Changes
Headplane 0.6.1 works with Headscale 0.26.0 or higher.
- We have a very WIP website at headplane.net! Documentation and overall website design are still heavily subject to change.
- Please ensure data volumes are correctly migrated!!
/var/lib/headplane
should be mounted in Docker. - There should not be any breaking changes with the config, but an up-to-date version of the config file can be found at https://github.com/tale/headplane/blob/main/config.example.yaml.
- Headplane now supports connecting to machines via SSH in the web browser.
- This is an experimental feature and requires the
integration.agent
section to be set up in the config file. - This is built on top of a Go binary that runs in WebAssembly, using Xterm.js for the terminal interface.
- This is an experimental feature and requires the
- Begin using a new SQLite database file in
/var/lib/headplane/hp_persist.db
.- The database is created automatically if it does not exist.
- It currently stores SSH connection details and HostInfo for the agent.
- User information is automatically migrated from the previous database.
- The docker container now runs in a distroless image (closes #255).
- A debug version of the container that runs as root and has a shell is available as
ghcr.io/tale/headplane:<version>-shell
.
- A debug version of the container that runs as root and has a shell is available as
- Reintroduce the toggle for overriding local DNS settings in the Headscale config (closes #236).
- Prefer cross-compiling in the Dockerfile to speed up builds while still supporting multiple architectures.
- Add a build attestation to validate SLSA provenance for the Docker image.
- Configuration loading via paths is now supported for sensitive values (via #283)
- Options like
server.cookie_secret_path
can overrideserver.cookie_secret
- Environment variables are interpolatable into these paths
- See the full reference in the docs
- Options like
- Switch our build processes to use TypeScript Go and Rolldown Vite for better build and type-check performance.
- OIDC profile pictures are now available from Gravatar by setting
oidc.profile_picture_source
togravatar
(closes #232). - OIDC now allows passing many custom parameters:
oidc.authorization_endpoint
,oidc.token_endpoint
, andoidc.userinfo_endpoint
can be overridden to support non-standard providers or scenarios without discovery (closes #117).oidc.scope
can be set to specify custom scopes (defaults toopenid email profile
).oidc.extra_params
can be set to pass arbitrary query parameters to the authorization endpoint (closes #197).
Fixes
- Removing a Split DNS record will no longer make the split domain unresolvable by clients (closes #231).
- Implement more accurate guessing on the PID with the
/proc
integration (via #219). - Usernames will now correctly fall back to emails if not provided (via #257).
- The nix overlay build is fixed for the SSH module (via #282)
- Cookies are now encrypted JWTs, preserving API key secrets (GHSA-wrqq-v7qw-r5w7)
New Contributors
- @gabe565 made their first contribution in #237
- @Prince213 made their first contribution in #244
- @antoniolago made their first contribution in #241
- @LEI made their first contribution in #238
- @hayer made their first contribution in #219
- @domysh made their first contribution in #273
Full Changelog: v0.6.0...v0.6.1