v0.16.0

Changelog

New Features

• 43c27a1 feat: add ssh recorder implementation
• 41de33d feat: add support for autogroup:danger-all
• 128a184 feat: only support tailscale clients >= 1.48
• 4bce1c3 feat: ssh recording

Bug fixes

• eadd42b fix: expand src wildcard alias to peer ip addresses
• 5adec31 fix: handle relative name and zones correctly
• 3d21630 fix: notify others when node is online

v0.15.0

⚠️ This release has some breaking changes, please backup your database before upgrading

Breaking Changes

New: Embedded DERP which is enabled by default

This embedded DERP can be disabled and additional DERP map sources can be set in the configuration, e.g.

derp:
  server:
    disabled: true
  sources:
    - https://controlplane.tailscale.com/derpmap/default

listener_addr and public_addr changes

The configuration for the listen_addr and server_url has been change:

• http_listen_addr and https_listen_addr is replaced with a single entry listen_addr
• server_url is replaced with public_addr (eg. server_url: https://ionscale.example.com becomes public_addr: ionscale.example.com:443

HuJson support for ACL and IAM policies

The API has changed to support this; make sure you use the same version for your server and your cli client

Changelog

New Features

• 248b75c feat: embedded derp
• a1debdf feat: use env variable for setting a default tailnet id when using a system admin key
• 6173621 feat: use hujson as data format for ACL and IAM policy

Other work

• d72ea03 improvement: change http(s) listener to web listener addr and a public web addr
• 1ffafee improvement: don't save tailnet and don't signal change when nothing is updated
• 0ecd005 improvement: graceful shutdown
• 68127b9 improvement: update layout

v0.14.0

Changelog

New Features

• 7c2d5f7 feat: add pprof endpoints

Bug fixes

• 91c62ee fix: correct check if dns provider is set
• 41b64ee fix: expired peer missing in peer list
• b098562 fix: log in with different use should create new machine entry
• 0eef9fa fix: show correct number of peers after switching accounts

Other work

• 84d29fd improvement: remove usage of deprecated echo prometheus integration
• e39eb58 improvement: set last authentication timestamp on user and use it to check ssh access

v0.13.0

Changelog

New Features

• d8f0492 feat: add device aliases
• 128ed22 feat: add support for search domains in dns config
• 5e43014 feat: remove inactive emphemeral machines when server starts; rename reaper to worker
• 9f3a6bb feat: save tokens for multiple ionscale servers
• 280ee7e feat: validate iam policy filters

Bug fixes

• 7eb808c fix: add ssh rules to default acl policy
• 5d1ac32 fix: check if tailnet with name already exists
• dea6027 fix: cli also accepts IONSCALE_KEYS_SYSTEM_ADMIN_KEY env variable
• 25203d3 fix: little layout issue
• 9748955 fix: some small logging fixes
• b8c752d fix: use default and additional scopes correctly

v0.12.0

Changelog

New Features

• 8f998b0 feat: acl grants
• 7fa31bd feat: add support for protocol in acl rules
• 3fccde2 feat: also accept hujson files
• 44b6b20 feat: store acme certificates in db

Bug fixes

• 8f2c198 fix: avoid peer lookup if not needed
• 123ca99 fix: mark query feature request as incomplete when necessary
• 980ab1b fix: send empty PacketFilter when no rules match

v0.11.0

Changelog

New Features

• 9b5f045 feat: add support for node attributes
• cbcbd61 feat: remove support for non-noise clients

Bug fixes

• 1b66b1e fix: incorrect index
• c1ea283 fix: incorrect splitting of alias and port ranges

v0.10.0

Changelog

New Features

• 9808860 feat: add support for 'always' value in ssh check period
• a303de7 feat: add support for autogroup:member
• 54fa423 feat: add support for autogroup:tagged

Bug fixes

• 2bc03b8 fix: add autogroup:member checks in ssh policies

v0.10.0-rc1

Changelog

New Features

• 75b58d0 feat: add query feature endpoint for 'serve' support
• e31ce67 feat: add support for ssh check periods
• 9ac4c85 feat: add version column to machines list

Bug fixes

• d9fafdc fix: add missing https capability
• 038c0af fix: add unique constraint to index
• 9b8782c fix: issue when enabling/disabling https certs
• 339b9cf fix: lazy load snowflake id generator

v0.9.1

Changelog

Bug fixes

• 9fd4e5f fix: log error when starting server fails
• 326860c fix: panic when user is not authorized

v0.9.0

Changelog

New Features

• d32ece6 feat: create and update tailnets with all properties

Bug fixes

• 4550bdb fix: set default ACL and IAM policy if not provided