I deploy multiple machines (both machines that run the Tailscale client, but also a machine that runs the Headscale control server). I want to automate the registration of clients to the control server as much as possible.
At the moment, I have to run headscale preauthkeys create which will randomly generate a 24 byte key and store it (along with additional metadata, such as expiry, user, etc.) in the SQLite database.
This means that in order to deploy a client, I first need to run a command on the control server to change its state, take the output, and use that to include it in the state to deploy to the client. Thus, I end up maintaining a list of preauth keys for my clients.
I would prefer to use the same list to also declaratively control the state of the control server. That is, I would like to set the list of preauth keys for the server (or at least add to the list), at the time I deploy it. This way I would be able to generate images for all clients and the control server, and deploy them "in one go", without having to first deploy the control server, executing headscale preauthkyes create and only then deploying clients.
Description
I would like to be able to specify keys that I have securely generate myself when I execute headscale preauthkeys create, for example:
A workaround is to use the SQLite database directly, bypassing headscale preauthkeys, but I'd like to avoid that.
The implementation would be rather straightforward, adding another optional argument to pass the key, and if it is not specified call generateKey as it is done unconditionally at the moment.
Why
I deploy multiple machines (both machines that run the Tailscale client, but also a machine that runs the Headscale control server). I want to automate the registration of clients to the control server as much as possible.
At the moment, I have to run
headscale preauthkeys create
which will randomly generate a 24 byte key and store it (along with additional metadata, such as expiry, user, etc.) in the SQLite database.This means that in order to deploy a client, I first need to run a command on the control server to change its state, take the output, and use that to include it in the state to deploy to the client. Thus, I end up maintaining a list of preauth keys for my clients.
I would prefer to use the same list to also declaratively control the state of the control server. That is, I would like to set the list of preauth keys for the server (or at least add to the list), at the time I deploy it. This way I would be able to generate images for all clients and the control server, and deploy them "in one go", without having to first deploy the control server, executing
headscale preauthkyes create
and only then deploying clients.Description
I would like to be able to specify keys that I have securely generate myself when I execute
headscale preauthkeys create
, for example:A workaround is to use the SQLite database directly, bypassing
headscale preauthkeys
, but I'd like to avoid that.The implementation would be rather straightforward, adding another optional argument to pass the key, and if it is not specified call
generateKey
as it is done unconditionally at the moment.