.DeleteMachine(&machine)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode(user.Name, "testnode3")
+	_, err = db.GetMachine(user.Name, "testmachine")
 	c.Assert(err, check.NotNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
+}
+
+func (s *Suite) TestHardDeleteMachine(c *check.C) {
+	user, err := db.CreateUser("test")
+	c.Assert(err, check.IsNil)
+	machine := types.Machine{
+		ID:             0,
+		MachineKey:     "foo",
+		NodeKey:        "bar",
+		DiscoKey:       "faa",
+		Hostname:       "testmachine3",
+		UserID:         user.ID,
+		RegisterMethod: util.RegisterMethodAuthKey,
+		AuthKeyID:      uint(1),
+	}
+	db.db.Save(&machine)
+
+	err = db.HardDeleteMachine(&machine)
+	c.Assert(err, check.IsNil)
+
+	_, err = db.GetMachine(user.Name, "testmachine3")
+	c.Assert(err, check.NotNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (s *Suite) TestListPeers(c *check.C) {
@@ -156,33 +190,35 @@ func (s *Suite) TestListPeers(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNodeByID(0)
+	_, err = db.GetMachineByID(0)
 	c.Assert(err, check.NotNil)
 
 	for index := 0; index <= 10; index++ {
-		node := types.Node{
+		machine := types.Machine{
 			ID:             uint64(index),
 			MachineKey:     "foo" + strconv.Itoa(index),
 			NodeKey:        "bar" + strconv.Itoa(index),
 			DiscoKey:       "faa" + strconv.Itoa(index),
-			Hostname:       "testnode" + strconv.Itoa(index),
+			Hostname:       "testmachine" + strconv.Itoa(index),
 			UserID:         user.ID,
 			RegisterMethod: util.RegisterMethodAuthKey,
 			AuthKeyID:      uint(pak.ID),
 		}
-		db.db.Save(&node)
+		db.db.Save(&machine)
 	}
 
-	node0ByID, err := db.GetNodeByID(0)
+	machine0ByID, err := db.GetMachineByID(0)
 	c.Assert(err, check.IsNil)
 
-	peersOfNode0, err := db.ListPeers(node0ByID)
+	peersOfMachine0, err := db.ListPeers(machine0ByID)
 	c.Assert(err, check.IsNil)
 
-	c.Assert(len(peersOfNode0), check.Equals, 9)
-	c.Assert(peersOfNode0[0].Hostname, check.Equals, "testnode2")
-	c.Assert(peersOfNode0[5].Hostname, check.Equals, "testnode7")
-	c.Assert(peersOfNode0[8].Hostname, check.Equals, "testnode10")
+	c.Assert(len(peersOfMachine0), check.Equals, 9)
+	c.Assert(peersOfMachine0[0].Hostname, check.Equals, "testmachine2")
+	c.Assert(peersOfMachine0[5].Hostname, check.Equals, "testmachine7")
+	c.Assert(peersOfMachine0[8].Hostname, check.Equals, "testmachine10")
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
@@ -201,24 +237,24 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
 		stor = append(stor, base{user, pak})
 	}
 
-	_, err := db.GetNodeByID(0)
+	_, err := db.GetMachineByID(0)
 	c.Assert(err, check.NotNil)
 
 	for index := 0; index <= 10; index++ {
-		node := types.Node{
+		machine := types.Machine{
 			ID:         uint64(index),
 			MachineKey: "foo" + strconv.Itoa(index),
 			NodeKey:    "bar" + strconv.Itoa(index),
 			DiscoKey:   "faa" + strconv.Itoa(index),
-			IPAddresses: types.NodeAddresses{
+			IPAddresses: types.MachineAddresses{
 				netip.MustParseAddr(fmt.Sprintf("100.64.0.%v", strconv.Itoa(index+1))),
 			},
-			Hostname:       "testnode" + strconv.Itoa(index),
+			Hostname:       "testmachine" + strconv.Itoa(index),
 			UserID:         stor[index%2].user.ID,
 			RegisterMethod: util.RegisterMethodAuthKey,
 			AuthKeyID:      uint(stor[index%2].key.ID),
 		}
-		db.db.Save(&node)
+		db.db.Save(&machine)
 	}
 
 	aclPolicy := &policy.ACLPolicy{
@@ -242,80 +278,83 @@ func (s *Suite) TestGetACLFilteredPeers(c *check.C) {
 		Tests: []policy.ACLTest{},
 	}
 
-	adminNode, err := db.GetNodeByID(1)
-	c.Logf("Node(%v), user: %v", adminNode.Hostname, adminNode.User)
+	adminMachine, err := db.GetMachineByID(1)
+	c.Logf("Machine(%v), user: %v", adminMachine.Hostname, adminMachine.User)
 	c.Assert(err, check.IsNil)
 
-	testNode, err := db.GetNodeByID(2)
-	c.Logf("Node(%v), user: %v", testNode.Hostname, testNode.User)
+	testMachine, err := db.GetMachineByID(2)
+	c.Logf("Machine(%v), user: %v", testMachine.Hostname, testMachine.User)
 	c.Assert(err, check.IsNil)
 
-	adminPeers, err := db.ListPeers(adminNode)
+	adminPeers, err := db.ListPeers(adminMachine)
 	c.Assert(err, check.IsNil)
 
-	testPeers, err := db.ListPeers(testNode)
+	testPeers, err := db.ListPeers(testMachine)
 	c.Assert(err, check.IsNil)
 
-	adminRules, _, err := policy.GenerateFilterAndSSHRules(aclPolicy, adminNode, adminPeers)
+	adminRules, _, err := policy.GenerateFilterAndSSHRules(aclPolicy, adminMachine, adminPeers)
 	c.Assert(err, check.IsNil)
 
-	testRules, _, err := policy.GenerateFilterAndSSHRules(aclPolicy, testNode, testPeers)
+	testRules, _, err := policy.GenerateFilterAndSSHRules(aclPolicy, testMachine, testPeers)
 	c.Assert(err, check.IsNil)
 
-	peersOfAdminNode := policy.FilterNodesByACL(adminNode, adminPeers, adminRules)
-	peersOfTestNode := policy.FilterNodesByACL(testNode, testPeers, testRules)
+	peersOfAdminMachine := policy.FilterMachinesByACL(adminMachine, adminPeers, adminRules)
+	peersOfTestMachine := policy.FilterMachinesByACL(testMachine, testPeers, testRules)
 
-	c.Log(peersOfTestNode)
-	c.Assert(len(peersOfTestNode), check.Equals, 9)
-	c.Assert(peersOfTestNode[0].Hostname, check.Equals, "testnode1")
-	c.Assert(peersOfTestNode[1].Hostname, check.Equals, "testnode3")
-	c.Assert(peersOfTestNode[3].Hostname, check.Equals, "testnode5")
+	c.Log(peersOfTestMachine)
+	c.Assert(len(peersOfTestMachine), check.Equals, 9)
+	c.Assert(peersOfTestMachine[0].Hostname, check.Equals, "testmachine1")
+	c.Assert(peersOfTestMachine[1].Hostname, check.Equals, "testmachine3")
+	c.Assert(peersOfTestMachine[3].Hostname, check.Equals, "testmachine5")
 
-	c.Log(peersOfAdminNode)
-	c.Assert(len(peersOfAdminNode), check.Equals, 9)
-	c.Assert(peersOfAdminNode[0].Hostname, check.Equals, "testnode2")
-	c.Assert(peersOfAdminNode[2].Hostname, check.Equals, "testnode4")
-	c.Assert(peersOfAdminNode[5].Hostname, check.Equals, "testnode7")
+	c.Log(peersOfAdminMachine)
+	c.Assert(len(peersOfAdminMachine), check.Equals, 9)
+	c.Assert(peersOfAdminMachine[0].Hostname, check.Equals, "testmachine2")
+	c.Assert(peersOfAdminMachine[2].Hostname, check.Equals, "testmachine4")
+	c.Assert(peersOfAdminMachine[5].Hostname, check.Equals, "testmachine7")
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
-func (s *Suite) TestExpireNode(c *check.C) {
+func (s *Suite) TestExpireMachine(c *check.C) {
 	user, err := db.CreateUser("test")
 	c.Assert(err, check.IsNil)
 
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "testnode")
+	_, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.NotNil)
 
-	node := &types.Node{
+	machine := &types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		Expiry:         &time.Time{},
 	}
-	db.db.Save(node)
+	db.db.Save(machine)
 
-	nodeFromDB, err := db.GetNode("test", "testnode")
+	machineFromDB, err := db.GetMachine("test", "testmachine")
 	c.Assert(err, check.IsNil)
-	c.Assert(nodeFromDB, check.NotNil)
+	c.Assert(machineFromDB, check.NotNil)
 
-	c.Assert(nodeFromDB.IsExpired(), check.Equals, false)
+	c.Assert(machineFromDB.IsExpired(), check.Equals, false)
 
-	now := time.Now()
-	err = db.NodeSetExpiry(nodeFromDB, now)
+	err = db.ExpireMachine(machineFromDB)
 	c.Assert(err, check.IsNil)
 
-	c.Assert(nodeFromDB.IsExpired(), check.Equals, true)
+	c.Assert(machineFromDB.IsExpired(), check.Equals, true)
+
+	c.Assert(channelUpdates, check.Equals, int32(1))
 }
 
 func (s *Suite) TestSerdeAddressStrignSlice(c *check.C) {
-	input := types.NodeAddresses([]netip.Addr{
+	input := types.MachineAddresses([]netip.Addr{
 		netip.MustParseAddr("192.0.2.1"),
 		netip.MustParseAddr("2001:db8::1"),
 	})
@@ -325,7 +364,7 @@ func (s *Suite) TestSerdeAddressStrignSlice(c *check.C) {
 		c.Assert(serial, check.Equals, "192.0.2.1,2001:db8::1")
 	}
 
-	var deserialized types.NodeAddresses
+	var deserialized types.MachineAddresses
 	err = deserialized.Scan(serialized)
 	c.Assert(err, check.IsNil)
 
@@ -333,6 +372,8 @@ func (s *Suite) TestSerdeAddressStrignSlice(c *check.C) {
 	for i := range deserialized {
 		c.Assert(deserialized[i], check.Equals, input[i])
 	}
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (s *Suite) TestGenerateGivenName(c *check.C) {
@@ -342,12 +383,12 @@ func (s *Suite) TestGenerateGivenName(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user1.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("user-1", "testnode")
+	_, err = db.GetMachine("user-1", "testmachine")
 	c.Assert(err, check.NotNil)
 
-	node := &types.Node{
+	machine := &types.Machine{
 		ID:             0,
-		MachineKey:     "node-key-1",
+		MachineKey:     "machine-key-1",
 		NodeKey:        "node-key-1",
 		DiscoKey:       "disco-key-1",
 		Hostname:       "hostname-1",
@@ -356,27 +397,29 @@ func (s *Suite) TestGenerateGivenName(c *check.C) {
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(node)
+	db.db.Save(machine)
 
-	givenName, err := db.GenerateGivenName("node-key-2", "hostname-2")
-	comment := check.Commentf("Same user, unique nodes, unique hostnames, no conflict")
+	givenName, err := db.GenerateGivenName("machine-key-2", "hostname-2")
+	comment := check.Commentf("Same user, unique machines, unique hostnames, no conflict")
 	c.Assert(err, check.IsNil, comment)
 	c.Assert(givenName, check.Equals, "hostname-2", comment)
 
-	givenName, err = db.GenerateGivenName("node-key-1", "hostname-1")
-	comment = check.Commentf("Same user, same node, same hostname, no conflict")
+	givenName, err = db.GenerateGivenName("machine-key-1", "hostname-1")
+	comment = check.Commentf("Same user, same machine, same hostname, no conflict")
 	c.Assert(err, check.IsNil, comment)
 	c.Assert(givenName, check.Equals, "hostname-1", comment)
 
-	givenName, err = db.GenerateGivenName("node-key-2", "hostname-1")
-	comment = check.Commentf("Same user, unique nodes, same hostname, conflict")
+	givenName, err = db.GenerateGivenName("machine-key-2", "hostname-1")
+	comment = check.Commentf("Same user, unique machines, same hostname, conflict")
 	c.Assert(err, check.IsNil, comment)
-	c.Assert(givenName, check.Matches, fmt.Sprintf("^hostname-1-[a-z0-9]{%d}$", NodeGivenNameHashLength), comment)
+	c.Assert(givenName, check.Matches, fmt.Sprintf("^hostname-1-[a-z0-9]{%d}$", MachineGivenNameHashLength), comment)
 
-	givenName, err = db.GenerateGivenName("node-key-2", "hostname-1")
-	comment = check.Commentf("Unique users, unique nodes, same hostname, conflict")
+	givenName, err = db.GenerateGivenName("machine-key-2", "hostname-1")
+	comment = check.Commentf("Unique users, unique machines, same hostname, conflict")
 	c.Assert(err, check.IsNil, comment)
-	c.Assert(givenName, check.Matches, fmt.Sprintf("^hostname-1-[a-z0-9]{%d}$", NodeGivenNameHashLength), comment)
+	c.Assert(givenName, check.Matches, fmt.Sprintf("^hostname-1-[a-z0-9]{%d}$", MachineGivenNameHashLength), comment)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (s *Suite) TestSetTags(c *check.C) {
@@ -386,40 +429,42 @@ func (s *Suite) TestSetTags(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "testnode")
+	_, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.NotNil)
 
-	node := &types.Node{
+	machine := &types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(node)
+	db.db.Save(machine)
 
 	// assign simple tags
 	sTags := []string{"tag:test", "tag:foo"}
-	err = db.SetTags(node, sTags)
+	err = db.SetTags(machine, sTags)
 	c.Assert(err, check.IsNil)
-	node, err = db.GetNode("test", "testnode")
+	machine, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.IsNil)
-	c.Assert(node.ForcedTags, check.DeepEquals, types.StringList(sTags))
+	c.Assert(machine.ForcedTags, check.DeepEquals, types.StringList(sTags))
 
 	// assign duplicat tags, expect no errors but no doubles in DB
 	eTags := []string{"tag:bar", "tag:test", "tag:unknown", "tag:test"}
-	err = db.SetTags(node, eTags)
+	err = db.SetTags(machine, eTags)
 	c.Assert(err, check.IsNil)
-	node, err = db.GetNode("test", "testnode")
+	machine, err = db.GetMachine("test", "testmachine")
 	c.Assert(err, check.IsNil)
 	c.Assert(
-		node.ForcedTags,
+		machine.ForcedTags,
 		check.DeepEquals,
 		types.StringList([]string{"tag:bar", "tag:test", "tag:unknown"}),
 	)
+
+	c.Assert(channelUpdates, check.Equals, int32(2))
 }
 
 func TestHeadscale_generateGivenName(t *testing.T) {
@@ -429,21 +474,24 @@ func TestHeadscale_generateGivenName(t *testing.T) {
 	}
 	tests := []struct {
 		name    string
+		db      *HSDatabase
 		args    args
 		want    *regexp.Regexp
 		wantErr bool
 	}{
 		{
-			name: "simple node name generation",
+			name: "simple machine name generation",
+			db:   &HSDatabase{},
 			args: args{
-				suppliedName: "testnode",
+				suppliedName: "testmachine",
 				randomSuffix: false,
 			},
-			want:    regexp.MustCompile("^testnode$"),
+			want:    regexp.MustCompile("^testmachine$"),
 			wantErr: false,
 		},
 		{
-			name: "node name with 53 chars",
+			name: "machine name with 53 chars",
+			db:   &HSDatabase{},
 			args: args{
 				suppliedName: "testmaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaachine",
 				randomSuffix: false,
@@ -452,54 +500,59 @@ func TestHeadscale_generateGivenName(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "node name with 63 chars",
+			name: "machine name with 63 chars",
+			db:   &HSDatabase{},
 			args: args{
-				suppliedName: "nodeeeeeee12345678901234567890123456789012345678901234567890123",
+				suppliedName: "machineeee12345678901234567890123456789012345678901234567890123",
 				randomSuffix: false,
 			},
-			want:    regexp.MustCompile("^nodeeeeeee12345678901234567890123456789012345678901234567890123$"),
+			want:    regexp.MustCompile("^machineeee12345678901234567890123456789012345678901234567890123$"),
 			wantErr: false,
 		},
 		{
-			name: "node name with 64 chars",
+			name: "machine name with 64 chars",
+			db:   &HSDatabase{},
 			args: args{
-				suppliedName: "nodeeeeeee123456789012345678901234567890123456789012345678901234",
+				suppliedName: "machineeee123456789012345678901234567890123456789012345678901234",
 				randomSuffix: false,
 			},
 			want:    nil,
 			wantErr: true,
 		},
 		{
-			name: "node name with 73 chars",
+			name: "machine name with 73 chars",
+			db:   &HSDatabase{},
 			args: args{
-				suppliedName: "nodeeeeeee123456789012345678901234567890123456789012345678901234567890123",
+				suppliedName: "machineeee123456789012345678901234567890123456789012345678901234567890123",
 				randomSuffix: false,
 			},
 			want:    nil,
 			wantErr: true,
 		},
 		{
-			name: "node name with random suffix",
+			name: "machine name with random suffix",
+			db:   &HSDatabase{},
 			args: args{
 				suppliedName: "test",
 				randomSuffix: true,
 			},
-			want:    regexp.MustCompile(fmt.Sprintf("^test-[a-z0-9]{%d}$", NodeGivenNameHashLength)),
+			want:    regexp.MustCompile(fmt.Sprintf("^test-[a-z0-9]{%d}$", MachineGivenNameHashLength)),
 			wantErr: false,
 		},
 		{
-			name: "node name with 63 chars with random suffix",
+			name: "machine name with 63 chars with random suffix",
+			db:   &HSDatabase{},
 			args: args{
-				suppliedName: "nodeeee12345678901234567890123456789012345678901234567890123",
+				suppliedName: "machineeee12345678901234567890123456789012345678901234567890123",
 				randomSuffix: true,
 			},
-			want:    regexp.MustCompile(fmt.Sprintf("^nodeeee1234567890123456789012345678901234567890123456-[a-z0-9]{%d}$", NodeGivenNameHashLength)),
+			want:    regexp.MustCompile(fmt.Sprintf("^machineeee1234567890123456789012345678901234567890123-[a-z0-9]{%d}$", MachineGivenNameHashLength)),
 			wantErr: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := generateGivenName(tt.args.suppliedName, tt.args.randomSuffix)
+			got, err := tt.db.generateGivenName(tt.args.suppliedName, tt.args.randomSuffix)
 			if (err != nil) != tt.wantErr {
 				t.Errorf(
 					"Headscale.GenerateGivenName() error = %v, wantErr %v",
@@ -572,7 +625,7 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) {
 	// Check if a subprefix of an autoapproved route is approved
 	route2 := netip.MustParsePrefix("10.11.0.0/24")
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        util.NodePublicKeyStripPrefix(nodeKey.Public()),
@@ -588,18 +641,20 @@ func (s *Suite) TestAutoApproveRoutes(c *check.C) {
 		IPAddresses: []netip.Addr{netip.MustParseAddr("100.64.0.1")},
 	}
 
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
-	err = db.SaveNodeRoutes(&node)
+	err = db.ProcessMachineRoutes(&machine)
 	c.Assert(err, check.IsNil)
 
-	node0ByID, err := db.GetNodeByID(0)
+	machine0ByID, err := db.GetMachineByID(0)
 	c.Assert(err, check.IsNil)
 
-	err = db.EnableAutoApprovedRoutes(pol, node0ByID)
+	err = db.EnableAutoApprovedRoutes(pol, machine0ByID)
 	c.Assert(err, check.IsNil)
 
-	enabledRoutes, err := db.GetEnabledRoutes(node0ByID)
+	enabledRoutes, err := db.GetEnabledRoutes(machine0ByID)
 	c.Assert(err, check.IsNil)
 	c.Assert(enabledRoutes, check.HasLen, 4)
+
+	c.Assert(channelUpdates, check.Equals, int32(4))
 }

hscontrol/db/node.go

@@ -1,877 +0,0 @@
-package db
-
-import (
-	"errors"
-	"fmt"
-	"net/netip"
-	"sort"
-	"strings"
-	"time"
-
-	"github.com/juanfont/headscale/hscontrol/types"
-	"github.com/juanfont/headscale/hscontrol/util"
-	"github.com/patrickmn/go-cache"
-	"github.com/rs/zerolog/log"
-	"gorm.io/gorm"
-	"tailscale.com/tailcfg"
-	"tailscale.com/types/key"
-)
-
-const (
-	NodeGivenNameHashLength = 8
-	NodeGivenNameTrimSize   = 2
-)
-
-var (
-	ErrNodeNotFound                  = errors.New("node not found")
-	ErrNodeRouteIsNotAvailable       = errors.New("route is not available on node")
-	ErrNodeNotFoundRegistrationCache = errors.New(
-		"node not found in registration cache",
-	)
-	ErrCouldNotConvertNodeInterface = errors.New("failed to convert node interface")
-	ErrDifferentRegisteredUser      = errors.New(
-		"node was previously registered with a different user",
-	)
-)
-
-// ListPeers returns all peers of node, regardless of any Policy or if the node is expired.
-func (hsdb *HSDatabase) ListPeers(node *types.Node) (types.Nodes, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.listPeers(node)
-}
-
-func (hsdb *HSDatabase) listPeers(node *types.Node) (types.Nodes, error) {
-	log.Trace().
-		Caller().
-		Str("node", node.Hostname).
-		Msg("Finding direct peers")
-
-	nodes := types.Nodes{}
-	if err := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		Where("node_key <> ?",
-			node.NodeKey).Find(&nodes).Error; err != nil {
-		return types.Nodes{}, err
-	}
-
-	sort.Slice(nodes, func(i, j int) bool { return nodes[i].ID < nodes[j].ID })
-
-	log.Trace().
-		Caller().
-		Str("node", node.Hostname).
-		Msgf("Found peers: %s", nodes.String())
-
-	return nodes, nil
-}
-
-func (hsdb *HSDatabase) ListNodes() ([]types.Node, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.listNodes()
-}
-
-func (hsdb *HSDatabase) listNodes() ([]types.Node, error) {
-	nodes := []types.Node{}
-	if err := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		Find(&nodes).Error; err != nil {
-		return nil, err
-	}
-
-	return nodes, nil
-}
-
-func (hsdb *HSDatabase) ListNodesByGivenName(givenName string) (types.Nodes, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.listNodesByGivenName(givenName)
-}
-
-func (hsdb *HSDatabase) listNodesByGivenName(givenName string) (types.Nodes, error) {
-	nodes := types.Nodes{}
-	if err := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		Where("given_name = ?", givenName).Find(&nodes).Error; err != nil {
-		return nil, err
-	}
-
-	return nodes, nil
-}
-
-// GetNode finds a Node by name and user and returns the Node struct.
-func (hsdb *HSDatabase) GetNode(user string, name string) (*types.Node, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	nodes, err := hsdb.ListNodesByUser(user)
-	if err != nil {
-		return nil, err
-	}
-
-	for _, m := range nodes {
-		if m.Hostname == name {
-			return m, nil
-		}
-	}
-
-	return nil, ErrNodeNotFound
-}
-
-// GetNodeByGivenName finds a Node by given name and user and returns the Node struct.
-func (hsdb *HSDatabase) GetNodeByGivenName(
-	user string,
-	givenName string,
-) (*types.Node, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	node := types.Node{}
-	if err := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		Where("given_name = ?", givenName).First(&node).Error; err != nil {
-		return nil, err
-	}
-
-	return nil, ErrNodeNotFound
-}
-
-// GetNodeByID finds a Node by ID and returns the Node struct.
-func (hsdb *HSDatabase) GetNodeByID(id uint64) (*types.Node, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	mach := types.Node{}
-	if result := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		Find(&types.Node{ID: id}).First(&mach); result.Error != nil {
-		return nil, result.Error
-	}
-
-	return &mach, nil
-}
-
-// GetNodeByMachineKey finds a Node by its MachineKey and returns the Node struct.
-func (hsdb *HSDatabase) GetNodeByMachineKey(
-	machineKey key.MachinePublic,
-) (*types.Node, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	mach := types.Node{}
-	if result := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		First(&mach, "machine_key = ?", util.MachinePublicKeyStripPrefix(machineKey)); result.Error != nil {
-		return nil, result.Error
-	}
-
-	return &mach, nil
-}
-
-// GetNodeByNodeKey finds a Node by its current NodeKey.
-func (hsdb *HSDatabase) GetNodeByNodeKey(
-	nodeKey key.NodePublic,
-) (*types.Node, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	node := types.Node{}
-	if result := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		First(&node, "node_key = ?",
-			util.NodePublicKeyStripPrefix(nodeKey)); result.Error != nil {
-		return nil, result.Error
-	}
-
-	return &node, nil
-}
-
-// GetNodeByAnyKey finds a Node by its MachineKey, its current NodeKey or the old one, and returns the Node struct.
-func (hsdb *HSDatabase) GetNodeByAnyKey(
-	machineKey key.MachinePublic, nodeKey key.NodePublic, oldNodeKey key.NodePublic,
-) (*types.Node, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	node := types.Node{}
-	if result := hsdb.db.
-		Preload("AuthKey").
-		Preload("AuthKey.User").
-		Preload("User").
-		Preload("Routes").
-		First(&node, "machine_key = ? OR node_key = ? OR node_key = ?",
-			util.MachinePublicKeyStripPrefix(machineKey),
-			util.NodePublicKeyStripPrefix(nodeKey),
-			util.NodePublicKeyStripPrefix(oldNodeKey)); result.Error != nil {
-		return nil, result.Error
-	}
-
-	return &node, nil
-}
-
-func (hsdb *HSDatabase) NodeReloadFromDatabase(node *types.Node) error {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	if result := hsdb.db.Find(node).First(&node); result.Error != nil {
-		return result.Error
-	}
-
-	return nil
-}
-
-// SetTags takes a Node struct pointer and update the forced tags.
-func (hsdb *HSDatabase) SetTags(
-	node *types.Node,
-	tags []string,
-) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	newTags := []string{}
-	for _, tag := range tags {
-		if !util.StringOrPrefixListContains(newTags, tag) {
-			newTags = append(newTags, tag)
-		}
-	}
-
-	if err := hsdb.db.Model(node).Updates(types.Node{
-		ForcedTags: newTags,
-	}).Error; err != nil {
-		return fmt.Errorf("failed to update tags for node in the database: %w", err)
-	}
-
-	hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
-		Type:    types.StatePeerChanged,
-		Changed: types.Nodes{node},
-	}, node.MachineKey)
-
-	return nil
-}
-
-// RenameNode takes a Node struct and a new GivenName for the nodes
-// and renames it.
-func (hsdb *HSDatabase) RenameNode(node *types.Node, newName string) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	err := util.CheckForFQDNRules(
-		newName,
-	)
-	if err != nil {
-		log.Error().
-			Caller().
-			Str("func", "RenameNode").
-			Str("node", node.Hostname).
-			Str("newName", newName).
-			Err(err).
-			Msg("failed to rename node")
-
-		return err
-	}
-	node.GivenName = newName
-
-	if err := hsdb.db.Model(node).Updates(types.Node{
-		GivenName: newName,
-	}).Error; err != nil {
-		return fmt.Errorf("failed to rename node in the database: %w", err)
-	}
-
-	hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
-		Type:    types.StatePeerChanged,
-		Changed: types.Nodes{node},
-	}, node.MachineKey)
-
-	return nil
-}
-
-// NodeSetExpiry takes a Node struct and  a new expiry time.
-func (hsdb *HSDatabase) NodeSetExpiry(node *types.Node, expiry time.Time) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	return hsdb.nodeSetExpiry(node, expiry)
-}
-
-func (hsdb *HSDatabase) nodeSetExpiry(node *types.Node, expiry time.Time) error {
-	if err := hsdb.db.Model(node).Updates(types.Node{
-		Expiry: &expiry,
-	}).Error; err != nil {
-		return fmt.Errorf(
-			"failed to refresh node (update expiration) in the database: %w",
-			err,
-		)
-	}
-
-	hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
-		Type:    types.StatePeerChanged,
-		Changed: types.Nodes{node},
-	}, node.MachineKey)
-
-	return nil
-}
-
-// DeleteNode deletes a Node from the database.
-func (hsdb *HSDatabase) DeleteNode(node *types.Node) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	return hsdb.deleteNode(node)
-}
-
-func (hsdb *HSDatabase) deleteNode(node *types.Node) error {
-	err := hsdb.deleteNodeRoutes(node)
-	if err != nil {
-		return err
-	}
-
-	// Unscoped causes the node to be fully removed from the database.
-	if err := hsdb.db.Unscoped().Delete(&node).Error; err != nil {
-		return err
-	}
-
-	hsdb.notifier.NotifyAll(types.StateUpdate{
-		Type:    types.StatePeerRemoved,
-		Removed: []tailcfg.NodeID{tailcfg.NodeID(node.ID)},
-	})
-
-	return nil
-}
-
-// UpdateLastSeen sets a node's last seen field indicating that we
-// have recently communicating with this node.
-// This is mostly used to indicate if a node is online and is not
-// extremely important to make sure is fully correct and to avoid
-// holding up the hot path, does not contain any locks and isnt
-// concurrency safe. But that should be ok.
-func (hsdb *HSDatabase) UpdateLastSeen(node *types.Node) error {
-	return hsdb.db.Model(node).Updates(types.Node{
-		LastSeen: node.LastSeen,
-	}).Error
-}
-
-func (hsdb *HSDatabase) RegisterNodeFromAuthCallback(
-	cache *cache.Cache,
-	nodeKeyStr string,
-	userName string,
-	nodeExpiry *time.Time,
-	registrationMethod string,
-) (*types.Node, error) {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	nodeKey := key.NodePublic{}
-	err := nodeKey.UnmarshalText([]byte(nodeKeyStr))
-	if err != nil {
-		return nil, err
-	}
-
-	log.Debug().
-		Str("nodeKey", nodeKey.ShortString()).
-		Str("userName", userName).
-		Str("registrationMethod", registrationMethod).
-		Str("expiresAt", fmt.Sprintf("%v", nodeExpiry)).
-		Msg("Registering node from API/CLI or auth callback")
-
-	if nodeInterface, ok := cache.Get(util.NodePublicKeyStripPrefix(nodeKey)); ok {
-		if registrationNode, ok := nodeInterface.(types.Node); ok {
-			user, err := hsdb.getUser(userName)
-			if err != nil {
-				return nil, fmt.Errorf(
-					"failed to find user in register node from auth callback, %w",
-					err,
-				)
-			}
-
-			// Registration of expired node with different user
-			if registrationNode.ID != 0 &&
-				registrationNode.UserID != user.ID {
-				return nil, ErrDifferentRegisteredUser
-			}
-
-			registrationNode.UserID = user.ID
-			registrationNode.RegisterMethod = registrationMethod
-
-			if nodeExpiry != nil {
-				registrationNode.Expiry = nodeExpiry
-			}
-
-			node, err := hsdb.registerNode(
-				registrationNode,
-			)
-
-			if err == nil {
-				cache.Delete(nodeKeyStr)
-			}
-
-			return node, err
-		} else {
-			return nil, ErrCouldNotConvertNodeInterface
-		}
-	}
-
-	return nil, ErrNodeNotFoundRegistrationCache
-}
-
-// RegisterNode is executed from the CLI to register a new Node using its MachineKey.
-func (hsdb *HSDatabase) RegisterNode(node types.Node) (*types.Node, error) {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	return hsdb.registerNode(node)
-}
-
-func (hsdb *HSDatabase) registerNode(node types.Node) (*types.Node, error) {
-	log.Debug().
-		Str("node", node.Hostname).
-		Str("machine_key", node.MachineKey).
-		Str("node_key", node.NodeKey).
-		Str("user", node.User.Name).
-		Msg("Registering node")
-
-	// If the node exists and we had already IPs for it, we just save it
-	// so we store the node.Expire and node.Nodekey that has been set when
-	// adding it to the registrationCache
-	if len(node.IPAddresses) > 0 {
-		if err := hsdb.db.Save(&node).Error; err != nil {
-			return nil, fmt.Errorf("failed register existing node in the database: %w", err)
-		}
-
-		log.Trace().
-			Caller().
-			Str("node", node.Hostname).
-			Str("machine_key", node.MachineKey).
-			Str("node_key", node.NodeKey).
-			Str("user", node.User.Name).
-			Msg("Node authorized again")
-
-		return &node, nil
-	}
-
-	hsdb.ipAllocationMutex.Lock()
-	defer hsdb.ipAllocationMutex.Unlock()
-
-	ips, err := hsdb.getAvailableIPs()
-	if err != nil {
-		log.Error().
-			Caller().
-			Err(err).
-			Str("node", node.Hostname).
-			Msg("Could not find IP for the new node")
-
-		return nil, err
-	}
-
-	node.IPAddresses = ips
-
-	if err := hsdb.db.Save(&node).Error; err != nil {
-		return nil, fmt.Errorf("failed register(save) node in the database: %w", err)
-	}
-
-	log.Trace().
-		Caller().
-		Str("node", node.Hostname).
-		Str("ip", strings.Join(ips.StringSlice(), ",")).
-		Msg("Node registered with the database")
-
-	return &node, nil
-}
-
-// NodeSetNodeKey sets the node key of a node and saves it to the database.
-func (hsdb *HSDatabase) NodeSetNodeKey(node *types.Node, nodeKey key.NodePublic) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	if err := hsdb.db.Model(node).Updates(types.Node{
-		NodeKey: util.NodePublicKeyStripPrefix(nodeKey),
-	}).Error; err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// NodeSetMachineKey sets the node key of a node and saves it to the database.
-func (hsdb *HSDatabase) NodeSetMachineKey(
-	node *types.Node,
-	machineKey key.MachinePublic,
-) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	if err := hsdb.db.Model(node).Updates(types.Node{
-		MachineKey: util.MachinePublicKeyStripPrefix(machineKey),
-	}).Error; err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// NodeSave saves a node object to the database, prefer to use a specific save method rather
-// than this. It is intended to be used when we are changing or.
-func (hsdb *HSDatabase) NodeSave(node *types.Node) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	if err := hsdb.db.Save(node).Error; err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// GetAdvertisedRoutes returns the routes that are be advertised by the given node.
-func (hsdb *HSDatabase) GetAdvertisedRoutes(node *types.Node) ([]netip.Prefix, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.getAdvertisedRoutes(node)
-}
-
-func (hsdb *HSDatabase) getAdvertisedRoutes(node *types.Node) ([]netip.Prefix, error) {
-	routes := types.Routes{}
-
-	err := hsdb.db.
-		Preload("Node").
-		Where("node_id = ? AND advertised = ?", node.ID, true).Find(&routes).Error
-	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
-		log.Error().
-			Caller().
-			Err(err).
-			Str("node", node.Hostname).
-			Msg("Could not get advertised routes for node")
-
-		return nil, err
-	}
-
-	prefixes := []netip.Prefix{}
-	for _, route := range routes {
-		prefixes = append(prefixes, netip.Prefix(route.Prefix))
-	}
-
-	return prefixes, nil
-}
-
-// GetEnabledRoutes returns the routes that are enabled for the node.
-func (hsdb *HSDatabase) GetEnabledRoutes(node *types.Node) ([]netip.Prefix, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.getEnabledRoutes(node)
-}
-
-func (hsdb *HSDatabase) getEnabledRoutes(node *types.Node) ([]netip.Prefix, error) {
-	routes := types.Routes{}
-
-	err := hsdb.db.
-		Preload("Node").
-		Where("node_id = ? AND advertised = ? AND enabled = ?", node.ID, true, true).
-		Find(&routes).Error
-	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
-		log.Error().
-			Caller().
-			Err(err).
-			Str("node", node.Hostname).
-			Msg("Could not get enabled routes for node")
-
-		return nil, err
-	}
-
-	prefixes := []netip.Prefix{}
-	for _, route := range routes {
-		prefixes = append(prefixes, netip.Prefix(route.Prefix))
-	}
-
-	return prefixes, nil
-}
-
-func (hsdb *HSDatabase) IsRoutesEnabled(node *types.Node, routeStr string) bool {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	route, err := netip.ParsePrefix(routeStr)
-	if err != nil {
-		return false
-	}
-
-	enabledRoutes, err := hsdb.getEnabledRoutes(node)
-	if err != nil {
-		log.Error().Err(err).Msg("Could not get enabled routes")
-
-		return false
-	}
-
-	for _, enabledRoute := range enabledRoutes {
-		if route == enabledRoute {
-			return true
-		}
-	}
-
-	return false
-}
-
-func (hsdb *HSDatabase) ListOnlineNodes(
-	node *types.Node,
-) (map[tailcfg.NodeID]bool, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	peers, err := hsdb.listPeers(node)
-	if err != nil {
-		return nil, err
-	}
-
-	return peers.OnlineNodeMap(), nil
-}
-
-// enableRoutes enables new routes based on a list of new routes.
-func (hsdb *HSDatabase) enableRoutes(node *types.Node, routeStrs ...string) error {
-	newRoutes := make([]netip.Prefix, len(routeStrs))
-	for index, routeStr := range routeStrs {
-		route, err := netip.ParsePrefix(routeStr)
-		if err != nil {
-			return err
-		}
-
-		newRoutes[index] = route
-	}
-
-	advertisedRoutes, err := hsdb.getAdvertisedRoutes(node)
-	if err != nil {
-		return err
-	}
-
-	for _, newRoute := range newRoutes {
-		if !util.StringOrPrefixListContains(advertisedRoutes, newRoute) {
-			return fmt.Errorf(
-				"route (%s) is not available on node %s: %w",
-				node.Hostname,
-				newRoute, ErrNodeRouteIsNotAvailable,
-			)
-		}
-	}
-
-	// Separate loop so we don't leave things in a half-updated state
-	for _, prefix := range newRoutes {
-		route := types.Route{}
-		err := hsdb.db.Preload("Node").
-			Where("node_id = ? AND prefix = ?", node.ID, types.IPPrefix(prefix)).
-			First(&route).Error
-		if err == nil {
-			route.Enabled = true
-
-			// Mark already as primary if there is only this node offering this subnet
-			// (and is not an exit route)
-			if !route.IsExitRoute() {
-				route.IsPrimary = hsdb.isUniquePrefix(route)
-			}
-
-			err = hsdb.db.Save(&route).Error
-			if err != nil {
-				return fmt.Errorf("failed to enable route: %w", err)
-			}
-		} else {
-			return fmt.Errorf("failed to find route: %w", err)
-		}
-	}
-
-	hsdb.notifier.NotifyWithIgnore(types.StateUpdate{
-		Type:    types.StatePeerChanged,
-		Changed: types.Nodes{node},
-	}, node.MachineKey)
-
-	return nil
-}
-
-func generateGivenName(suppliedName string, randomSuffix bool) (string, error) {
-	normalizedHostname, err := util.NormalizeToFQDNRulesConfigFromViper(
-		suppliedName,
-	)
-	if err != nil {
-		return "", err
-	}
-
-	if randomSuffix {
-		// Trim if a hostname will be longer than 63 chars after adding the hash.
-		trimmedHostnameLength := util.LabelHostnameLength - NodeGivenNameHashLength - NodeGivenNameTrimSize
-		if len(normalizedHostname) > trimmedHostnameLength {
-			normalizedHostname = normalizedHostname[:trimmedHostnameLength]
-		}
-
-		suffix, err := util.GenerateRandomStringDNSSafe(NodeGivenNameHashLength)
-		if err != nil {
-			return "", err
-		}
-
-		normalizedHostname += "-" + suffix
-	}
-
-	return normalizedHostname, nil
-}
-
-func (hsdb *HSDatabase) GenerateGivenName(machineKey string, suppliedName string) (string, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	givenName, err := generateGivenName(suppliedName, false)
-	if err != nil {
-		return "", err
-	}
-
-	// Tailscale rules (may differ) https://tailscale.com/kb/1098/machine-names/
-	nodes, err := hsdb.listNodesByGivenName(givenName)
-	if err != nil {
-		return "", err
-	}
-
-	for _, node := range nodes {
-		if node.MachineKey != machineKey && node.GivenName == givenName {
-			postfixedName, err := generateGivenName(suppliedName, true)
-			if err != nil {
-				return "", err
-			}
-
-			givenName = postfixedName
-		}
-	}
-
-	return givenName, nil
-}
-
-func (hsdb *HSDatabase) ExpireEphemeralNodes(inactivityThreshhold time.Duration) {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	users, err := hsdb.listUsers()
-	if err != nil {
-		log.Error().Err(err).Msg("Error listing users")
-
-		return
-	}
-
-	for _, user := range users {
-		nodes, err := hsdb.listNodesByUser(user.Name)
-		if err != nil {
-			log.Error().
-				Err(err).
-				Str("user", user.Name).
-				Msg("Error listing nodes in user")
-
-			return
-		}
-
-		expired := make([]tailcfg.NodeID, 0)
-		for idx, node := range nodes {
-			if node.IsEphemeral() && node.LastSeen != nil &&
-				time.Now().
-					After(node.LastSeen.Add(inactivityThreshhold)) {
-				expired = append(expired, tailcfg.NodeID(node.ID))
-
-				log.Info().
-					Str("node", node.Hostname).
-					Msg("Ephemeral client removed from database")
-
-				err = hsdb.deleteNode(nodes[idx])
-				if err != nil {
-					log.Error().
-						Err(err).
-						Str("node", node.Hostname).
-						Msg("🤮 Cannot delete ephemeral node from the database")
-				}
-			}
-		}
-
-		if len(expired) > 0 {
-			hsdb.notifier.NotifyAll(types.StateUpdate{
-				Type:    types.StatePeerRemoved,
-				Removed: expired,
-			})
-		}
-	}
-}
-
-func (hsdb *HSDatabase) ExpireExpiredNodes(lastCheck time.Time) time.Time {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	// use the time of the start of the function to ensure we
-	// dont miss some nodes by returning it _after_ we have
-	// checked everything.
-	started := time.Now()
-
-	users, err := hsdb.listUsers()
-	if err != nil {
-		log.Error().Err(err).Msg("Error listing users")
-
-		return time.Unix(0, 0)
-	}
-
-	for _, user := range users {
-		nodes, err := hsdb.listNodesByUser(user.Name)
-		if err != nil {
-			log.Error().
-				Err(err).
-				Str("user", user.Name).
-				Msg("Error listing nodes in user")
-
-			return time.Unix(0, 0)
-		}
-
-		expired := make([]tailcfg.NodeID, 0)
-		for index, node := range nodes {
-			if node.IsExpired() &&
-				node.Expiry.After(lastCheck) {
-				expired = append(expired, tailcfg.NodeID(node.ID))
-
-				now := time.Now()
-				err := hsdb.nodeSetExpiry(nodes[index], now)
-				if err != nil {
-					log.Error().
-						Err(err).
-						Str("node", node.Hostname).
-						Str("name", node.GivenName).
-						Msg("🤮 Cannot expire node")
-				} else {
-					log.Info().
-						Str("node", node.Hostname).
-						Str("name", node.GivenName).
-						Msg("Node successfully expired")
-				}
-			}
-		}
-
-		if len(expired) > 0 {
-			hsdb.notifier.NotifyAll(types.StateUpdate{
-				Type:    types.StatePeerRemoved,
-				Removed: expired,
-			})
-		}
-	}
-
-	return started
-}

hscontrol/db/preauth_keys.go

@@ -28,10 +28,6 @@ func (hsdb *HSDatabase) CreatePreAuthKey(
 	expiration *time.Time,
 	aclTags []string,
 ) (*types.PreAuthKey, error) {
-	// TODO(kradalby): figure out this lock
-	// hsdb.mu.Lock()
-	// defer hsdb.mu.Unlock()
-
 	user, err := hsdb.GetUser(userName)
 	if err != nil {
 		return nil, err
@@ -96,14 +92,7 @@ func (hsdb *HSDatabase) CreatePreAuthKey(
 
 // ListPreAuthKeys returns the list of PreAuthKeys for a user.
 func (hsdb *HSDatabase) ListPreAuthKeys(userName string) ([]types.PreAuthKey, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.listPreAuthKeys(userName)
-}
-
-func (hsdb *HSDatabase) listPreAuthKeys(userName string) ([]types.PreAuthKey, error) {
-	user, err := hsdb.getUser(userName)
+	user, err := hsdb.GetUser(userName)
 	if err != nil {
 		return nil, err
 	}
@@ -118,9 +107,6 @@ func (hsdb *HSDatabase) listPreAuthKeys(userName string) ([]types.PreAuthKey, er
 
 // GetPreAuthKey returns a PreAuthKey for a given key.
 func (hsdb *HSDatabase) GetPreAuthKey(user string, key string) (*types.PreAuthKey, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
 	pak, err := hsdb.ValidatePreAuthKey(key)
 	if err != nil {
 		return nil, err
@@ -136,13 +122,6 @@ func (hsdb *HSDatabase) GetPreAuthKey(user string, key string) (*types.PreAuthKe
 // DestroyPreAuthKey destroys a preauthkey. Returns error if the PreAuthKey
 // does not exist.
 func (hsdb *HSDatabase) DestroyPreAuthKey(pak types.PreAuthKey) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	return hsdb.destroyPreAuthKey(pak)
-}
-
-func (hsdb *HSDatabase) destroyPreAuthKey(pak types.PreAuthKey) error {
 	return hsdb.db.Transaction(func(db *gorm.DB) error {
 		if result := db.Unscoped().Where(types.PreAuthKeyACLTag{PreAuthKeyID: pak.ID}).Delete(&types.PreAuthKeyACLTag{}); result.Error != nil {
 			return result.Error
@@ -158,9 +137,6 @@ func (hsdb *HSDatabase) destroyPreAuthKey(pak types.PreAuthKey) error {
 
 // MarkExpirePreAuthKey marks a PreAuthKey as expired.
 func (hsdb *HSDatabase) ExpirePreAuthKey(k *types.PreAuthKey) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
 	if err := hsdb.db.Model(&k).Update("Expiration", time.Now()).Error; err != nil {
 		return err
 	}
@@ -170,9 +146,6 @@ func (hsdb *HSDatabase) ExpirePreAuthKey(k *types.PreAuthKey) error {
 
 // UsePreAuthKey marks a PreAuthKey as used.
 func (hsdb *HSDatabase) UsePreAuthKey(k *types.PreAuthKey) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
 	k.Used = true
 	if err := hsdb.db.Save(k).Error; err != nil {
 		return fmt.Errorf("failed to update key used status in the database: %w", err)
@@ -184,9 +157,6 @@ func (hsdb *HSDatabase) UsePreAuthKey(k *types.PreAuthKey) error {
 // ValidatePreAuthKey does the heavy lifting for validation of the PreAuthKey coming from a node
 // If returns no error and a PreAuthKey, it can be used.
 func (hsdb *HSDatabase) ValidatePreAuthKey(k string) (*types.PreAuthKey, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
 	pak := types.PreAuthKey{}
 	if result := hsdb.db.Preload("User").Preload("ACLTags").First(&pak, "key = ?", k); errors.Is(
 		result.Error,
@@ -203,15 +173,12 @@ func (hsdb *HSDatabase) ValidatePreAuthKey(k string) (*types.PreAuthKey, error)
 		return &pak, nil
 	}
 
-	nodes := types.Nodes{}
-	if err := hsdb.db.
-		Preload("AuthKey").
-		Where(&types.Node{AuthKeyID: uint(pak.ID)}).
-		Find(&nodes).Error; err != nil {
+	machines := types.Machines{}
+	if err := hsdb.db.Preload("AuthKey").Where(&types.Machine{AuthKeyID: uint(pak.ID)}).Find(&machines).Error; err != nil {
 		return nil, err
 	}
 
-	if len(nodes) != 0 || pak.Used {
+	if len(machines) != 0 || pak.Used {
 		return nil, ErrSingleUseAuthKeyHasBeenUsed
 	}
 

hscontrol/db/preauth_keys_test.go

@@ -75,7 +75,7 @@ func (*Suite) TestAlreadyUsedKey(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
@@ -85,7 +85,7 @@ func (*Suite) TestAlreadyUsedKey(c *check.C) {
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
 	key, err := db.ValidatePreAuthKey(pak.Key)
 	c.Assert(err, check.Equals, ErrSingleUseAuthKeyHasBeenUsed)
@@ -99,7 +99,7 @@ func (*Suite) TestReusableBeingUsedKey(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, true, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             1,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
@@ -109,7 +109,7 @@ func (*Suite) TestReusableBeingUsedKey(c *check.C) {
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
 	key, err := db.ValidatePreAuthKey(pak.Key)
 	c.Assert(err, check.IsNil)
@@ -136,7 +136,7 @@ func (*Suite) TestEphemeralKey(c *check.C) {
 	c.Assert(err, check.IsNil)
 
 	now := time.Now().Add(-time.Second * 30)
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
@@ -147,20 +147,22 @@ func (*Suite) TestEphemeralKey(c *check.C) {
 		LastSeen:       &now,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
 	_, err = db.ValidatePreAuthKey(pak.Key)
 	// Ephemeral keys are by definition reusable
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test7", "testest")
+	_, err = db.GetMachine("test7", "testest")
 	c.Assert(err, check.IsNil)
 
-	db.ExpireEphemeralNodes(time.Second * 20)
+	db.ExpireEphemeralMachines(time.Second * 20)
 
 	// The machine record should have been deleted
-	_, err = db.GetNode("test7", "testest")
+	_, err = db.GetMachine("test7", "testest")
 	c.Assert(err, check.NotNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(1))
 }
 
 func (*Suite) TestExpirePreauthKey(c *check.C) {

hscontrol/db/routes.go

@@ -13,15 +13,8 @@ import (
 var ErrRouteIsNotAvailable = errors.New("route is not available")
 
 func (hsdb *HSDatabase) GetRoutes() (types.Routes, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.getRoutes()
-}
-
-func (hsdb *HSDatabase) getRoutes() (types.Routes, error) {
 	var routes types.Routes
-	err := hsdb.db.Preload("Node").Find(&routes).Error
+	err := hsdb.db.Preload("Machine").Find(&routes).Error
 	if err != nil {
 		return nil, err
 	}
@@ -29,18 +22,11 @@ func (hsdb *HSDatabase) getRoutes() (types.Routes, error) {
 	return routes, nil
 }
 
-func (hsdb *HSDatabase) GetNodeAdvertisedRoutes(node *types.Node) (types.Routes, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.getNodeAdvertisedRoutes(node)
-}
-
-func (hsdb *HSDatabase) getNodeAdvertisedRoutes(node *types.Node) (types.Routes, error) {
+func (hsdb *HSDatabase) GetMachineAdvertisedRoutes(machine *types.Machine) (types.Routes, error) {
 	var routes types.Routes
 	err := hsdb.db.
-		Preload("Node").
-		Where("node_id = ? AND advertised = true", node.ID).
+		Preload("Machine").
+		Where("machine_id = ? AND advertised = true", machine.ID).
 		Find(&routes).Error
 	if err != nil {
 		return nil, err
@@ -49,18 +35,11 @@ func (hsdb *HSDatabase) getNodeAdvertisedRoutes(node *types.Node) (types.Routes,
 	return routes, nil
 }
 
-func (hsdb *HSDatabase) GetNodeRoutes(node *types.Node) (types.Routes, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.getNodeRoutes(node)
-}
-
-func (hsdb *HSDatabase) getNodeRoutes(node *types.Node) (types.Routes, error) {
+func (hsdb *HSDatabase) GetMachineRoutes(m *types.Machine) (types.Routes, error) {
 	var routes types.Routes
 	err := hsdb.db.
-		Preload("Node").
-		Where("node_id = ?", node.ID).
+		Preload("Machine").
+		Where("machine_id = ?", m.ID).
 		Find(&routes).Error
 	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
 		return nil, err
@@ -70,15 +49,8 @@ func (hsdb *HSDatabase) getNodeRoutes(node *types.Node) (types.Routes, error) {
 }
 
 func (hsdb *HSDatabase) GetRoute(id uint64) (*types.Route, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.getRoute(id)
-}
-
-func (hsdb *HSDatabase) getRoute(id uint64) (*types.Route, error) {
 	var route types.Route
-	err := hsdb.db.Preload("Node").First(&route, id).Error
+	err := hsdb.db.Preload("Machine").First(&route, id).Error
 	if err != nil {
 		return nil, err
 	}
@@ -87,14 +59,7 @@ func (hsdb *HSDatabase) getRoute(id uint64) (*types.Route, error) {
 }
 
 func (hsdb *HSDatabase) EnableRoute(id uint64) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	return hsdb.enableRoute(id)
-}
-
-func (hsdb *HSDatabase) enableRoute(id uint64) error {
-	route, err := hsdb.getRoute(id)
+	route, err := hsdb.GetRoute(id)
 	if err != nil {
 		return err
 	}
@@ -104,20 +69,17 @@ func (hsdb *HSDatabase) enableRoute(id uint64) error {
 	// https://github.com/juanfont/headscale/issues/804#issuecomment-1399314002
 	if route.IsExitRoute() {
 		return hsdb.enableRoutes(
-			&route.Node,
+			&route.Machine,
 			types.ExitRouteV4.String(),
 			types.ExitRouteV6.String(),
 		)
 	}
 
-	return hsdb.enableRoutes(&route.Node, netip.Prefix(route.Prefix).String())
+	return hsdb.enableRoutes(&route.Machine, netip.Prefix(route.Prefix).String())
 }
 
 func (hsdb *HSDatabase) DisableRoute(id uint64) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	route, err := hsdb.getRoute(id)
+	route, err := hsdb.GetRoute(id)
 	if err != nil {
 		return err
 	}
@@ -133,10 +95,10 @@ func (hsdb *HSDatabase) DisableRoute(id uint64) error {
 			return err
 		}
 
-		return hsdb.handlePrimarySubnetFailover()
+		return hsdb.HandlePrimarySubnetFailover()
 	}
 
-	routes, err := hsdb.getNodeRoutes(&route.Node)
+	routes, err := hsdb.GetMachineRoutes(&route.Machine)
 	if err != nil {
 		return err
 	}
@@ -152,14 +114,11 @@ func (hsdb *HSDatabase) DisableRoute(id uint64) error {
 		}
 	}
 
-	return hsdb.handlePrimarySubnetFailover()
+	return hsdb.HandlePrimarySubnetFailover()
 }
 
 func (hsdb *HSDatabase) DeleteRoute(id uint64) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	route, err := hsdb.getRoute(id)
+	route, err := hsdb.GetRoute(id)
 	if err != nil {
 		return err
 	}
@@ -172,10 +131,10 @@ func (hsdb *HSDatabase) DeleteRoute(id uint64) error {
 			return err
 		}
 
-		return hsdb.handlePrimarySubnetFailover()
+		return hsdb.HandlePrimarySubnetFailover()
 	}
 
-	routes, err := hsdb.getNodeRoutes(&route.Node)
+	routes, err := hsdb.GetMachineRoutes(&route.Machine)
 	if err != nil {
 		return err
 	}
@@ -191,11 +150,11 @@ func (hsdb *HSDatabase) DeleteRoute(id uint64) error {
 		return err
 	}
 
-	return hsdb.handlePrimarySubnetFailover()
+	return hsdb.HandlePrimarySubnetFailover()
 }
 
-func (hsdb *HSDatabase) deleteNodeRoutes(node *types.Node) error {
-	routes, err := hsdb.getNodeRoutes(node)
+func (hsdb *HSDatabase) DeleteMachineRoutes(m *types.Machine) error {
+	routes, err := hsdb.GetMachineRoutes(m)
 	if err != nil {
 		return err
 	}
@@ -206,17 +165,17 @@ func (hsdb *HSDatabase) deleteNodeRoutes(node *types.Node) error {
 		}
 	}
 
-	return hsdb.handlePrimarySubnetFailover()
+	return hsdb.HandlePrimarySubnetFailover()
 }
 
-// isUniquePrefix returns if there is another node providing the same route already.
+// isUniquePrefix returns if there is another machine providing the same route already.
 func (hsdb *HSDatabase) isUniquePrefix(route types.Route) bool {
 	var count int64
 	hsdb.db.
 		Model(&types.Route{}).
-		Where("prefix = ? AND node_id != ? AND advertised = ? AND enabled = ?",
+		Where("prefix = ? AND machine_id != ? AND advertised = ? AND enabled = ?",
 			route.Prefix,
-			route.NodeID,
+			route.MachineID,
 			true, true).Count(&count)
 
 	return count == 0
@@ -225,7 +184,7 @@ func (hsdb *HSDatabase) isUniquePrefix(route types.Route) bool {
 func (hsdb *HSDatabase) getPrimaryRoute(prefix netip.Prefix) (*types.Route, error) {
 	var route types.Route
 	err := hsdb.db.
-		Preload("Node").
+		Preload("Machine").
 		Where("prefix = ? AND advertised = ? AND enabled = ? AND is_primary = ?", types.IPPrefix(prefix), true, true, true).
 		First(&route).Error
 	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
@@ -239,16 +198,13 @@ func (hsdb *HSDatabase) getPrimaryRoute(prefix netip.Prefix) (*types.Route, erro
 	return &route, nil
 }
 
-// getNodePrimaryRoutes returns the routes that are enabled and marked as primary (for subnet failover)
+// getMachinePrimaryRoutes returns the routes that are enabled and marked as primary (for subnet failover)
 // Exit nodes are not considered for this, as they are never marked as Primary.
-func (hsdb *HSDatabase) GetNodePrimaryRoutes(node *types.Node) (types.Routes, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
+func (hsdb *HSDatabase) GetMachinePrimaryRoutes(m *types.Machine) (types.Routes, error) {
 	var routes types.Routes
 	err := hsdb.db.
-		Preload("Node").
-		Where("node_id = ? AND advertised = ? AND enabled = ? AND is_primary = ?", node.ID, true, true, true).
+		Preload("Machine").
+		Where("machine_id = ? AND advertised = ? AND enabled = ? AND is_primary = ?", m.ID, true, true, true).
 		Find(&routes).Error
 	if err != nil {
 		return nil, err
@@ -257,33 +213,18 @@ func (hsdb *HSDatabase) GetNodePrimaryRoutes(node *types.Node) (types.Routes, er
 	return routes, nil
 }
 
-// SaveNodeRoutes takes a node and updates the database with
-// the new routes.
-func (hsdb *HSDatabase) SaveNodeRoutes(node *types.Node) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	return hsdb.saveNodeRoutes(node)
-}
-
-func (hsdb *HSDatabase) saveNodeRoutes(node *types.Node) error {
+func (hsdb *HSDatabase) ProcessMachineRoutes(machine *types.Machine) error {
 	currentRoutes := types.Routes{}
-	err := hsdb.db.Where("node_id = ?", node.ID).Find(&currentRoutes).Error
+	err := hsdb.db.Where("machine_id = ?", machine.ID).Find(&currentRoutes).Error
 	if err != nil {
 		return err
 	}
 
 	advertisedRoutes := map[netip.Prefix]bool{}
-	for _, prefix := range node.HostInfo.RoutableIPs {
+	for _, prefix := range machine.HostInfo.RoutableIPs {
 		advertisedRoutes[prefix] = false
 	}
 
-	log.Trace().
-		Str("node", node.Hostname).
-		Interface("advertisedRoutes", advertisedRoutes).
-		Interface("currentRoutes", currentRoutes).
-		Msg("updating routes")
-
 	for pos, route := range currentRoutes {
 		if _, ok := advertisedRoutes[netip.Prefix(route.Prefix)]; ok {
 			if !route.Advertised {
@@ -307,7 +248,7 @@ func (hsdb *HSDatabase) saveNodeRoutes(node *types.Node) error {
 	for prefix, exists := range advertisedRoutes {
 		if !exists {
 			route := types.Route{
-				NodeID:     node.ID,
+				MachineID:  machine.ID,
 				Prefix:     types.IPPrefix(prefix),
 				Advertised: true,
 				Enabled:    false,
@@ -323,37 +264,28 @@ func (hsdb *HSDatabase) saveNodeRoutes(node *types.Node) error {
 }
 
 func (hsdb *HSDatabase) HandlePrimarySubnetFailover() error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	return hsdb.handlePrimarySubnetFailover()
-}
-
-func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
 	// first, get all the enabled routes
 	var routes types.Routes
 	err := hsdb.db.
-		Preload("Node").
+		Preload("Machine").
 		Where("advertised = ? AND enabled = ?", true, true).
 		Find(&routes).Error
 	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
 		log.Error().Err(err).Msg("error getting routes")
 	}
 
-	changedNodes := make(types.Nodes, 0)
+	routesChanged := false
 	for pos, route := range routes {
 		if route.IsExitRoute() {
 			continue
 		}
 
-		node := &route.Node
-
 		if !route.IsPrimary {
 			_, err := hsdb.getPrimaryRoute(netip.Prefix(route.Prefix))
 			if hsdb.isUniquePrefix(route) || errors.Is(err, gorm.ErrRecordNotFound) {
 				log.Info().
 					Str("prefix", netip.Prefix(route.Prefix).String()).
-					Str("node", route.Node.GivenName).
+					Str("machine", route.Machine.GivenName).
 					Msg("Setting primary route")
 				routes[pos].IsPrimary = true
 				err := hsdb.db.Save(&routes[pos]).Error
@@ -363,30 +295,30 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
 					return err
 				}
 
-				changedNodes = append(changedNodes, node)
+				routesChanged = true
 
 				continue
 			}
 		}
 
 		if route.IsPrimary {
-			if route.Node.IsOnline() {
+			if route.Machine.IsOnline() {
 				continue
 			}
 
-			// node offline, find a new primary
+			// machine offline, find a new primary
 			log.Info().
-				Str("node", route.Node.Hostname).
+				Str("machine", route.Machine.Hostname).
 				Str("prefix", netip.Prefix(route.Prefix).String()).
-				Msgf("node offline, finding a new primary subnet")
+				Msgf("machine offline, finding a new primary subnet")
 
 			// find a new primary route
 			var newPrimaryRoutes types.Routes
 			err := hsdb.db.
-				Preload("Node").
-				Where("prefix = ? AND node_id != ? AND advertised = ? AND enabled = ?",
+				Preload("Machine").
+				Where("prefix = ? AND machine_id != ? AND advertised = ? AND enabled = ?",
 					route.Prefix,
-					route.NodeID,
+					route.MachineID,
 					true, true).
 				Find(&newPrimaryRoutes).Error
 			if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
@@ -397,7 +329,7 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
 
 			var newPrimaryRoute *types.Route
 			for pos, r := range newPrimaryRoutes {
-				if r.Node.IsOnline() {
+				if r.Machine.IsOnline() {
 					newPrimaryRoute = &newPrimaryRoutes[pos]
 
 					break
@@ -406,7 +338,7 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
 
 			if newPrimaryRoute == nil {
 				log.Warn().
-					Str("node", route.Node.Hostname).
+					Str("machine", route.Machine.Hostname).
 					Str("prefix", netip.Prefix(route.Prefix).String()).
 					Msgf("no alternative primary route found")
 
@@ -414,9 +346,9 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
 			}
 
 			log.Info().
-				Str("old_node", route.Node.Hostname).
+				Str("old_machine", route.Machine.Hostname).
 				Str("prefix", netip.Prefix(route.Prefix).String()).
-				Str("new_node", newPrimaryRoute.Node.Hostname).
+				Str("new_machine", newPrimaryRoute.Machine.Hostname).
 				Msgf("found new primary route")
 
 			// disable the old primary route
@@ -437,39 +369,33 @@ func (hsdb *HSDatabase) handlePrimarySubnetFailover() error {
 				return err
 			}
 
-			changedNodes = append(changedNodes, node)
+			routesChanged = true
 		}
 	}
 
-	if len(changedNodes) > 0 {
-		hsdb.notifier.NotifyAll(types.StateUpdate{
-			Type:    types.StatePeerChanged,
-			Changed: changedNodes,
-		})
+	if routesChanged {
+		hsdb.notifyStateChange()
 	}
 
 	return nil
 }
 
-// EnableAutoApprovedRoutes enables any routes advertised by a node that match the ACL autoApprovers policy.
+// EnableAutoApprovedRoutes enables any routes advertised by a machine that match the ACL autoApprovers policy.
 func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
 	aclPolicy *policy.ACLPolicy,
-	node *types.Node,
+	machine *types.Machine,
 ) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	if len(node.IPAddresses) == 0 {
-		return nil // This node has no IPAddresses, so can't possibly match any autoApprovers ACLs
+	if len(machine.IPAddresses) == 0 {
+		return nil // This machine has no IPAddresses, so can't possibly match any autoApprovers ACLs
 	}
 
-	routes, err := hsdb.getNodeAdvertisedRoutes(node)
+	routes, err := hsdb.GetMachineAdvertisedRoutes(machine)
 	if err != nil && !errors.Is(err, gorm.ErrRecordNotFound) {
 		log.Error().
 			Caller().
 			Err(err).
-			Str("node", node.Hostname).
-			Msg("Could not get advertised routes for node")
+			Str("machine", machine.Hostname).
+			Msg("Could not get advertised routes for machine")
 
 		return err
 	}
@@ -487,18 +413,18 @@ func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
 		if err != nil {
 			log.Err(err).
 				Str("advertisedRoute", advertisedRoute.String()).
-				Uint64("nodeId", node.ID).
+				Uint64("machineId", machine.ID).
 				Msg("Failed to resolve autoApprovers for advertised route")
 
 			return err
 		}
 
 		for _, approvedAlias := range routeApprovers {
-			if approvedAlias == node.User.Name {
+			if approvedAlias == machine.User.Name {
 				approvedRoutes = append(approvedRoutes, advertisedRoute)
 			} else {
 				// TODO(kradalby): figure out how to get this to depend on less stuff
-				approvedIps, err := aclPolicy.ExpandAlias(types.Nodes{node}, approvedAlias)
+				approvedIps, err := aclPolicy.ExpandAlias(types.Machines{*machine}, approvedAlias)
 				if err != nil {
 					log.Err(err).
 						Str("alias", approvedAlias).
@@ -507,8 +433,8 @@ func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
 					return err
 				}
 
-				// approvedIPs should contain all of node's IPs if it matches the rule, so check for first
-				if approvedIps.Contains(node.IPAddresses[0]) {
+				// approvedIPs should contain all of machine's IPs if it matches the rule, so check for first
+				if approvedIps.Contains(machine.IPAddresses[0]) {
 					approvedRoutes = append(approvedRoutes, advertisedRoute)
 				}
 			}
@@ -516,11 +442,11 @@ func (hsdb *HSDatabase) EnableAutoApprovedRoutes(
 	}
 
 	for _, approvedRoute := range approvedRoutes {
-		err := hsdb.enableRoute(uint64(approvedRoute.ID))
+		err := hsdb.EnableRoute(uint64(approvedRoute.ID))
 		if err != nil {
 			log.Err(err).
 				Str("approvedRoute", approvedRoute.String()).
-				Uint64("nodeId", node.ID).
+				Uint64("machineId", machine.ID).
 				Msg("Failed to enable approved route")
 
 			return err

hscontrol/db/routes_test.go

@@ -17,7 +17,7 @@ func (s *Suite) TestGetRoutes(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "test_get_route_node")
+	_, err = db.GetMachine("test", "test_get_route_machine")
 	c.Assert(err, check.NotNil)
 
 	route, err := netip.ParsePrefix("10.0.0.0/24")
@@ -27,31 +27,33 @@ func (s *Suite) TestGetRoutes(c *check.C) {
 		RoutableIPs: []netip.Prefix{route},
 	}
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "test_get_route_node",
+		Hostname:       "test_get_route_machine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		HostInfo:       types.HostInfo(hostInfo),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
-	err = db.SaveNodeRoutes(&node)
+	err = db.ProcessMachineRoutes(&machine)
 	c.Assert(err, check.IsNil)
 
-	advertisedRoutes, err := db.GetAdvertisedRoutes(&node)
+	advertisedRoutes, err := db.GetAdvertisedRoutes(&machine)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(advertisedRoutes), check.Equals, 1)
 
-	err = db.enableRoutes(&node, "192.168.0.0/24")
+	err = db.enableRoutes(&machine, "192.168.0.0/24")
 	c.Assert(err, check.NotNil)
 
-	err = db.enableRoutes(&node, "10.0.0.0/24")
+	err = db.enableRoutes(&machine, "10.0.0.0/24")
 	c.Assert(err, check.IsNil)
+
+	c.Assert(channelUpdates, check.Equals, int32(0))
 }
 
 func (s *Suite) TestGetEnableRoutes(c *check.C) {
@@ -61,7 +63,7 @@ func (s *Suite) TestGetEnableRoutes(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "test_enable_route_node")
+	_, err = db.GetMachine("test", "test_enable_route_machine")
 	c.Assert(err, check.NotNil)
 
 	route, err := netip.ParsePrefix(
@@ -78,55 +80,57 @@ func (s *Suite) TestGetEnableRoutes(c *check.C) {
 		RoutableIPs: []netip.Prefix{route, route2},
 	}
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "test_enable_route_node",
+		Hostname:       "test_enable_route_machine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		HostInfo:       types.HostInfo(hostInfo),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
-	err = db.SaveNodeRoutes(&node)
+	err = db.ProcessMachineRoutes(&machine)
 	c.Assert(err, check.IsNil)
 
-	availableRoutes, err := db.GetAdvertisedRoutes(&node)
+	availableRoutes, err := db.GetAdvertisedRoutes(&machine)
 	c.Assert(err, check.IsNil)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(availableRoutes), check.Equals, 2)
 
-	noEnabledRoutes, err := db.GetEnabledRoutes(&node)
+	noEnabledRoutes, err := db.GetEnabledRoutes(&machine)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(noEnabledRoutes), check.Equals, 0)
 
-	err = db.enableRoutes(&node, "192.168.0.0/24")
+	err = db.enableRoutes(&machine, "192.168.0.0/24")
 	c.Assert(err, check.NotNil)
 
-	err = db.enableRoutes(&node, "10.0.0.0/24")
+	err = db.enableRoutes(&machine, "10.0.0.0/24")
 	c.Assert(err, check.IsNil)
 
-	enabledRoutes, err := db.GetEnabledRoutes(&node)
+	enabledRoutes, err := db.GetEnabledRoutes(&machine)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutes), check.Equals, 1)
 
 	// Adding it twice will just let it pass through
-	err = db.enableRoutes(&node, "10.0.0.0/24")
+	err = db.enableRoutes(&machine, "10.0.0.0/24")
 	c.Assert(err, check.IsNil)
 
-	enableRoutesAfterDoubleApply, err := db.GetEnabledRoutes(&node)
+	enableRoutesAfterDoubleApply, err := db.GetEnabledRoutes(&machine)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enableRoutesAfterDoubleApply), check.Equals, 1)
 
-	err = db.enableRoutes(&node, "150.0.10.0/25")
+	err = db.enableRoutes(&machine, "150.0.10.0/25")
 	c.Assert(err, check.IsNil)
 
-	enabledRoutesWithAdditionalRoute, err := db.GetEnabledRoutes(&node)
+	enabledRoutesWithAdditionalRoute, err := db.GetEnabledRoutes(&machine)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutesWithAdditionalRoute), check.Equals, 2)
+
+	c.Assert(channelUpdates, check.Equals, int32(3))
 }
 
 func (s *Suite) TestIsUniquePrefix(c *check.C) {
@@ -136,7 +140,7 @@ func (s *Suite) TestIsUniquePrefix(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "test_enable_route_node")
+	_, err = db.GetMachine("test", "test_enable_route_machine")
 	c.Assert(err, check.NotNil)
 
 	route, err := netip.ParsePrefix(
@@ -152,65 +156,67 @@ func (s *Suite) TestIsUniquePrefix(c *check.C) {
 	hostInfo1 := tailcfg.Hostinfo{
 		RoutableIPs: []netip.Prefix{route, route2},
 	}
-	node1 := types.Node{
+	machine1 := types.Machine{
 		ID:             1,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "test_enable_route_node",
+		Hostname:       "test_enable_route_machine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		HostInfo:       types.HostInfo(hostInfo1),
 	}
-	db.db.Save(&node1)
+	db.db.Save(&machine1)
 
-	err = db.SaveNodeRoutes(&node1)
+	err = db.ProcessMachineRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node1, route.String())
+	err = db.enableRoutes(&machine1, route.String())
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node1, route2.String())
+	err = db.enableRoutes(&machine1, route2.String())
 	c.Assert(err, check.IsNil)
 
 	hostInfo2 := tailcfg.Hostinfo{
 		RoutableIPs: []netip.Prefix{route2},
 	}
-	node2 := types.Node{
+	machine2 := types.Machine{
 		ID:             2,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "test_enable_route_node",
+		Hostname:       "test_enable_route_machine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		HostInfo:       types.HostInfo(hostInfo2),
 	}
-	db.db.Save(&node2)
+	db.db.Save(&machine2)
 
-	err = db.SaveNodeRoutes(&node2)
+	err = db.ProcessMachineRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node2, route2.String())
+	err = db.enableRoutes(&machine2, route2.String())
 	c.Assert(err, check.IsNil)
 
-	enabledRoutes1, err := db.GetEnabledRoutes(&node1)
+	enabledRoutes1, err := db.GetEnabledRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutes1), check.Equals, 2)
 
-	enabledRoutes2, err := db.GetEnabledRoutes(&node2)
+	enabledRoutes2, err := db.GetEnabledRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutes2), check.Equals, 1)
 
-	routes, err := db.GetNodePrimaryRoutes(&node1)
+	routes, err := db.GetMachinePrimaryRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 2)
 
-	routes, err = db.GetNodePrimaryRoutes(&node2)
+	routes, err = db.GetMachinePrimaryRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 0)
+
+	c.Assert(channelUpdates, check.Equals, int32(3))
 }
 
 func (s *Suite) TestSubnetFailover(c *check.C) {
@@ -220,7 +226,7 @@ func (s *Suite) TestSubnetFailover(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "test_enable_route_node")
+	_, err = db.GetMachine("test", "test_enable_route_machine")
 	c.Assert(err, check.NotNil)
 
 	prefix, err := netip.ParsePrefix(
@@ -238,121 +244,123 @@ func (s *Suite) TestSubnetFailover(c *check.C) {
 	}
 
 	now := time.Now()
-	node1 := types.Node{
+	machine1 := types.Machine{
 		ID:             1,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "test_enable_route_node",
+		Hostname:       "test_enable_route_machine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		HostInfo:       types.HostInfo(hostInfo1),
 		LastSeen:       &now,
 	}
-	db.db.Save(&node1)
+	db.db.Save(&machine1)
 
-	err = db.SaveNodeRoutes(&node1)
+	err = db.ProcessMachineRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node1, prefix.String())
+	err = db.enableRoutes(&machine1, prefix.String())
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node1, prefix2.String())
+	err = db.enableRoutes(&machine1, prefix2.String())
 	c.Assert(err, check.IsNil)
 
 	err = db.HandlePrimarySubnetFailover()
 	c.Assert(err, check.IsNil)
 
-	enabledRoutes1, err := db.GetEnabledRoutes(&node1)
+	enabledRoutes1, err := db.GetEnabledRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutes1), check.Equals, 2)
 
 	route, err := db.getPrimaryRoute(prefix)
 	c.Assert(err, check.IsNil)
-	c.Assert(route.NodeID, check.Equals, node1.ID)
+	c.Assert(route.MachineID, check.Equals, machine1.ID)
 
 	hostInfo2 := tailcfg.Hostinfo{
 		RoutableIPs: []netip.Prefix{prefix2},
 	}
-	node2 := types.Node{
+	machine2 := types.Machine{
 		ID:             2,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "test_enable_route_node",
+		Hostname:       "test_enable_route_machine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		HostInfo:       types.HostInfo(hostInfo2),
 		LastSeen:       &now,
 	}
-	db.db.Save(&node2)
+	db.db.Save(&machine2)
 
-	err = db.saveNodeRoutes(&node2)
+	err = db.ProcessMachineRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node2, prefix2.String())
+	err = db.enableRoutes(&machine2, prefix2.String())
 	c.Assert(err, check.IsNil)
 
 	err = db.HandlePrimarySubnetFailover()
 	c.Assert(err, check.IsNil)
 
-	enabledRoutes1, err = db.GetEnabledRoutes(&node1)
+	enabledRoutes1, err = db.GetEnabledRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutes1), check.Equals, 2)
 
-	enabledRoutes2, err := db.GetEnabledRoutes(&node2)
+	enabledRoutes2, err := db.GetEnabledRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutes2), check.Equals, 1)
 
-	routes, err := db.GetNodePrimaryRoutes(&node1)
+	routes, err := db.GetMachinePrimaryRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 2)
 
-	routes, err = db.GetNodePrimaryRoutes(&node2)
+	routes, err = db.GetMachinePrimaryRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 0)
 
-	// lets make node1 lastseen 10 mins ago
+	// lets make machine1 lastseen 10 mins ago
 	before := now.Add(-10 * time.Minute)
-	node1.LastSeen = &before
-	err = db.db.Save(&node1).Error
+	machine1.LastSeen = &before
+	err = db.db.Save(&machine1).Error
 	c.Assert(err, check.IsNil)
 
 	err = db.HandlePrimarySubnetFailover()
 	c.Assert(err, check.IsNil)
 
-	routes, err = db.GetNodePrimaryRoutes(&node1)
+	routes, err = db.GetMachinePrimaryRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 1)
 
-	routes, err = db.GetNodePrimaryRoutes(&node2)
+	routes, err = db.GetMachinePrimaryRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 1)
 
-	node2.HostInfo = types.HostInfo(tailcfg.Hostinfo{
+	machine2.HostInfo = types.HostInfo(tailcfg.Hostinfo{
 		RoutableIPs: []netip.Prefix{prefix, prefix2},
 	})
-	err = db.db.Save(&node2).Error
+	err = db.db.Save(&machine2).Error
 	c.Assert(err, check.IsNil)
 
-	err = db.SaveNodeRoutes(&node2)
+	err = db.ProcessMachineRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node2, prefix.String())
+	err = db.enableRoutes(&machine2, prefix.String())
 	c.Assert(err, check.IsNil)
 
 	err = db.HandlePrimarySubnetFailover()
 	c.Assert(err, check.IsNil)
 
-	routes, err = db.GetNodePrimaryRoutes(&node1)
+	routes, err = db.GetMachinePrimaryRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 0)
 
-	routes, err = db.GetNodePrimaryRoutes(&node2)
+	routes, err = db.GetMachinePrimaryRoutes(&machine2)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(routes), check.Equals, 2)
+
+	c.Assert(channelUpdates, check.Equals, int32(6))
 }
 
 func (s *Suite) TestDeleteRoutes(c *check.C) {
@@ -362,7 +370,7 @@ func (s *Suite) TestDeleteRoutes(c *check.C) {
 	pak, err := db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	_, err = db.GetNode("test", "test_enable_route_node")
+	_, err = db.GetMachine("test", "test_enable_route_machine")
 	c.Assert(err, check.NotNil)
 
 	prefix, err := netip.ParsePrefix(
@@ -380,36 +388,38 @@ func (s *Suite) TestDeleteRoutes(c *check.C) {
 	}
 
 	now := time.Now()
-	node1 := types.Node{
+	machine1 := types.Machine{
 		ID:             1,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "test_enable_route_node",
+		Hostname:       "test_enable_route_machine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 		HostInfo:       types.HostInfo(hostInfo1),
 		LastSeen:       &now,
 	}
-	db.db.Save(&node1)
+	db.db.Save(&machine1)
 
-	err = db.SaveNodeRoutes(&node1)
+	err = db.ProcessMachineRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node1, prefix.String())
+	err = db.enableRoutes(&machine1, prefix.String())
 	c.Assert(err, check.IsNil)
 
-	err = db.enableRoutes(&node1, prefix2.String())
+	err = db.enableRoutes(&machine1, prefix2.String())
 	c.Assert(err, check.IsNil)
 
-	routes, err := db.GetNodeRoutes(&node1)
+	routes, err := db.GetMachineRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 
 	err = db.DeleteRoute(uint64(routes[0].ID))
 	c.Assert(err, check.IsNil)
 
-	enabledRoutes1, err := db.GetEnabledRoutes(&node1)
+	enabledRoutes1, err := db.GetEnabledRoutes(&machine1)
 	c.Assert(err, check.IsNil)
 	c.Assert(len(enabledRoutes1), check.Equals, 1)
+
+	c.Assert(channelUpdates, check.Equals, int32(2))
 }

hscontrol/db/suite_test.go

@@ -3,9 +3,9 @@ package db
 import (
 	"net/netip"
 	"os"
+	"sync/atomic"
 	"testing"
 
-	"github.com/juanfont/headscale/hscontrol/notifier"
 	"gopkg.in/check.v1"
 )
 
@@ -20,9 +20,14 @@ type Suite struct{}
 var (
 	tmpDir string
 	db     *HSDatabase
+
+	// channelUpdates counts the number of times
+	// either of the channels was notified.
+	channelUpdates int32
 )
 
 func (s *Suite) SetUpTest(c *check.C) {
+	atomic.StoreInt32(&channelUpdates, 0)
 	s.ResetDB(c)
 }
 
@@ -30,6 +35,13 @@ func (s *Suite) TearDownTest(c *check.C) {
 	os.RemoveAll(tmpDir)
 }
 
+func notificationSink(c <-chan struct{}) {
+	for {
+		<-c
+		atomic.AddInt32(&channelUpdates, 1)
+	}
+}
+
 func (s *Suite) ResetDB(c *check.C) {
 	if len(tmpDir) != 0 {
 		os.RemoveAll(tmpDir)
@@ -40,11 +52,15 @@ func (s *Suite) ResetDB(c *check.C) {
 		c.Fatal(err)
 	}
 
+	sink := make(chan struct{})
+
+	go notificationSink(sink)
+
 	db, err = NewHeadscaleDatabase(
 		"sqlite3",
 		tmpDir+"/headscale_test.db",
 		false,
-		notifier.NewNotifier(),
+		sink,
 		[]netip.Prefix{
 			netip.MustParsePrefix("10.27.0.0/23"),
 		},

hscontrol/db/users.go

@@ -18,9 +18,6 @@ var (
 // CreateUser creates a new User. Returns error if could not be created
 // or another user already exists.
 func (hsdb *HSDatabase) CreateUser(name string) (*types.User, error) {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
 	err := util.CheckForFQDNRules(name)
 	if err != nil {
 		return nil, err
@@ -43,30 +40,27 @@ func (hsdb *HSDatabase) CreateUser(name string) (*types.User, error) {
 }
 
 // DestroyUser destroys a User. Returns error if the User does
-// not exist or if there are nodes associated with it.
+// not exist or if there are machines associated with it.
 func (hsdb *HSDatabase) DestroyUser(name string) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
-	user, err := hsdb.getUser(name)
+	user, err := hsdb.GetUser(name)
 	if err != nil {
 		return ErrUserNotFound
 	}
 
-	nodes, err := hsdb.listNodesByUser(name)
+	machines, err := hsdb.ListMachinesByUser(name)
 	if err != nil {
 		return err
 	}
-	if len(nodes) > 0 {
+	if len(machines) > 0 {
 		return ErrUserStillHasNodes
 	}
 
-	keys, err := hsdb.listPreAuthKeys(name)
+	keys, err := hsdb.ListPreAuthKeys(name)
 	if err != nil {
 		return err
 	}
 	for _, key := range keys {
-		err = hsdb.destroyPreAuthKey(key)
+		err = hsdb.DestroyPreAuthKey(key)
 		if err != nil {
 			return err
 		}
@@ -82,11 +76,8 @@ func (hsdb *HSDatabase) DestroyUser(name string) error {
 // RenameUser renames a User. Returns error if the User does
 // not exist or if another User exists with the new name.
 func (hsdb *HSDatabase) RenameUser(oldName, newName string) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
 	var err error
-	oldUser, err := hsdb.getUser(oldName)
+	oldUser, err := hsdb.GetUser(oldName)
 	if err != nil {
 		return err
 	}
@@ -94,7 +85,7 @@ func (hsdb *HSDatabase) RenameUser(oldName, newName string) error {
 	if err != nil {
 		return err
 	}
-	_, err = hsdb.getUser(newName)
+	_, err = hsdb.GetUser(newName)
 	if err == nil {
 		return ErrUserExists
 	}
@@ -113,13 +104,6 @@ func (hsdb *HSDatabase) RenameUser(oldName, newName string) error {
 
 // GetUser fetches a user by name.
 func (hsdb *HSDatabase) GetUser(name string) (*types.User, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.getUser(name)
-}
-
-func (hsdb *HSDatabase) getUser(name string) (*types.User, error) {
 	user := types.User{}
 	if result := hsdb.db.First(&user, "name = ?", name); errors.Is(
 		result.Error,
@@ -133,13 +117,6 @@ func (hsdb *HSDatabase) getUser(name string) (*types.User, error) {
 
 // ListUsers gets all the existing users.
 func (hsdb *HSDatabase) ListUsers() ([]types.User, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.listUsers()
-}
-
-func (hsdb *HSDatabase) listUsers() ([]types.User, error) {
 	users := []types.User{}
 	if err := hsdb.db.Find(&users).Error; err != nil {
 		return nil, err
@@ -148,47 +125,37 @@ func (hsdb *HSDatabase) listUsers() ([]types.User, error) {
 	return users, nil
 }
 
-// ListNodesByUser gets all the nodes in a given user.
-func (hsdb *HSDatabase) ListNodesByUser(name string) (types.Nodes, error) {
-	hsdb.mu.RLock()
-	defer hsdb.mu.RUnlock()
-
-	return hsdb.listNodesByUser(name)
-}
-
-func (hsdb *HSDatabase) listNodesByUser(name string) (types.Nodes, error) {
+// ListMachinesByUser gets all the nodes in a given user.
+func (hsdb *HSDatabase) ListMachinesByUser(name string) (types.Machines, error) {
 	err := util.CheckForFQDNRules(name)
 	if err != nil {
 		return nil, err
 	}
-	user, err := hsdb.getUser(name)
+	user, err := hsdb.GetUser(name)
 	if err != nil {
 		return nil, err
 	}
 
-	nodes := types.Nodes{}
-	if err := hsdb.db.Preload("AuthKey").Preload("AuthKey.User").Preload("User").Where(&types.Node{UserID: user.ID}).Find(&nodes).Error; err != nil {
+	machines := types.Machines{}
+	if err := hsdb.db.Preload("AuthKey").Preload("AuthKey.User").Preload("User").Where(&types.Machine{UserID: user.ID}).Find(&machines).Error; err != nil {
 		return nil, err
 	}
 
-	return nodes, nil
+	return machines, nil
 }
 
-// AssignNodeToUser assigns a Node to a user.
-func (hsdb *HSDatabase) AssignNodeToUser(node *types.Node, username string) error {
-	hsdb.mu.Lock()
-	defer hsdb.mu.Unlock()
-
+// SetMachineUser assigns a Machine to a user.
+func (hsdb *HSDatabase) SetMachineUser(machine *types.Machine, username string) error {
 	err := util.CheckForFQDNRules(username)
 	if err != nil {
 		return err
 	}
-	user, err := hsdb.getUser(username)
+	user, err := hsdb.GetUser(username)
 	if err != nil {
 		return err
 	}
-	node.User = *user
-	if result := hsdb.db.Save(&node); result.Error != nil {
+	machine.User = *user
+	if result := hsdb.db.Save(&machine); result.Error != nil {
 		return result.Error
 	}
 

hscontrol/db/users_test.go

@@ -46,17 +46,17 @@ func (s *Suite) TestDestroyUserErrors(c *check.C) {
 	pak, err = db.CreatePreAuthKey(user.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         user.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
+	db.db.Save(&machine)
 
 	err = db.DestroyUser("test")
 	c.Assert(err, check.Equals, ErrUserStillHasNodes)
@@ -101,29 +101,29 @@ func (s *Suite) TestSetMachineUser(c *check.C) {
 	pak, err := db.CreatePreAuthKey(oldUser.Name, false, false, nil, nil)
 	c.Assert(err, check.IsNil)
 
-	node := types.Node{
+	machine := types.Machine{
 		ID:             0,
 		MachineKey:     "foo",
 		NodeKey:        "bar",
 		DiscoKey:       "faa",
-		Hostname:       "testnode",
+		Hostname:       "testmachine",
 		UserID:         oldUser.ID,
 		RegisterMethod: util.RegisterMethodAuthKey,
 		AuthKeyID:      uint(pak.ID),
 	}
-	db.db.Save(&node)
-	c.Assert(node.UserID, check.Equals, oldUser.ID)
+	db.db.Save(&machine)
+	c.Assert(machine.UserID, check.Equals, oldUser.ID)
 
-	err = db.AssignNodeToUser(&node, newUser.Name)
+	err = db.SetMachineUser(&machine, newUser.Name)
 	c.Assert(err, check.IsNil)
-	c.Assert(node.UserID, check.Equals, newUser.ID)
-	c.Assert(node.User.Name, check.Equals, newUser.Name)
+	c.Assert(machine.UserID, check.Equals, newUser.ID)
+	c.Assert(machine.User.Name, check.Equals, newUser.Name)
 
-	err = db.AssignNodeToUser(&node, "non-existing-user")
+	err = db.SetMachineUser(&machine, "non-existing-user")
 	c.Assert(err, check.Equals, ErrUserNotFound)
 
-	err = db.AssignNodeToUser(&node, newUser.Name)
+	err = db.SetMachineUser(&machine, newUser.Name)
 	c.Assert(err, check.IsNil)
-	c.Assert(node.UserID, check.Equals, newUser.ID)
-	c.Assert(node.User.Name, check.Equals, newUser.Name)
+	c.Assert(machine.UserID, check.Equals, newUser.ID)
+	c.Assert(machine.User.Name, check.Equals, newUser.Name)
 }

hscontrol/derp/server/derp_server.go

@@ -39,7 +39,7 @@ func NewDERPServer(
 	cfg *types.DERPConfig,
 ) (*DERPServer, error) {
 	log.Trace().Caller().Msg("Creating new embedded DERP server")
-	server := derp.NewServer(derpKey, log.Debug().Msgf) // nolint // zerolinter complains
+	server := derp.NewServer(derpKey, log.Debug().Msgf)
 
 	return &DERPServer{
 		serverURL:     serverURL,

hscontrol/grpcv1.go

@@ -166,16 +166,16 @@ func (api headscaleV1APIServer) ListPreAuthKeys(
 	return &v1.ListPreAuthKeysResponse{PreAuthKeys: response}, nil
 }
 
-func (api headscaleV1APIServer) RegisterNode(
+func (api headscaleV1APIServer) RegisterMachine(
 	ctx context.Context,
-	request *v1.RegisterNodeRequest,
-) (*v1.RegisterNodeResponse, error) {
+	request *v1.RegisterMachineRequest,
+) (*v1.RegisterMachineResponse, error) {
 	log.Trace().
 		Str("user", request.GetUser()).
 		Str("node_key", request.GetKey()).
-		Msg("Registering node")
+		Msg("Registering machine")
 
-	node, err := api.h.db.RegisterNodeFromAuthCallback(
+	machine, err := api.h.db.RegisterMachineFromAuthCallback(
 		api.h.registrationCache,
 		request.GetKey(),
 		request.GetUser(),
@@ -186,26 +186,26 @@ func (api headscaleV1APIServer) RegisterNode(
 		return nil, err
 	}
 
-	return &v1.RegisterNodeResponse{Node: node.Proto()}, nil
+	return &v1.RegisterMachineResponse{Machine: machine.Proto()}, nil
 }
 
-func (api headscaleV1APIServer) GetNode(
+func (api headscaleV1APIServer) GetMachine(
 	ctx context.Context,
-	request *v1.GetNodeRequest,
-) (*v1.GetNodeResponse, error) {
-	node, err := api.h.db.GetNodeByID(request.GetNodeId())
+	request *v1.GetMachineRequest,
+) (*v1.GetMachineResponse, error) {
+	machine, err := api.h.db.GetMachineByID(request.GetMachineId())
 	if err != nil {
 		return nil, err
 	}
 
-	return &v1.GetNodeResponse{Node: node.Proto()}, nil
+	return &v1.GetMachineResponse{Machine: machine.Proto()}, nil
 }
 
 func (api headscaleV1APIServer) SetTags(
 	ctx context.Context,
 	request *v1.SetTagsRequest,
 ) (*v1.SetTagsResponse, error) {
-	node, err := api.h.db.GetNodeByID(request.GetNodeId())
+	machine, err := api.h.db.GetMachineByID(request.GetMachineId())
 	if err != nil {
 		return nil, err
 	}
@@ -214,24 +214,24 @@ func (api headscaleV1APIServer) SetTags(
 		err := validateTag(tag)
 		if err != nil {
 			return &v1.SetTagsResponse{
-				Node: nil,
+				Machine: nil,
 			}, status.Error(codes.InvalidArgument, err.Error())
 		}
 	}
 
-	err = api.h.db.SetTags(node, request.GetTags())
+	err = api.h.db.SetTags(machine, request.GetTags())
 	if err != nil {
 		return &v1.SetTagsResponse{
-			Node: nil,
+			Machine: nil,
 		}, status.Error(codes.Internal, err.Error())
 	}
 
 	log.Trace().
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Strs("tags", request.GetTags()).
-		Msg("Changing tags of node")
+		Msg("Changing tags of machine")
 
-	return &v1.SetTagsResponse{Node: node.Proto()}, nil
+	return &v1.SetTagsResponse{Machine: machine.Proto()}, nil
 }
 
 func validateTag(tag string) error {
@@ -247,60 +247,57 @@ func validateTag(tag string) error {
 	return nil
 }
 
-func (api headscaleV1APIServer) DeleteNode(
+func (api headscaleV1APIServer) DeleteMachine(
 	ctx context.Context,
-	request *v1.DeleteNodeRequest,
-) (*v1.DeleteNodeResponse, error) {
-	node, err := api.h.db.GetNodeByID(request.GetNodeId())
+	request *v1.DeleteMachineRequest,
+) (*v1.DeleteMachineResponse, error) {
+	machine, err := api.h.db.GetMachineByID(request.GetMachineId())
 	if err != nil {
 		return nil, err
 	}
 
-	err = api.h.db.DeleteNode(
-		node,
+	err = api.h.db.DeleteMachine(
+		machine,
 	)
 	if err != nil {
 		return nil, err
 	}
 
-	return &v1.DeleteNodeResponse{}, nil
+	return &v1.DeleteMachineResponse{}, nil
 }
 
-func (api headscaleV1APIServer) ExpireNode(
+func (api headscaleV1APIServer) ExpireMachine(
 	ctx context.Context,
-	request *v1.ExpireNodeRequest,
-) (*v1.ExpireNodeResponse, error) {
-	node, err := api.h.db.GetNodeByID(request.GetNodeId())
+	request *v1.ExpireMachineRequest,
+) (*v1.ExpireMachineResponse, error) {
+	machine, err := api.h.db.GetMachineByID(request.GetMachineId())
 	if err != nil {
 		return nil, err
 	}
 
-	now := time.Now()
-
-	api.h.db.NodeSetExpiry(
-		node,
-		now,
+	api.h.db.ExpireMachine(
+		machine,
 	)
 
 	log.Trace().
-		Str("node", node.Hostname).
-		Time("expiry", *node.Expiry).
-		Msg("node expired")
+		Str("machine", machine.Hostname).
+		Time("expiry", *machine.Expiry).
+		Msg("machine expired")
 
-	return &v1.ExpireNodeResponse{Node: node.Proto()}, nil
+	return &v1.ExpireMachineResponse{Machine: machine.Proto()}, nil
 }
 
-func (api headscaleV1APIServer) RenameNode(
+func (api headscaleV1APIServer) RenameMachine(
 	ctx context.Context,
-	request *v1.RenameNodeRequest,
-) (*v1.RenameNodeResponse, error) {
-	node, err := api.h.db.GetNodeByID(request.GetNodeId())
+	request *v1.RenameMachineRequest,
+) (*v1.RenameMachineResponse, error) {
+	machine, err := api.h.db.GetMachineByID(request.GetMachineId())
 	if err != nil {
 		return nil, err
 	}
 
-	err = api.h.db.RenameNode(
-		node,
+	err = api.h.db.RenameMachine(
+		machine,
 		request.GetNewName(),
 	)
 	if err != nil {
@@ -308,65 +305,65 @@ func (api headscaleV1APIServer) RenameNode(
 	}
 
 	log.Trace().
-		Str("node", node.Hostname).
+		Str("machine", machine.Hostname).
 		Str("new_name", request.GetNewName()).
-		Msg("node renamed")
+		Msg("machine renamed")
 
-	return &v1.RenameNodeResponse{Node: node.Proto()}, nil
+	return &v1.RenameMachineResponse{Machine: machine.Proto()}, nil
 }
 
-func (api headscaleV1APIServer) ListNodes(
+func (api headscaleV1APIServer) ListMachines(
 	ctx context.Context,
-	request *v1.ListNodesRequest,
-) (*v1.ListNodesResponse, error) {
+	request *v1.ListMachinesRequest,
+) (*v1.ListMachinesResponse, error) {
 	if request.GetUser() != "" {
-		nodes, err := api.h.db.ListNodesByUser(request.GetUser())
+		machines, err := api.h.db.ListMachinesByUser(request.GetUser())
 		if err != nil {
 			return nil, err
 		}
 
-		response := make([]*v1.Node, len(nodes))
-		for index, node := range nodes {
-			response[index] = node.Proto()
+		response := make([]*v1.Machine, len(machines))
+		for index, machine := range machines {
+			response[index] = machine.Proto()
 		}
 
-		return &v1.ListNodesResponse{Nodes: response}, nil
+		return &v1.ListMachinesResponse{Machines: response}, nil
 	}
 
-	nodes, err := api.h.db.ListNodes()
+	machines, err := api.h.db.ListMachines()
 	if err != nil {
 		return nil, err
 	}
 
-	response := make([]*v1.Node, len(nodes))
-	for index, node := range nodes {
-		m := node.Proto()
-		validTags, invalidTags := api.h.ACLPolicy.TagsOfNode(
-			&node,
+	response := make([]*v1.Machine, len(machines))
+	for index, machine := range machines {
+		m := machine.Proto()
+		validTags, invalidTags := api.h.ACLPolicy.TagsOfMachine(
+			machine,
 		)
 		m.InvalidTags = invalidTags
 		m.ValidTags = validTags
 		response[index] = m
 	}
 
-	return &v1.ListNodesResponse{Nodes: response}, nil
+	return &v1.ListMachinesResponse{Machines: response}, nil
 }
 
-func (api headscaleV1APIServer) MoveNode(
+func (api headscaleV1APIServer) MoveMachine(
 	ctx context.Context,
-	request *v1.MoveNodeRequest,
-) (*v1.MoveNodeResponse, error) {
-	node, err := api.h.db.GetNodeByID(request.GetNodeId())
+	request *v1.MoveMachineRequest,
+) (*v1.MoveMachineResponse, error) {
+	machine, err := api.h.db.GetMachineByID(request.GetMachineId())
 	if err != nil {
 		return nil, err
 	}
 
-	err = api.h.db.AssignNodeToUser(node, request.GetUser())
+	err = api.h.db.SetMachineUser(machine, request.GetUser())
 	if err != nil {
 		return nil, err
 	}
 
-	return &v1.MoveNodeResponse{Node: node.Proto()}, nil
+	return &v1.MoveMachineResponse{Machine: machine.Proto()}, nil
 }
 
 func (api headscaleV1APIServer) GetRoutes(
@@ -407,21 +404,21 @@ func (api headscaleV1APIServer) DisableRoute(
 	return &v1.DisableRouteResponse{}, nil
 }
 
-func (api headscaleV1APIServer) GetNodeRoutes(
+func (api headscaleV1APIServer) GetMachineRoutes(
 	ctx context.Context,
-	request *v1.GetNodeRoutesRequest,
-) (*v1.GetNodeRoutesResponse, error) {
-	node, err := api.h.db.GetNodeByID(request.GetNodeId())
+	request *v1.GetMachineRoutesRequest,
+) (*v1.GetMachineRoutesResponse, error) {
+	machine, err := api.h.db.GetMachineByID(request.GetMachineId())
 	if err != nil {
 		return nil, err
 	}
 
-	routes, err := api.h.db.GetNodeRoutes(node)
+	routes, err := api.h.db.GetMachineRoutes(machine)
 	if err != nil {
 		return nil, err
 	}
 
-	return &v1.GetNodeRoutesResponse{
+	return &v1.GetMachineRoutesResponse{
 		Routes: types.Routes(routes).Proto(),
 	}, nil
 }
@@ -495,10 +492,10 @@ func (api headscaleV1APIServer) ListApiKeys(
 }
 
 // The following service calls are for testing and debugging
-func (api headscaleV1APIServer) DebugCreateNode(
+func (api headscaleV1APIServer) DebugCreateMachine(
 	ctx context.Context,
-	request *v1.DebugCreateNodeRequest,
-) (*v1.DebugCreateNodeResponse, error) {
+	request *v1.DebugCreateMachineRequest,
+) (*v1.DebugCreateMachineResponse, error) {
 	user, err := api.h.db.GetUser(request.GetUser())
 	if err != nil {
 		return nil, err
@@ -518,7 +515,7 @@ func (api headscaleV1APIServer) DebugCreateNode(
 	hostinfo := tailcfg.Hostinfo{
 		RoutableIPs: routes,
 		OS:          "TestOS",
-		Hostname:    "DebugTestNode",
+		Hostname:    "DebugTestMachine",
 	}
 
 	givenName, err := api.h.db.GenerateGivenName(request.GetKey(), request.GetName())
@@ -526,14 +523,15 @@ func (api headscaleV1APIServer) DebugCreateNode(
 		return nil, err
 	}
 
-	newNode := types.Node{
+	newMachine := types.Machine{
 		MachineKey: request.GetKey(),
 		Hostname:   request.GetName(),
 		GivenName:  givenName,
 		User:       *user,
 
-		Expiry:   &time.Time{},
-		LastSeen: &time.Time{},
+		Expiry:               &time.Time{},
+		LastSeen:             &time.Time{},
+		LastSuccessfulUpdate: &time.Time{},
 
 		HostInfo: types.HostInfo(hostinfo),
 	}
@@ -541,16 +539,16 @@ func (api headscaleV1APIServer) DebugCreateNode(
 	nodeKey := key.NodePublic{}
 	err = nodeKey.UnmarshalText([]byte(request.GetKey()))
 	if err != nil {
-		log.Panic().Msg("can not add node for debug. invalid node key")
+		log.Panic().Msg("can not add machine for debug. invalid node key")
 	}
 
 	api.h.registrationCache.Set(
 		util.NodePublicKeyStripPrefix(nodeKey),
-		newNode,
+		newMachine,
 		registerCacheExpiration,
 	)
 
-	return &v1.DebugCreateNodeResponse{Node: newNode.Proto()}, nil
+	return &v1.DebugCreateMachineResponse{Machine: newMachine.Proto()}, nil
 }
 
 func (api headscaleV1APIServer) mustEmbedUnimplementedHeadscaleServiceServer() {}

hscontrol/mapper/mapper.go

@@ -4,24 +4,19 @@ import (
 	"encoding/binary"
 	"encoding/json"
 	"fmt"
-	"io/fs"
 	"net/url"
-	"os"
-	"path"
-	"sort"
 	"strings"
 	"sync"
-	"sync/atomic"
 	"time"
 
 	mapset "github.com/deckarep/golang-set/v2"
+	"github.com/juanfont/headscale/hscontrol/db"
 	"github.com/juanfont/headscale/hscontrol/policy"
 	"github.com/juanfont/headscale/hscontrol/types"
 	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/klauspost/compress/zstd"
 	"github.com/rs/zerolog/log"
 	"github.com/samber/lo"
-	"tailscale.com/envknob"
 	"tailscale.com/smallzstd"
 	"tailscale.com/tailcfg"
 	"tailscale.com/types/dnstype"
@@ -31,23 +26,11 @@ import (
 const (
 	nextDNSDoHPrefix           = "https://dns.nextdns.io"
 	reservedResponseHeaderSize = 4
-	mapperIDLength             = 8
-	debugMapResponsePerm       = 0o755
 )
 
-var debugDumpMapResponsePath = envknob.String("HEADSCALE_DEBUG_DUMP_MAPRESPONSE_PATH")
-
-// TODO: Optimise
-// As this work continues, the idea is that there will be one Mapper instance
-// per node, attached to the open stream between the control and client.
-// This means that this can hold a state per node and we can use that to
-// improve the mapresponses sent.
-// We could:
-// - Keep information about the previous mapresponse so we can send a diff
-// - Store hashes
-// - Create a "minifier" that removes info not needed for the node
-
 type Mapper struct {
+	db *db.HSDatabase
+
 	privateKey2019 *key.MachinePrivate
 	isNoise        bool
 
@@ -58,20 +41,10 @@ type Mapper struct {
 	dnsCfg           *tailcfg.DNSConfig
 	logtail          bool
 	randomClientPort bool
-
-	uid     string
-	created time.Time
-	seq     uint64
-
-	// Map isnt concurrency safe, so we need to ensure
-	// only one func is accessing it over time.
-	mu    sync.Mutex
-	peers map[uint64]*types.Node
 }
 
 func NewMapper(
-	node *types.Node,
-	peers types.Nodes,
+	db *db.HSDatabase,
 	privateKey *key.MachinePrivate,
 	isNoise bool,
 	derpMap *tailcfg.DERPMap,
@@ -80,15 +53,9 @@ func NewMapper(
 	logtail bool,
 	randomClientPort bool,
 ) *Mapper {
-	log.Debug().
-		Caller().
-		Bool("noise", isNoise).
-		Str("node", node.Hostname).
-		Msg("creating new mapper")
-
-	uid, _ := util.GenerateRandomStringDNSSafe(mapperIDLength)
-
 	return &Mapper{
+		db: db,
+
 		privateKey2019: privateKey,
 		isNoise:        isNoise,
 
@@ -97,27 +64,127 @@ func NewMapper(
 		dnsCfg:           dnsCfg,
 		logtail:          logtail,
 		randomClientPort: randomClientPort,
-
-		uid:     uid,
-		created: time.Now(),
-		seq:     0,
-
-		// TODO: populate
-		peers: peers.IDMap(),
 	}
 }
 
-func (m *Mapper) String() string {
-	return fmt.Sprintf("Mapper: { seq: %d, uid: %s, created: %s }", m.seq, m.uid, m.created)
+// TODO: Optimise
+// As this work continues, the idea is that there will be one Mapper instance
+// per node, attached to the open stream between the control and client.
+// This means that this can hold a state per machine and we can use that to
+// improve the mapresponses sent.
+// We could:
+// - Keep information about the previous mapresponse so we can send a diff
+// - Store hashes
+// - Create a "minifier" that removes info not needed for the node
+
+// fullMapResponse is the internal function for generating a MapResponse
+// for a machine.
+func fullMapResponse(
+	pol *policy.ACLPolicy,
+	machine *types.Machine,
+	peers types.Machines,
+
+	baseDomain string,
+	dnsCfg *tailcfg.DNSConfig,
+	derpMap *tailcfg.DERPMap,
+	logtail bool,
+	randomClientPort bool,
+) (*tailcfg.MapResponse, error) {
+	tailnode, err := tailNode(*machine, pol, dnsCfg, baseDomain)
+	if err != nil {
+		return nil, err
+	}
+
+	rules, sshPolicy, err := policy.GenerateFilterAndSSHRules(
+		pol,
+		machine,
+		peers,
+	)
+	if err != nil {
+		return nil, err
+	}
+
+	// Filter out peers that have expired.
+	peers = lo.Filter(peers, func(item types.Machine, index int) bool {
+		return !item.IsExpired()
+	})
+
+	// If there are filter rules present, see if there are any machines that cannot
+	// access eachother at all and remove them from the peers.
+	if len(rules) > 0 {
+		peers = policy.FilterMachinesByACL(machine, peers, rules)
+	}
+
+	profiles := generateUserProfiles(machine, peers, baseDomain)
+
+	dnsConfig := generateDNSConfig(
+		dnsCfg,
+		baseDomain,
+		*machine,
+		peers,
+	)
+
+	tailPeers, err := tailNodes(peers, pol, dnsCfg, baseDomain)
+	if err != nil {
+		return nil, err
+	}
+
+	now := time.Now()
+
+	resp := tailcfg.MapResponse{
+		KeepAlive: false,
+		Node:      tailnode,
+
+		// TODO: Only send if updated
+		DERPMap: derpMap,
+
+		// TODO: Only send if updated
+		Peers: tailPeers,
+
+		// TODO(kradalby): Implement:
+		// https://github.com/tailscale/tailscale/blob/main/tailcfg/tailcfg.go#L1351-L1374
+		// PeersChanged
+		// PeersRemoved
+		// PeersChangedPatch
+		// PeerSeenChange
+		// OnlineChange
+
+		// TODO: Only send if updated
+		DNSConfig: dnsConfig,
+
+		// TODO: Only send if updated
+		Domain: baseDomain,
+
+		// Do not instruct clients to collect services, we do not
+		// support or do anything with them
+		CollectServices: "false",
+
+		// TODO: Only send if updated
+		PacketFilter: policy.ReduceFilterRules(machine, rules),
+
+		UserProfiles: profiles,
+
+		// TODO: Only send if updated
+		SSHPolicy: sshPolicy,
+
+		ControlTime: &now,
+
+		Debug: &tailcfg.Debug{
+			DisableLogTail:      !logtail,
+			RandomizeClientPort: randomClientPort,
+		},
+	}
+
+	return &resp, nil
 }
 
 func generateUserProfiles(
-	node *types.Node,
-	peers types.Nodes,
+	machine *types.Machine,
+	peers types.Machines,
 	baseDomain string,
 ) []tailcfg.UserProfile {
 	userMap := make(map[string]types.User)
-	userMap[node.User.Name] = node.User
+	userMap[machine.User.Name] = machine.User
 	for _, peer := range peers {
 		userMap[peer.User.Name] = peer.User // not worth checking if already is there
 	}
@@ -144,8 +211,8 @@ func generateUserProfiles(
 func generateDNSConfig(
 	base *tailcfg.DNSConfig,
 	baseDomain string,
-	node *types.Node,
-	peers types.Nodes,
+	machine types.Machine,
+	peers types.Machines,
 ) *tailcfg.DNSConfig {
 	dnsConfig := base.Clone()
 
@@ -157,13 +224,13 @@ func generateDNSConfig(
 			dnsConfig.Domains,
 			fmt.Sprintf(
 				"%s.%s",
-				node.User.Name,
+				machine.User.Name,
 				baseDomain,
 			),
 		)
 
 		userSet := mapset.NewSet[types.User]()
-		userSet.Add(node.User)
+		userSet.Add(machine.User)
 		for _, p := range peers {
 			userSet.Add(p.User)
 		}
@@ -175,28 +242,28 @@ func generateDNSConfig(
 		dnsConfig = base
 	}
 
-	addNextDNSMetadata(dnsConfig.Resolvers, node)
+	addNextDNSMetadata(dnsConfig.Resolvers, machine)
 
 	return dnsConfig
 }
 
 // If any nextdns DoH resolvers are present in the list of resolvers it will
-// take metadata from the node metadata and instruct tailscale to add it
+// take metadata from the machine metadata and instruct tailscale to add it
 // to the requests. This makes it possible to identify from which device the
 // requests come in the NextDNS dashboard.
 //
 // This will produce a resolver like:
 // `https://dns.nextdns.io/<nextdns-id>?device_name=node-name&device_model=linux&device_ip=100.64.0.1`
-func addNextDNSMetadata(resolvers []*dnstype.Resolver, node *types.Node) {
+func addNextDNSMetadata(resolvers []*dnstype.Resolver, machine types.Machine) {
 	for _, resolver := range resolvers {
 		if strings.HasPrefix(resolver.Addr, nextDNSDoHPrefix) {
 			attrs := url.Values{
-				"device_name":  []string{node.Hostname},
-				"device_model": []string{node.HostInfo.OS},
+				"device_name":  []string{machine.Hostname},
+				"device_model": []string{machine.HostInfo.OS},
 			}
 
-			if len(node.IPAddresses) > 0 {
-				attrs.Add("device_ip", node.IPAddresses[0].String())
+			if len(machine.IPAddresses) > 0 {
+				attrs.Add("device_ip", machine.IPAddresses[0].String())
 			}
 
 			resolver.Addr = fmt.Sprintf("%s?%s", resolver.Addr, attrs.Encode())
@@ -204,165 +271,42 @@ func addNextDNSMetadata(resolvers []*dnstype.Resolver, node *types.Node) {
 	}
 }
 
-// fullMapResponse creates a complete MapResponse for a node.
-// It is a separate function to make testing easier.
-func (m *Mapper) fullMapResponse(
-	node *types.Node,
+// CreateMapResponse returns a MapResponse for the given machine.
+func (m Mapper) CreateMapResponse(
+	mapRequest tailcfg.MapRequest,
+	machine *types.Machine,
 	pol *policy.ACLPolicy,
-) (*tailcfg.MapResponse, error) {
-	peers := nodeMapToList(m.peers)
-
-	resp, err := m.baseWithConfigMapResponse(node, pol)
+) ([]byte, error) {
+	peers, err := m.db.ListPeers(machine)
 	if err != nil {
+		log.Error().
+			Caller().
+			Err(err).
+			Msg("Cannot fetch peers")
+
 		return nil, err
 	}
 
-	err = appendPeerChanges(
-		resp,
+	mapResponse, err := fullMapResponse(
 		pol,
-		node,
-		peers,
+		machine,
 		peers,
 		m.baseDomain,
 		m.dnsCfg,
+		m.derpMap,
+		m.logtail,
+		m.randomClientPort,
 	)
 	if err != nil {
 		return nil, err
 	}
 
-	return resp, nil
-}
-
-// FullMapResponse returns a MapResponse for the given node.
-func (m *Mapper) FullMapResponse(
-	mapRequest tailcfg.MapRequest,
-	node *types.Node,
-	pol *policy.ACLPolicy,
-) ([]byte, error) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	resp, err := m.fullMapResponse(node, pol)
-	if err != nil {
-		return nil, err
-	}
-
 	if m.isNoise {
-		return m.marshalMapResponse(mapRequest, resp, node, mapRequest.Compress)
+		return m.marshalMapResponse(mapResponse, key.MachinePublic{}, mapRequest.Compress)
 	}
 
-	return m.marshalMapResponse(mapRequest, resp, node, mapRequest.Compress)
-}
-
-// LiteMapResponse returns a MapResponse for the given node.
-// Lite means that the peers has been omitted, this is intended
-// to be used to answer MapRequests with OmitPeers set to true.
-func (m *Mapper) LiteMapResponse(
-	mapRequest tailcfg.MapRequest,
-	node *types.Node,
-	pol *policy.ACLPolicy,
-) ([]byte, error) {
-	resp, err := m.baseWithConfigMapResponse(node, pol)
-	if err != nil {
-		return nil, err
-	}
-
-	if m.isNoise {
-		return m.marshalMapResponse(mapRequest, resp, node, mapRequest.Compress)
-	}
-
-	return m.marshalMapResponse(mapRequest, resp, node, mapRequest.Compress)
-}
-
-func (m *Mapper) KeepAliveResponse(
-	mapRequest tailcfg.MapRequest,
-	node *types.Node,
-) ([]byte, error) {
-	resp := m.baseMapResponse()
-	resp.KeepAlive = true
-
-	return m.marshalMapResponse(mapRequest, &resp, node, mapRequest.Compress)
-}
-
-func (m *Mapper) DERPMapResponse(
-	mapRequest tailcfg.MapRequest,
-	node *types.Node,
-	derpMap tailcfg.DERPMap,
-) ([]byte, error) {
-	resp := m.baseMapResponse()
-	resp.DERPMap = &derpMap
-
-	return m.marshalMapResponse(mapRequest, &resp, node, mapRequest.Compress)
-}
-
-func (m *Mapper) PeerChangedResponse(
-	mapRequest tailcfg.MapRequest,
-	node *types.Node,
-	changed types.Nodes,
-	pol *policy.ACLPolicy,
-) ([]byte, error) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	lastSeen := make(map[tailcfg.NodeID]bool)
-
-	// Update our internal map.
-	for _, node := range changed {
-		m.peers[node.ID] = node
-
-		// We have just seen the node, let the peers update their list.
-		lastSeen[tailcfg.NodeID(node.ID)] = true
-	}
-
-	resp := m.baseMapResponse()
-
-	err := appendPeerChanges(
-		&resp,
-		pol,
-		node,
-		nodeMapToList(m.peers),
-		changed,
-		m.baseDomain,
-		m.dnsCfg,
-	)
-	if err != nil {
-		return nil, err
-	}
-
-	// resp.PeerSeenChange = lastSeen
-
-	return m.marshalMapResponse(mapRequest, &resp, node, mapRequest.Compress)
-}
-
-func (m *Mapper) PeerRemovedResponse(
-	mapRequest tailcfg.MapRequest,
-	node *types.Node,
-	removed []tailcfg.NodeID,
-) ([]byte, error) {
-	m.mu.Lock()
-	defer m.mu.Unlock()
-
-	// remove from our internal map
-	for _, id := range removed {
-		delete(m.peers, uint64(id))
-	}
-
-	resp := m.baseMapResponse()
-	resp.PeersRemoved = removed
-
-	return m.marshalMapResponse(mapRequest, &resp, node, mapRequest.Compress)
-}
-
-func (m *Mapper) marshalMapResponse(
-	mapRequest tailcfg.MapRequest,
-	resp *tailcfg.MapResponse,
-	node *types.Node,
-	compression string,
-) ([]byte, error) {
-	atomic.AddUint64(&m.seq, 1)
-
 	var machineKey key.MachinePublic
-	err := machineKey.UnmarshalText([]byte(util.MachinePublicKeyEnsurePrefix(node.MachineKey)))
+	err = machineKey.UnmarshalText([]byte(util.MachinePublicKeyEnsurePrefix(machine.MachineKey)))
 	if err != nil {
 		log.Error().
 			Caller().
@@ -372,68 +316,37 @@ func (m *Mapper) marshalMapResponse(
 		return nil, err
 	}
 
-	jsonBody, err := json.Marshal(resp)
+	return m.marshalMapResponse(mapResponse, machineKey, mapRequest.Compress)
+}
+
+func (m Mapper) CreateKeepAliveResponse(
+	mapRequest tailcfg.MapRequest,
+	machine *types.Machine,
+) ([]byte, error) {
+	keepAliveResponse := tailcfg.MapResponse{
+		KeepAlive: true,
+	}
+
+	if m.isNoise {
+		return m.marshalMapResponse(
+			keepAliveResponse,
+			key.MachinePublic{},
+			mapRequest.Compress,
+		)
+	}
+
+	var machineKey key.MachinePublic
+	err := machineKey.UnmarshalText([]byte(util.MachinePublicKeyEnsurePrefix(machine.MachineKey)))
 	if err != nil {
 		log.Error().
 			Caller().
 			Err(err).
-			Msg("Cannot marshal map response")
+			Msg("Cannot parse client key")
+
+		return nil, err
 	}
 
-	if debugDumpMapResponsePath != "" {
-		data := map[string]interface{}{
-			"MapRequest":  mapRequest,
-			"MapResponse": resp,
-		}
-
-		body, err := json.Marshal(data)
-		if err != nil {
-			log.Error().
-				Caller().
-				Err(err).
-				Msg("Cannot marshal map response")
-		}
-
-		perms := fs.FileMode(debugMapResponsePerm)
-		mPath := path.Join(debugDumpMapResponsePath, node.Hostname)
-		err = os.MkdirAll(mPath, perms)
-		if err != nil {
-			panic(err)
-		}
-
-		now := time.Now().UnixNano()
-
-		mapResponsePath := path.Join(
-			mPath,
-			fmt.Sprintf("%d-%s-%d.json", now, m.uid, atomic.LoadUint64(&m.seq)),
-		)
-
-		log.Trace().Msgf("Writing MapResponse to %s", mapResponsePath)
-		err = os.WriteFile(mapResponsePath, body, perms)
-		if err != nil {
-			panic(err)
-		}
-	}
-
-	var respBody []byte
-	if compression == util.ZstdCompression {
-		respBody = zstdEncode(jsonBody)
-		if !m.isNoise { // if legacy protocol
-			respBody = m.privateKey2019.SealTo(machineKey, respBody)
-		}
-	} else {
-		if !m.isNoise { // if legacy protocol
-			respBody = m.privateKey2019.SealTo(machineKey, jsonBody)
-		} else {
-			respBody = jsonBody
-		}
-	}
-
-	data := make([]byte, reservedResponseHeaderSize)
-	binary.LittleEndian.PutUint32(data, uint32(len(respBody)))
-	data = append(data, respBody...)
-
-	return data, nil
+	return m.marshalMapResponse(keepAliveResponse, machineKey, mapRequest.Compress)
 }
 
 // MarshalResponse takes an Tailscale Response, marhsal it to JSON.
@@ -462,6 +375,40 @@ func MarshalResponse(
 	return jsonBody, nil
 }
 
+func (m Mapper) marshalMapResponse(
+	resp interface{},
+	machineKey key.MachinePublic,
+	compression string,
+) ([]byte, error) {
+	jsonBody, err := json.Marshal(resp)
+	if err != nil {
+		log.Error().
+			Caller().
+			Err(err).
+			Msg("Cannot marshal map response")
+	}
+
+	var respBody []byte
+	if compression == util.ZstdCompression {
+		respBody = zstdEncode(jsonBody)
+		if !m.isNoise { // if legacy protocol
+			respBody = m.privateKey2019.SealTo(machineKey, respBody)
+		}
+	} else {
+		if !m.isNoise { // if legacy protocol
+			respBody = m.privateKey2019.SealTo(machineKey, jsonBody)
+		} else {
+			respBody = jsonBody
+		}
+	}
+
+	data := make([]byte, reservedResponseHeaderSize)
+	binary.LittleEndian.PutUint32(data, uint32(len(respBody)))
+	data = append(data, respBody...)
+
+	return data, nil
+}
+
 func zstdEncode(in []byte) []byte {
 	encoder, ok := zstdEncoderPool.Get().(*zstd.Encoder)
 	if !ok {
@@ -486,136 +433,3 @@ var zstdEncoderPool = &sync.Pool{
 		return encoder
 	},
 }
-
-// baseMapResponse returns a tailcfg.MapResponse with
-// KeepAlive false and ControlTime set to now.
-func (m *Mapper) baseMapResponse() tailcfg.MapResponse {
-	now := time.Now()
-
-	resp := tailcfg.MapResponse{
-		KeepAlive:   false,
-		ControlTime: &now,
-	}
-
-	return resp
-}
-
-// baseWithConfigMapResponse returns a tailcfg.MapResponse struct
-// with the basic configuration from headscale set.
-// It is used in for bigger updates, such as full and lite, not
-// incremental.
-func (m *Mapper) baseWithConfigMapResponse(
-	node *types.Node,
-	pol *policy.ACLPolicy,
-) (*tailcfg.MapResponse, error) {
-	resp := m.baseMapResponse()
-
-	tailnode, err := tailNode(node, pol, m.dnsCfg, m.baseDomain)
-	if err != nil {
-		return nil, err
-	}
-	resp.Node = tailnode
-
-	resp.DERPMap = m.derpMap
-
-	resp.Domain = m.baseDomain
-
-	// Do not instruct clients to collect services we do not
-	// support or do anything with them
-	resp.CollectServices = "false"
-
-	resp.KeepAlive = false
-
-	resp.Debug = &tailcfg.Debug{
-		DisableLogTail:      !m.logtail,
-		RandomizeClientPort: m.randomClientPort,
-	}
-
-	return &resp, nil
-}
-
-func nodeMapToList(nodes map[uint64]*types.Node) types.Nodes {
-	ret := make(types.Nodes, 0)
-
-	for _, node := range nodes {
-		ret = append(ret, node)
-	}
-
-	return ret
-}
-
-func filterExpiredAndNotReady(peers types.Nodes) types.Nodes {
-	return lo.Filter(peers, func(item *types.Node, index int) bool {
-		// Filter out nodes that are expired OR
-		// nodes that has no endpoints, this typically means they have
-		// registered, but are not configured.
-		return !item.IsExpired() || len(item.Endpoints) > 0
-	})
-}
-
-// appendPeerChanges mutates a tailcfg.MapResponse with all the
-// necessary changes when peers have changed.
-func appendPeerChanges(
-	resp *tailcfg.MapResponse,
-
-	pol *policy.ACLPolicy,
-	node *types.Node,
-	peers types.Nodes,
-	changed types.Nodes,
-	baseDomain string,
-	dnsCfg *tailcfg.DNSConfig,
-) error {
-	fullChange := len(peers) == len(changed)
-
-	rules, sshPolicy, err := policy.GenerateFilterAndSSHRules(
-		pol,
-		node,
-		peers,
-	)
-	if err != nil {
-		return err
-	}
-
-	// Filter out peers that have expired.
-	changed = filterExpiredAndNotReady(changed)
-
-	// If there are filter rules present, see if there are any nodes that cannot
-	// access eachother at all and remove them from the peers.
-	if len(rules) > 0 {
-		changed = policy.FilterNodesByACL(node, changed, rules)
-	}
-
-	profiles := generateUserProfiles(node, changed, baseDomain)
-
-	dnsConfig := generateDNSConfig(
-		dnsCfg,
-		baseDomain,
-		node,
-		peers,
-	)
-
-	tailPeers, err := tailNodes(changed, pol, dnsCfg, baseDomain)
-	if err != nil {
-		return err
-	}
-
-	// Peers is always returned sorted by Node.ID.
-	sort.SliceStable(tailPeers, func(x, y int) bool {
-		return tailPeers[x].ID < tailPeers[y].ID
-	})
-
-	if fullChange {
-		resp.Peers = tailPeers
-	} else {
-		resp.PeersChanged = tailPeers
-	}
-	resp.DNSConfig = dnsConfig
-	resp.PacketFilter = policy.ReduceFilterRules(node, rules)
-	resp.UserProfiles = profiles
-	resp.SSHPolicy = sshPolicy
-
-	// TODO(kradalby): This currently does not take last seen in keepalives into account
-	resp.OnlineChange = peers.OnlineNodeMap()
-
-	return nil
-}

hscontrol/mapper/mapper_test.go

@@ -18,8 +18,8 @@ import (
 )
 
 func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
-	mach := func(hostname, username string, userid uint) *types.Node {
-		return &types.Node{
+	mach := func(hostname, username string, userid uint) types.Machine {
+		return types.Machine{
 			Hostname: hostname,
 			UserID:   userid,
 			User: types.User{
@@ -28,15 +28,15 @@ func (s *Suite) TestGetMapResponseUserProfiles(c *check.C) {
 		}
 	}
 
-	nodeInShared1 := mach("test_get_shared_nodes_1", "user1", 1)
-	nodeInShared2 := mach("test_get_shared_nodes_2", "user2", 2)
-	nodeInShared3 := mach("test_get_shared_nodes_3", "user3", 3)
-	node2InShared1 := mach("test_get_shared_nodes_4", "user1", 1)
+	machineInShared1 := mach("test_get_shared_nodes_1", "user1", 1)
+	machineInShared2 := mach("test_get_shared_nodes_2", "user2", 2)
+	machineInShared3 := mach("test_get_shared_nodes_3", "user3", 3)
+	machine2InShared1 := mach("test_get_shared_nodes_4", "user1", 1)
 
 	userProfiles := generateUserProfiles(
-		nodeInShared1,
-		types.Nodes{
-			nodeInShared2, nodeInShared3, node2InShared1,
+		&machineInShared1,
+		types.Machines{
+			machineInShared2, machineInShared3, machine2InShared1,
 		},
 		"",
 	)
@@ -91,8 +91,8 @@ func TestDNSConfigMapResponse(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(fmt.Sprintf("with-magicdns-%v", tt.magicDNS), func(t *testing.T) {
-			mach := func(hostname, username string, userid uint) *types.Node {
-				return &types.Node{
+			mach := func(hostname, username string, userid uint) types.Machine {
+				return types.Machine{
 					Hostname: hostname,
 					UserID:   userid,
 					User: types.User{
@@ -109,23 +109,23 @@ func TestDNSConfigMapResponse(t *testing.T) {
 				Proxied: tt.magicDNS,
 			}
 
-			nodeInShared1 := mach("test_get_shared_nodes_1", "shared1", 1)
-			nodeInShared2 := mach("test_get_shared_nodes_2", "shared2", 2)
-			nodeInShared3 := mach("test_get_shared_nodes_3", "shared3", 3)
-			node2InShared1 := mach("test_get_shared_nodes_4", "shared1", 1)
+			machineInShared1 := mach("test_get_shared_nodes_1", "shared1", 1)
+			machineInShared2 := mach("test_get_shared_nodes_2", "shared2", 2)
+			machineInShared3 := mach("test_get_shared_nodes_3", "shared3", 3)
+			machine2InShared1 := mach("test_get_shared_nodes_4", "shared1", 1)
 
-			peersOfNodeInShared1 := types.Nodes{
-				nodeInShared1,
-				nodeInShared2,
-				nodeInShared3,
-				node2InShared1,
+			peersOfMachineInShared1 := types.Machines{
+				machineInShared1,
+				machineInShared2,
+				machineInShared3,
+				machine2InShared1,
 			}
 
 			got := generateDNSConfig(
 				&dnsConfigOrig,
 				baseDomain,
-				nodeInShared1,
-				peersOfNodeInShared1,
+				machineInShared1,
+				peersOfMachineInShared1,
 			)
 
 			if diff := cmp.Diff(tt.want, got, cmpopts.EquateEmpty()); diff != "" {
@@ -165,7 +165,7 @@ func Test_fullMapResponse(t *testing.T) {
 	lastSeen := time.Date(2009, time.November, 10, 23, 9, 0, 0, time.UTC)
 	expire := time.Date(2500, time.November, 11, 23, 0, 0, 0, time.UTC)
 
-	mini := &types.Node{
+	mini := &types.Machine{
 		ID:          0,
 		MachineKey:  "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
 		NodeKey:     "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
@@ -243,7 +243,7 @@ func Test_fullMapResponse(t *testing.T) {
 		},
 	}
 
-	peer1 := &types.Node{
+	peer1 := types.Machine{
 		ID:          1,
 		MachineKey:  "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
 		NodeKey:     "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
@@ -295,7 +295,7 @@ func Test_fullMapResponse(t *testing.T) {
 		},
 	}
 
-	peer2 := &types.Node{
+	peer2 := types.Machine{
 		ID:          2,
 		MachineKey:  "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
 		NodeKey:     "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
@@ -315,10 +315,10 @@ func Test_fullMapResponse(t *testing.T) {
 	}
 
 	tests := []struct {
-		name  string
-		pol   *policy.ACLPolicy
-		node  *types.Node
-		peers types.Nodes
+		name    string
+		pol     *policy.ACLPolicy
+		machine *types.Machine
+		peers   types.Machines
 
 		baseDomain       string
 		dnsConfig        *tailcfg.DNSConfig
@@ -329,8 +329,8 @@ func Test_fullMapResponse(t *testing.T) {
 		wantErr          bool
 	}{
 		// {
-		// 	name:             "empty-node",
-		// 	node:          types.Node{},
+		// 	name:             "empty-machine",
+		// 	machine:          types.Machine{},
 		// 	pol:              &policy.ACLPolicy{},
 		// 	dnsConfig:        &tailcfg.DNSConfig{},
 		// 	baseDomain:       "",
@@ -340,8 +340,8 @@ func Test_fullMapResponse(t *testing.T) {
 		{
 			name:             "no-pol-no-peers-map-response",
 			pol:              &policy.ACLPolicy{},
-			node:             mini,
-			peers:            types.Nodes{},
+			machine:          mini,
+			peers:            []types.Machine{},
 			baseDomain:       "",
 			dnsConfig:        &tailcfg.DNSConfig{},
 			derpMap:          &tailcfg.DERPMap{},
@@ -366,10 +366,10 @@ func Test_fullMapResponse(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "no-pol-with-peer-map-response",
-			pol:  &policy.ACLPolicy{},
-			node: mini,
-			peers: types.Nodes{
+			name:    "no-pol-with-peer-map-response",
+			pol:     &policy.ACLPolicy{},
+			machine: mini,
+			peers: []types.Machine{
 				peer1,
 			},
 			baseDomain:       "",
@@ -387,7 +387,6 @@ func Test_fullMapResponse(t *testing.T) {
 				DNSConfig:       &tailcfg.DNSConfig{},
 				Domain:          "",
 				CollectServices: "false",
-				OnlineChange:    map[tailcfg.NodeID]bool{tailPeer1.ID: false},
 				PacketFilter:    []tailcfg.FilterRule{},
 				UserProfiles:    []tailcfg.UserProfile{{LoginName: "mini", DisplayName: "mini"}},
 				SSHPolicy:       &tailcfg.SSHPolicy{Rules: []*tailcfg.SSHRule{}},
@@ -409,8 +408,8 @@ func Test_fullMapResponse(t *testing.T) {
 					},
 				},
 			},
-			node: mini,
-			peers: types.Nodes{
+			machine: mini,
+			peers: []types.Machine{
 				peer1,
 				peer2,
 			},
@@ -429,10 +428,6 @@ func Test_fullMapResponse(t *testing.T) {
 				DNSConfig:       &tailcfg.DNSConfig{},
 				Domain:          "",
 				CollectServices: "false",
-				OnlineChange: map[tailcfg.NodeID]bool{
-					tailPeer1.ID:             false,
-					tailcfg.NodeID(peer2.ID): false,
-				},
 				PacketFilter: []tailcfg.FilterRule{
 					{
 						SrcIPs: []string{"100.64.0.2/32"},
@@ -441,11 +436,9 @@ func Test_fullMapResponse(t *testing.T) {
 						},
 					},
 				},
-				UserProfiles: []tailcfg.UserProfile{
-					{LoginName: "mini", DisplayName: "mini"},
-				},
-				SSHPolicy:   &tailcfg.SSHPolicy{Rules: []*tailcfg.SSHRule{}},
-				ControlTime: &time.Time{},
+				UserProfiles: []tailcfg.UserProfile{{LoginName: "mini", DisplayName: "mini"}},
+				SSHPolicy:    &tailcfg.SSHPolicy{Rules: []*tailcfg.SSHRule{}},
+				ControlTime:  &time.Time{},
 				Debug: &tailcfg.Debug{
 					DisableLogTail: true,
 				},
@@ -456,23 +449,17 @@ func Test_fullMapResponse(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			mappy := NewMapper(
-				tt.node,
+			got, err := fullMapResponse(
+				tt.pol,
+				tt.machine,
 				tt.peers,
-				nil,
-				false,
-				tt.derpMap,
 				tt.baseDomain,
 				tt.dnsConfig,
+				tt.derpMap,
 				tt.logtail,
 				tt.randomClientPort,
 			)
 
-			got, err := mappy.fullMapResponse(
-				tt.node,
-				tt.pol,
-			)
-
 			if (err != nil) != tt.wantErr {
 				t.Errorf("fullMapResponse() error = %v, wantErr %v", err, tt.wantErr)
 

hscontrol/mapper/tail.go

@@ -14,16 +14,16 @@ import (
 )
 
 func tailNodes(
-	nodes types.Nodes,
+	machines types.Machines,
 	pol *policy.ACLPolicy,
 	dnsConfig *tailcfg.DNSConfig,
 	baseDomain string,
 ) ([]*tailcfg.Node, error) {
-	tNodes := make([]*tailcfg.Node, len(nodes))
+	nodes := make([]*tailcfg.Node, len(machines))
 
-	for index, node := range nodes {
+	for index, machine := range machines {
 		node, err := tailNode(
-			node,
+			machine,
 			pol,
 			dnsConfig,
 			baseDomain,
@@ -32,36 +32,37 @@ func tailNodes(
 			return nil, err
 		}
 
-		tNodes[index] = node
+		nodes[index] = node
 	}
 
-	return tNodes, nil
+	return nodes, nil
 }
 
-// tailNode converts a Node into a Tailscale Node. includeRoutes is false for shared nodes
+// tailNode converts a Machine into a Tailscale Node. includeRoutes is false for shared nodes
 // as per the expected behaviour in the official SaaS.
 func tailNode(
-	node *types.Node,
+	machine types.Machine,
 	pol *policy.ACLPolicy,
 	dnsConfig *tailcfg.DNSConfig,
 	baseDomain string,
 ) (*tailcfg.Node, error) {
-	nodeKey, err := node.NodePublicKey()
+	nodeKey, err := machine.NodePublicKey()
 	if err != nil {
 		return nil, err
 	}
 
-	machineKey, err := node.MachinePublicKey()
+	// MachineKey is only used in the legacy protocol
+	machineKey, err := machine.MachinePublicKey()
 	if err != nil {
 		return nil, err
 	}
 
-	discoKey, err := node.DiscoPublicKey()
+	discoKey, err := machine.DiscoPublicKey()
 	if err != nil {
 		return nil, err
 	}
 
-	addrs := node.IPAddresses.Prefixes()
+	addrs := machine.IPAddresses.Prefixes()
 
 	allowedIPs := append(
 		[]netip.Prefix{},
@@ -69,7 +70,7 @@ func tailNode(
 
 	primaryPrefixes := []netip.Prefix{}
 
-	for _, route := range node.Routes {
+	for _, route := range machine.Routes {
 		if route.Enabled {
 			if route.IsPrimary {
 				allowedIPs = append(allowedIPs, netip.Prefix(route.Prefix))
@@ -81,39 +82,39 @@ func tailNode(
 	}
 
 	var derp string
-	if node.HostInfo.NetInfo != nil {
-		derp = fmt.Sprintf("127.3.3.40:%d", node.HostInfo.NetInfo.PreferredDERP)
+	if machine.HostInfo.NetInfo != nil {
+		derp = fmt.Sprintf("127.3.3.40:%d", machine.HostInfo.NetInfo.PreferredDERP)
 	} else {
 		derp = "127.3.3.40:0" // Zero means disconnected or unknown.
 	}
 
 	var keyExpiry time.Time
-	if node.Expiry != nil {
-		keyExpiry = *node.Expiry
+	if machine.Expiry != nil {
+		keyExpiry = *machine.Expiry
 	} else {
 		keyExpiry = time.Time{}
 	}
 
-	hostname, err := node.GetFQDN(dnsConfig, baseDomain)
+	hostname, err := machine.GetFQDN(dnsConfig, baseDomain)
 	if err != nil {
 		return nil, err
 	}
 
-	hostInfo := node.GetHostInfo()
+	hostInfo := machine.GetHostInfo()
 
-	online := node.IsOnline()
+	online := machine.IsOnline()
 
-	tags, _ := pol.TagsOfNode(node)
-	tags = lo.Uniq(append(tags, node.ForcedTags...))
+	tags, _ := pol.TagsOfMachine(machine)
+	tags = lo.Uniq(append(tags, machine.ForcedTags...))
 
-	tNode := tailcfg.Node{
-		ID: tailcfg.NodeID(node.ID), // this is the actual ID
+	node := tailcfg.Node{
+		ID: tailcfg.NodeID(machine.ID), // this is the actual ID
 		StableID: tailcfg.StableNodeID(
-			strconv.FormatUint(node.ID, util.Base10),
+			strconv.FormatUint(machine.ID, util.Base10),
 		), // in headscale, unlike tailcontrol server, IDs are permanent
 		Name: hostname,
 
-		User: tailcfg.UserID(node.UserID),
+		User: tailcfg.UserID(machine.UserID),
 
 		Key:       nodeKey,
 		KeyExpiry: keyExpiry,
@@ -122,19 +123,19 @@ func tailNode(
 		DiscoKey:   discoKey,
 		Addresses:  addrs,
 		AllowedIPs: allowedIPs,
-		Endpoints:  node.Endpoints,
+		Endpoints:  machine.Endpoints,
 		DERP:       derp,
 		Hostinfo:   hostInfo.View(),
-		Created:    node.CreatedAt,
+		Created:    machine.CreatedAt,
 
 		Tags: tags,
 
 		PrimaryRoutes: primaryPrefixes,
 
-		LastSeen:          node.LastSeen,
+		LastSeen:          machine.LastSeen,
 		Online:            &online,
 		KeepAlive:         true,
-		MachineAuthorized: !node.IsExpired(),
+		MachineAuthorized: !machine.IsExpired(),
 
 		Capabilities: []string{
 			tailcfg.CapabilityFileSharing,
@@ -143,5 +144,5 @@ func tailNode(
 		},
 	}
 
-	return &tNode, nil
+	return &node, nil
 }

hscontrol/mapper/tail_test.go

@@ -45,7 +45,7 @@ func TestTailNode(t *testing.T) {
 
 	tests := []struct {
 		name       string
-		node       *types.Node
+		machine    types.Machine
 		pol        *policy.ACLPolicy
 		dnsConfig  *tailcfg.DNSConfig
 		baseDomain string
@@ -53,8 +53,8 @@ func TestTailNode(t *testing.T) {
 		wantErr    bool
 	}{
 		{
-			name:       "empty-node",
-			node:       &types.Node{},
+			name:       "empty-machine",
+			machine:    types.Machine{},
 			pol:        &policy.ACLPolicy{},
 			dnsConfig:  &tailcfg.DNSConfig{},
 			baseDomain: "",
@@ -62,8 +62,8 @@ func TestTailNode(t *testing.T) {
 			wantErr:    true,
 		},
 		{
-			name: "minimal-node",
-			node: &types.Node{
+			name: "minimal-machine",
+			machine: types.Machine{
 				ID:         0,
 				MachineKey: "mkey:f08305b4ee4250b95a70f3b7504d048d75d899993c624a26d422c67af0422507",
 				NodeKey:    "nodekey:9b2ffa7e08cc421a3d2cca9012280f6a236fd0de0b4ce005b30a98ad930306fe",
@@ -165,7 +165,7 @@ func TestTailNode(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := tailNode(
-				tt.node,
+				tt.machine,
 				tt.pol,
 				tt.dnsConfig,
 				tt.baseDomain,

hscontrol/metrics.go

@@ -8,18 +8,34 @@ import (
 const prometheusNamespace = "headscale"
 
 var (
-	// This is a high cardinality metric (user x node), we might want to make this
+	// This is a high cardinality metric (user x machines), we might want to make this
 	// configurable/opt-in in the future.
-	nodeRegistrations = promauto.NewCounterVec(prometheus.CounterOpts{
+	lastStateUpdate = promauto.NewGaugeVec(prometheus.GaugeOpts{
 		Namespace: prometheusNamespace,
-		Name:      "node_registrations_total",
-		Help:      "The total amount of registered node attempts",
+		Name:      "last_update_seconds",
+		Help:      "Time stamp in unix time when a machine or headscale was updated",
+	}, []string{"user", "machine"})
+
+	machineRegistrations = promauto.NewCounterVec(prometheus.CounterOpts{
+		Namespace: prometheusNamespace,
+		Name:      "machine_registrations_total",
+		Help:      "The total amount of registered machine attempts",
 	}, []string{"action", "auth", "status", "user"})
 
+	updateRequestsFromNode = promauto.NewCounterVec(prometheus.CounterOpts{
+		Namespace: prometheusNamespace,
+		Name:      "update_request_from_node_total",
+		Help:      "The number of updates requested by a node/update function",
+	}, []string{"user", "machine", "state"})
 	updateRequestsSentToNode = promauto.NewCounterVec(prometheus.CounterOpts{
 		Namespace: prometheusNamespace,
 		Name:      "update_request_sent_to_node_total",
 		Help:      "The number of calls/messages issued on a specific nodes update channel",
-	}, []string{"user", "node", "status"})
+	}, []string{"user", "machine", "status"})
 	// TODO(kradalby): This is very debugging, we might want to remove it.
+	updateRequestsReceivedOnChannel = promauto.NewCounterVec(prometheus.CounterOpts{
+		Namespace: prometheusNamespace,
+		Name:      "update_request_received_on_channel_total",
+		Help:      "The number of update requests received on an update channel",
+	}, []string{"user", "machine"})
 )

hscontrol/notifier/notifier.go

@@ -1,80 +0,0 @@
-package notifier
-
-import (
-	"sync"
-
-	"github.com/juanfont/headscale/hscontrol/types"
-	"github.com/juanfont/headscale/hscontrol/util"
-	"github.com/rs/zerolog/log"
-)
-
-type Notifier struct {
-	l     sync.RWMutex
-	nodes map[string]chan<- types.StateUpdate
-}
-
-func NewNotifier() *Notifier {
-	return &Notifier{}
-}
-
-func (n *Notifier) AddNode(machineKey string, c chan<- types.StateUpdate) {
-	log.Trace().Caller().Str("key", machineKey).Msg("acquiring lock to add node")
-	defer log.Trace().Caller().Str("key", machineKey).Msg("releasing lock to add node")
-
-	n.l.Lock()
-	defer n.l.Unlock()
-
-	if n.nodes == nil {
-		n.nodes = make(map[string]chan<- types.StateUpdate)
-	}
-
-	n.nodes[machineKey] = c
-
-	log.Trace().
-		Str("machine_key", machineKey).
-		Int("open_chans", len(n.nodes)).
-		Msg("Added new channel")
-}
-
-func (n *Notifier) RemoveNode(machineKey string) {
-	log.Trace().Caller().Str("key", machineKey).Msg("acquiring lock to remove node")
-	defer log.Trace().Caller().Str("key", machineKey).Msg("releasing lock to remove node")
-
-	n.l.Lock()
-	defer n.l.Unlock()
-
-	if n.nodes == nil {
-		return
-	}
-
-	delete(n.nodes, machineKey)
-
-	log.Trace().
-		Str("machine_key", machineKey).
-		Int("open_chans", len(n.nodes)).
-		Msg("Removed channel")
-}
-
-func (n *Notifier) NotifyAll(update types.StateUpdate) {
-	n.NotifyWithIgnore(update)
-}
-
-func (n *Notifier) NotifyWithIgnore(update types.StateUpdate, ignore ...string) {
-	log.Trace().Caller().Interface("type", update.Type).Msg("acquiring lock to notify")
-	defer log.Trace().
-		Caller().
-		Interface("type", update.Type).
-		Msg("releasing lock, finished notifing")
-
-	n.l.RLock()
-	defer n.l.RUnlock()
-
-	for key, c := range n.nodes {
-		if util.IsStringInSlice(ignore, key) {
-			continue
-		}
-
-		log.Trace().Caller().Str("machine", key).Strs("ignoring", ignore).Msg("sending update")
-		c <- update
-	}
-}

hscontrol/oidc.go

@@ -37,8 +37,8 @@ var (
 	errOIDCAllowedUsers  = errors.New(
 		"authenticated principal does not match any allowed user",
 	)
-	errOIDCInvalidNodeState = errors.New(
-		"requested node state key expired before authorisation completed",
+	errOIDCInvalidMachineState = errors.New(
+		"requested machine state key expired before authorisation completed",
 	)
 	errOIDCNodeKeyMissing = errors.New("could not get node key from cache")
 )
@@ -184,9 +184,9 @@ var oidcCallbackTemplate = template.Must(
 )
 
 // OIDCCallback handles the callback from the OIDC endpoint
-// Retrieves the nkey from the state cache and adds the node to the users email user
-// TODO: A confirmation page for new nodes should be added to avoid phishing vulnerabilities
-// TODO: Add groups information from OIDC tokens into node HostInfo
+// Retrieves the nkey from the state cache and adds the machine to the users email user
+// TODO: A confirmation page for new machines should be added to avoid phishing vulnerabilities
+// TODO: Add groups information from OIDC tokens into machine HostInfo
 // Listens in /oidc/callback.
 func (h *Headscale) OIDCCallback(
 	writer http.ResponseWriter,
@@ -232,13 +232,13 @@ func (h *Headscale) OIDCCallback(
 		return
 	}
 
-	nodeKey, nodeExists, err := h.validateNodeForOIDCCallback(
+	nodeKey, machineExists, err := h.validateMachineForOIDCCallback(
 		writer,
 		state,
 		claims,
 		idTokenExpiry,
 	)
-	if err != nil || nodeExists {
+	if err != nil || machineExists {
 		return
 	}
 
@@ -247,15 +247,15 @@ func (h *Headscale) OIDCCallback(
 		return
 	}
 
-	// register the node if it's new
-	log.Debug().Msg("Registering new node after successful callback")
+	// register the machine if it's new
+	log.Debug().Msg("Registering new machine after successful callback")
 
 	user, err := h.findOrCreateNewUserForOIDCCallback(writer, userName)
 	if err != nil {
 		return
 	}
 
-	if err := h.registerNodeForOIDCCallback(writer, user, nodeKey, idTokenExpiry); err != nil {
+	if err := h.registerMachineForOIDCCallback(writer, user, nodeKey, idTokenExpiry); err != nil {
 		return
 	}
 
@@ -453,21 +453,21 @@ func validateOIDCAllowedUsers(
 	return nil
 }
 
-// validateNode retrieves node information if it exist
+// validateMachine retrieves machine information if it exist
 // The error is not important, because if it does not
-// exist, then this is a new node and we will move
+// exist, then this is a new machine and we will move
 // on to registration.
-func (h *Headscale) validateNodeForOIDCCallback(
+func (h *Headscale) validateMachineForOIDCCallback(
 	writer http.ResponseWriter,
 	state string,
 	claims *IDTokenClaims,
 	expiry time.Time,
 ) (*key.NodePublic, bool, error) {
-	// retrieve nodekey from state cache
+	// retrieve machinekey from state cache
 	nodeKeyIf, nodeKeyFound := h.registrationCache.Get(state)
 	if !nodeKeyFound {
 		log.Trace().
-			Msg("requested node state key expired before authorisation completed")
+			Msg("requested machine state key expired before authorisation completed")
 		writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
 		writer.WriteHeader(http.StatusBadRequest)
 		_, err := writer.Write([]byte("state has expired"))
@@ -482,7 +482,7 @@ func (h *Headscale) validateNodeForOIDCCallback(
 	nodeKeyFromCache, nodeKeyOK := nodeKeyIf.(string)
 	if !nodeKeyOK {
 		log.Trace().
-			Msg("requested node state key is not a string")
+			Msg("requested machine state key is not a string")
 		writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
 		writer.WriteHeader(http.StatusBadRequest)
 		_, err := writer.Write([]byte("state is invalid"))
@@ -490,7 +490,7 @@ func (h *Headscale) validateNodeForOIDCCallback(
 			util.LogErr(err, "Failed to write response")
 		}
 
-		return nil, false, errOIDCInvalidNodeState
+		return nil, false, errOIDCInvalidMachineState
 	}
 
 	err := nodeKey.UnmarshalText(
@@ -511,33 +511,33 @@ func (h *Headscale) validateNodeForOIDCCallback(
 		return nil, false, err
 	}
 
-	// retrieve node information if it exist
+	// retrieve machine information if it exist
 	// The error is not important, because if it does not
-	// exist, then this is a new node and we will move
+	// exist, then this is a new machine and we will move
 	// on to registration.
-	node, _ := h.db.GetNodeByNodeKey(nodeKey)
+	machine, _ := h.db.GetMachineByNodeKey(nodeKey)
 
-	if node != nil {
+	if machine != nil {
 		log.Trace().
 			Caller().
-			Str("node", node.Hostname).
-			Msg("node already registered, reauthenticating")
+			Str("machine", machine.Hostname).
+			Msg("machine already registered, reauthenticating")
 
-		err := h.db.NodeSetExpiry(node, expiry)
+		err := h.db.RefreshMachine(machine, expiry)
 		if err != nil {
-			util.LogErr(err, "Failed to refresh node")
+			util.LogErr(err, "Failed to refresh machine")
 			http.Error(
 				writer,
-				"Failed to refresh node",
+				"Failed to refresh machine",
 				http.StatusInternalServerError,
 			)
 
 			return nil, true, err
 		}
 		log.Debug().
-			Str("node", node.Hostname).
+			Str("machine", machine.Hostname).
 			Str("expiresAt", fmt.Sprintf("%v", expiry)).
-			Msg("successfully refreshed node")
+			Msg("successfully refreshed machine")
 
 		var content bytes.Buffer
 		if err := oidcCallbackTemplate.Execute(&content, oidcCallbackTemplateConfig{
@@ -638,13 +638,13 @@ func (h *Headscale) findOrCreateNewUserForOIDCCallback(
 	return user, nil
 }
 
-func (h *Headscale) registerNodeForOIDCCallback(
+func (h *Headscale) registerMachineForOIDCCallback(
 	writer http.ResponseWriter,
 	user *types.User,
 	nodeKey *key.NodePublic,
 	expiry time.Time,
 ) error {
-	if _, err := h.db.RegisterNodeFromAuthCallback(
+	if _, err := h.db.RegisterMachineFromAuthCallback(
 		// TODO(kradalby): find a better way to use the cache across modules
 		h.registrationCache,
 		nodeKey.String(),
@@ -652,10 +652,10 @@ func (h *Headscale) registerNodeForOIDCCallback(
 		&expiry,
 		util.RegisterMethodOIDC,
 	); err != nil {
-		util.LogErr(err, "could not register node")
+		util.LogErr(err, "could not register machine")
 		writer.Header().Set("Content-Type", "text/plain; charset=utf-8")
 		writer.WriteHeader(http.StatusInternalServerError)
-		_, werr := writer.Write([]byte("could not register node"))
+		_, werr := writer.Write([]byte("could not register machine"))
 		if werr != nil {
 			util.LogErr(err, "Failed to write response")
 		}

hscontrol/policy/acls.go

@@ -116,30 +116,30 @@ func LoadACLPolicyFromBytes(acl []byte, format string) (*ACLPolicy, error) {
 
 func GenerateFilterAndSSHRules(
 	policy *ACLPolicy,
-	node *types.Node,
-	peers types.Nodes,
+	machine *types.Machine,
+	peers types.Machines,
 ) ([]tailcfg.FilterRule, *tailcfg.SSHPolicy, error) {
 	// If there is no policy defined, we default to allow all
 	if policy == nil {
 		return tailcfg.FilterAllowAll, &tailcfg.SSHPolicy{}, nil
 	}
 
-	rules, err := policy.generateFilterRules(node, peers)
+	rules, err := policy.generateFilterRules(machine, peers)
 	if err != nil {
 		return []tailcfg.FilterRule{}, &tailcfg.SSHPolicy{}, err
 	}
 
-	log.Trace().Interface("ACL", rules).Str("node", node.GivenName).Msg("ACL rules")
+	log.Trace().Interface("ACL", rules).Str("machine", machine.GivenName).Msg("ACL rules")
 
 	var sshPolicy *tailcfg.SSHPolicy
-	sshRules, err := policy.generateSSHRules(node, peers)
+	sshRules, err := policy.generateSSHRules(machine, peers)
 	if err != nil {
 		return []tailcfg.FilterRule{}, &tailcfg.SSHPolicy{}, err
 	}
 
 	log.Trace().
 		Interface("SSH", sshRules).
-		Str("node", node.GivenName).
+		Str("machine", machine.GivenName).
 		Msg("SSH rules")
 
 	if sshPolicy == nil {
@@ -150,14 +150,14 @@ func GenerateFilterAndSSHRules(
 	return rules, sshPolicy, nil
 }
 
-// generateFilterRules takes a set of nodes and an ACLPolicy and generates a
+// generateFilterRules takes a set of machines and an ACLPolicy and generates a
 // set of Tailscale compatible FilterRules used to allow traffic on clients.
 func (pol *ACLPolicy) generateFilterRules(
-	node *types.Node,
-	peers types.Nodes,
+	machine *types.Machine,
+	peers types.Machines,
 ) ([]tailcfg.FilterRule, error) {
 	rules := []tailcfg.FilterRule{}
-	nodes := append(peers, node)
+	machines := append(peers, *machine)
 
 	for index, acl := range pol.ACLs {
 		if acl.Action != "accept" {
@@ -166,7 +166,7 @@ func (pol *ACLPolicy) generateFilterRules(
 
 		srcIPs := []string{}
 		for srcIndex, src := range acl.Sources {
-			srcs, err := pol.expandSource(src, nodes)
+			srcs, err := pol.expandSource(src, machines)
 			if err != nil {
 				log.Error().
 					Interface("src", src).
@@ -195,7 +195,7 @@ func (pol *ACLPolicy) generateFilterRules(
 			}
 
 			expanded, err := pol.ExpandAlias(
-				nodes,
+				machines,
 				alias,
 			)
 			if err != nil {
@@ -230,13 +230,13 @@ func (pol *ACLPolicy) generateFilterRules(
 	return rules, nil
 }
 
-// ReduceFilterRules takes a node and a set of rules and removes all rules and destinations
+// ReduceFilterRules takes a machine and a set of rules and removes all rules and destinations
 // that are not relevant to that particular node.
-func ReduceFilterRules(node *types.Node, rules []tailcfg.FilterRule) []tailcfg.FilterRule {
+func ReduceFilterRules(machine *types.Machine, rules []tailcfg.FilterRule) []tailcfg.FilterRule {
 	ret := []tailcfg.FilterRule{}
 
 	for _, rule := range rules {
-		// record if the rule is actually relevant for the given node.
+		// record if the rule is actually relevant for the given machine.
 		dests := []tailcfg.NetPortRange{}
 
 		for _, dest := range rule.DstPorts {
@@ -247,7 +247,7 @@ func ReduceFilterRules(node *types.Node, rules []tailcfg.FilterRule) []tailcfg.F
 				continue
 			}
 
-			if node.IPAddresses.InIPSet(expanded) {
+			if machine.IPAddresses.InIPSet(expanded) {
 				dests = append(dests, dest)
 			}
 		}
@@ -265,8 +265,8 @@ func ReduceFilterRules(node *types.Node, rules []tailcfg.FilterRule) []tailcfg.F
 }
 
 func (pol *ACLPolicy) generateSSHRules(
-	node *types.Node,
-	peers types.Nodes,
+	machine *types.Machine,
+	peers types.Machines,
 ) ([]*tailcfg.SSHRule, error) {
 	rules := []*tailcfg.SSHRule{}
 
@@ -293,7 +293,7 @@ func (pol *ACLPolicy) generateSSHRules(
 	for index, sshACL := range pol.SSHs {
 		var dest netipx.IPSetBuilder
 		for _, src := range sshACL.Destinations {
-			expanded, err := pol.ExpandAlias(append(peers, node), src)
+			expanded, err := pol.ExpandAlias(append(peers, *machine), src)
 			if err != nil {
 				return nil, err
 			}
@@ -305,7 +305,7 @@ func (pol *ACLPolicy) generateSSHRules(
 			return nil, err
 		}
 
-		if !node.IPAddresses.InIPSet(destSet) {
+		if !machine.IPAddresses.InIPSet(destSet) {
 			continue
 		}
 
@@ -501,9 +501,9 @@ func parseProtocol(protocol string) ([]int, bool, error) {
 // with the given src alias.
 func (pol *ACLPolicy) expandSource(
 	src string,
-	nodes types.Nodes,
+	machines types.Machines,
 ) ([]string, error) {
-	ipSet, err := pol.ExpandAlias(nodes, src)
+	ipSet, err := pol.ExpandAlias(machines, src)
 	if err != nil {
 		return []string{}, err
 	}
@@ -526,7 +526,7 @@ func (pol *ACLPolicy) expandSource(
 // - a cidr
 // and transform these in IPAddresses.
 func (pol *ACLPolicy) ExpandAlias(
-	nodes types.Nodes,
+	machines types.Machines,
 	alias string,
 ) (*netipx.IPSet, error) {
 	if isWildcard(alias) {
@@ -541,16 +541,16 @@ func (pol *ACLPolicy) ExpandAlias(
 
 	// if alias is a group
 	if isGroup(alias) {
-		return pol.expandIPsFromGroup(alias, nodes)
+		return pol.expandIPsFromGroup(alias, machines)
 	}
 
 	// if alias is a tag
 	if isTag(alias) {
-		return pol.expandIPsFromTag(alias, nodes)
+		return pol.expandIPsFromTag(alias, machines)
 	}
 
 	// if alias is a user
-	if ips, err := pol.expandIPsFromUser(alias, nodes); ips != nil {
+	if ips, err := pol.expandIPsFromUser(alias, machines); ips != nil {
 		return ips, err
 	}
 
@@ -559,17 +559,17 @@ func (pol *ACLPolicy) ExpandAlias(
 	if h, ok := pol.Hosts[alias]; ok {
 		log.Trace().Str("host", h.String()).Msg("ExpandAlias got hosts entry")
 
-		return pol.ExpandAlias(nodes, h.String())
+		return pol.ExpandAlias(machines, h.String())
 	}
 
 	// if alias is an IP
 	if ip, err := netip.ParseAddr(alias); err == nil {
-		return pol.expandIPsFromSingleIP(ip, nodes)
+		return pol.expandIPsFromSingleIP(ip, machines)
 	}
 
 	// if alias is an IP Prefix (CIDR)
 	if prefix, err := netip.ParsePrefix(alias); err == nil {
-		return pol.expandIPsFromIPPrefix(prefix, nodes)
+		return pol.expandIPsFromIPPrefix(prefix, machines)
 	}
 
 	log.Warn().Msgf("No IPs found with the alias %v", alias)
@@ -582,10 +582,10 @@ func (pol *ACLPolicy) ExpandAlias(
 // we assume in this function that we only have nodes from 1 user.
 func excludeCorrectlyTaggedNodes(
 	aclPolicy *ACLPolicy,
-	nodes types.Nodes,
+	nodes types.Machines,
 	user string,
-) types.Nodes {
-	out := types.Nodes{}
+) types.Machines {
+	out := types.Machines{}
 	tags := []string{}
 	for tag := range aclPolicy.TagOwners {
 		owners, _ := expandOwnersFromTag(aclPolicy, user)
@@ -594,9 +594,9 @@ func excludeCorrectlyTaggedNodes(
 			tags = append(tags, tag)
 		}
 	}
-	// for each node if tag is in tags list, don't append it.
-	for _, node := range nodes {
-		hi := node.GetHostInfo()
+	// for each machine if tag is in tags list, don't append it.
+	for _, machine := range nodes {
+		hi := machine.GetHostInfo()
 
 		found := false
 		for _, t := range hi.RequestTags {
@@ -606,11 +606,11 @@ func excludeCorrectlyTaggedNodes(
 				break
 			}
 		}
-		if len(node.ForcedTags) > 0 {
+		if len(machine.ForcedTags) > 0 {
 			found = true
 		}
 		if !found {
-			out = append(out, node)
+			out = append(out, machine)
 		}
 	}
 
@@ -733,7 +733,7 @@ func (pol *ACLPolicy) expandUsersFromGroup(
 
 func (pol *ACLPolicy) expandIPsFromGroup(
 	group string,
-	nodes types.Nodes,
+	machines types.Machines,
 ) (*netipx.IPSet, error) {
 	build := netipx.IPSetBuilder{}
 
@@ -742,9 +742,9 @@ func (pol *ACLPolicy) expandIPsFromGroup(
 		return &netipx.IPSet{}, err
 	}
 	for _, user := range users {
-		filteredNodes := filterNodesByUser(nodes, user)
-		for _, node := range filteredNodes {
-			node.IPAddresses.AppendToIPSet(&build)
+		filteredMachines := filterMachinesByUser(machines, user)
+		for _, machine := range filteredMachines {
+			machine.IPAddresses.AppendToIPSet(&build)
 		}
 	}
 
@@ -753,14 +753,14 @@ func (pol *ACLPolicy) expandIPsFromGroup(
 
 func (pol *ACLPolicy) expandIPsFromTag(
 	alias string,
-	nodes types.Nodes,
+	machines types.Machines,
 ) (*netipx.IPSet, error) {
 	build := netipx.IPSetBuilder{}
 
 	// check for forced tags
-	for _, node := range nodes {
-		if util.StringOrPrefixListContains(node.ForcedTags, alias) {
-			node.IPAddresses.AppendToIPSet(&build)
+	for _, machine := range machines {
+		if util.StringOrPrefixListContains(machine.ForcedTags, alias) {
+			machine.IPAddresses.AppendToIPSet(&build)
 		}
 	}
 
@@ -783,13 +783,13 @@ func (pol *ACLPolicy) expandIPsFromTag(
 		}
 	}
 
-	// filter out nodes per tag owner
+	// filter out machines per tag owner
 	for _, user := range owners {
-		nodes := filterNodesByUser(nodes, user)
-		for _, node := range nodes {
-			hi := node.GetHostInfo()
+		machines := filterMachinesByUser(machines, user)
+		for _, machine := range machines {
+			hi := machine.GetHostInfo()
 			if util.StringOrPrefixListContains(hi.RequestTags, alias) {
-				node.IPAddresses.AppendToIPSet(&build)
+				machine.IPAddresses.AppendToIPSet(&build)
 			}
 		}
 	}
@@ -799,20 +799,20 @@ func (pol *ACLPolicy) expandIPsFromTag(
 
 func (pol *ACLPolicy) expandIPsFromUser(
 	user string,
-	nodes types.Nodes,
+	machines types.Machines,
 ) (*netipx.IPSet, error) {
 	build := netipx.IPSetBuilder{}
 
-	filteredNodes := filterNodesByUser(nodes, user)
-	filteredNodes = excludeCorrectlyTaggedNodes(pol, filteredNodes, user)
+	filteredMachines := filterMachinesByUser(machines, user)
+	filteredMachines = excludeCorrectlyTaggedNodes(pol, filteredMachines, user)
 
-	// shortcurcuit if we have no nodes to get ips from.
-	if len(filteredNodes) == 0 {
+	// shortcurcuit if we have no machines to get ips from.
+	if len(filteredMachines) == 0 {
 		return nil, nil //nolint
 	}
 
-	for _, node := range filteredNodes {
-		node.IPAddresses.AppendToIPSet(&build)
+	for _, machine := range filteredMachines {
+		machine.IPAddresses.AppendToIPSet(&build)
 	}
 
 	return build.IPSet()
@@ -820,17 +820,17 @@ func (pol *ACLPolicy) expandIPsFromUser(
 
 func (pol *ACLPolicy) expandIPsFromSingleIP(
 	ip netip.Addr,
-	nodes types.Nodes,
+	machines types.Machines,
 ) (*netipx.IPSet, error) {
 	log.Trace().Str("ip", ip.String()).Msg("ExpandAlias got ip")
 
-	matches := nodes.FilterByIP(ip)
+	matches := machines.FilterByIP(ip)
 
 	build := netipx.IPSetBuilder{}
 	build.Add(ip)
 
-	for _, node := range matches {
-		node.IPAddresses.AppendToIPSet(&build)
+	for _, machine := range matches {
+		machine.IPAddresses.AppendToIPSet(&build)
 	}
 
 	return build.IPSet()
@@ -838,7 +838,7 @@ func (pol *ACLPolicy) expandIPsFromSingleIP(
 
 func (pol *ACLPolicy) expandIPsFromIPPrefix(
 	prefix netip.Prefix,
-	nodes types.Nodes,
+	machines types.Machines,
 ) (*netipx.IPSet, error) {
 	log.Trace().Str("prefix", prefix.String()).Msg("expandAlias got prefix")
 	build := netipx.IPSetBuilder{}
@@ -846,12 +846,12 @@ func (pol *ACLPolicy) expandIPsFromIPPrefix(
 
 	// This is suboptimal and quite expensive, but if we only add the prefix, we will miss all the relevant IPv6
 	// addresses for the hosts that belong to tailscale. This doesnt really affect stuff like subnet routers.
-	for _, node := range nodes {
-		for _, ip := range node.IPAddresses {
+	for _, machine := range machines {
+		for _, ip := range machine.IPAddresses {
 			// log.Trace().
-			// 	Msgf("checking if node ip (%s) is part of prefix (%s): %v, is single ip prefix (%v), addr: %s", ip.String(), prefix.String(), prefix.Contains(ip), prefix.IsSingleIP(), prefix.Addr().String())
+			// 	Msgf("checking if machine ip (%s) is part of prefix (%s): %v, is single ip prefix (%v), addr: %s", ip.String(), prefix.String(), prefix.Contains(ip), prefix.IsSingleIP(), prefix.Addr().String())
 			if prefix.Contains(ip) {
-				node.IPAddresses.AppendToIPSet(&build)
+				machine.IPAddresses.AppendToIPSet(&build)
 			}
 		}
 	}
@@ -871,18 +871,18 @@ func isTag(str string) bool {
 	return strings.HasPrefix(str, "tag:")
 }
 
-// TagsOfNode will return the tags of the current node.
+// TagsOfMachine will return the tags of the current machine.
 // Invalid tags are tags added by a user on a node, and that user doesn't have authority to add this tag.
 // Valid tags are tags added by a user that is allowed in the ACL policy to add this tag.
-func (pol *ACLPolicy) TagsOfNode(
-	node *types.Node,
+func (pol *ACLPolicy) TagsOfMachine(
+	machine types.Machine,
 ) ([]string, []string) {
 	validTags := make([]string, 0)
 	invalidTags := make([]string, 0)
 
 	validTagMap := make(map[string]bool)
 	invalidTagMap := make(map[string]bool)
-	for _, tag := range node.HostInfo.RequestTags {
+	for _, tag := range machine.HostInfo.RequestTags {
 		owners, err := expandOwnersFromTag(pol, tag)
 		if errors.Is(err, ErrInvalidTag) {
 			invalidTagMap[tag] = true
@@ -891,7 +891,7 @@ func (pol *ACLPolicy) TagsOfNode(
 		}
 		var found bool
 		for _, owner := range owners {
-			if node.User.Name == owner {
+			if machine.User.Name == owner {
 				found = true
 			}
 		}
@@ -911,31 +911,31 @@ func (pol *ACLPolicy) TagsOfNode(
 	return validTags, invalidTags
 }
 
-func filterNodesByUser(nodes types.Nodes, user string) types.Nodes {
-	out := types.Nodes{}
-	for _, node := range nodes {
-		if node.User.Name == user {
-			out = append(out, node)
+func filterMachinesByUser(machines types.Machines, user string) types.Machines {
+	out := types.Machines{}
+	for _, machine := range machines {
+		if machine.User.Name == user {
+			out = append(out, machine)
 		}
 	}
 
 	return out
 }
 
-// FilterNodesByACL returns the list of peers authorized to be accessed from a given node.
-func FilterNodesByACL(
-	node *types.Node,
-	nodes types.Nodes,
+// FilterMachinesByACL returns the list of peers authorized to be accessed from a given machine.
+func FilterMachinesByACL(
+	machine *types.Machine,
+	machines types.Machines,
 	filter []tailcfg.FilterRule,
-) types.Nodes {
-	result := types.Nodes{}
+) types.Machines {
+	result := types.Machines{}
 
-	for index, peer := range nodes {
-		if peer.ID == node.ID {
+	for index, peer := range machines {
+		if peer.ID == machine.ID {
 			continue
 		}
 
-		if node.CanAccess(filter, nodes[index]) || peer.CanAccess(filter, node) {
+		if machine.CanAccess(filter, &machines[index]) || peer.CanAccess(filter, machine) {
 			result = append(result, peer)
 		}
 	}