Integration with the Tailscale network (#34)

Author: lucasdillmann

.github/ISSUE_TEMPLATE/bug_report.md

@@ -27,7 +27,7 @@ If applicable, add screenshots and/or the application's log to help explain your
 **Environment**
  - OS (e.g. Linux, macOS)
  - Execution mode (e.g. Docker, local installation)
- - Version (e.g. 2.10.0)
+ - nginx ignition version (e.g. 2.10.0)
 
 **Additional context and information**
 Add any other context about the problem here.

.github/workflows/release.yml

@@ -16,7 +16,7 @@ jobs:
           node-version: 22
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.25.3
+          go-version: 1.25.4
       - name: Install nfpm
         run: |
           echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list

.github/workflows/snapshot.yml

@@ -19,7 +19,7 @@ jobs:
           node-version: 22
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.25.3
+          go-version: 1.25.4
       - name: npm cache download
         uses: actions/cache/restore@v4
         with:
@@ -49,7 +49,7 @@ jobs:
           node-version: 22
       - uses: actions/setup-go@v5
         with:
-          go-version: 1.25.3
+          go-version: 1.25.4
       - name: Install nfpm
         run: |
           echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list

Makefile

@@ -1,7 +1,7 @@
 DOCKER_IMAGE ?= dillmann/nginx-ignition
 VERSION ?= 0.0.0
 PR_ID ?= 0
-SNAPSHOT_TAG_SUFFIX := $(if $(or $(filter 0,$(PR_ID)),$(filter ,$(PR_ID))),snapshot,pr-$(PR_ID)-snapshot)
+SNAPSHOT_TAG_SUFFIX := $(if $(filter-out ,$(PR_ID)),$(if $(filter-out 0,$(PR_ID)),pr-$(PR_ID)-snapshot,snapshot),snapshot)
 
 .prerequisites:
 	go work sync
@@ -20,8 +20,9 @@ SNAPSHOT_TAG_SUFFIX := $(if $(or $(filter 0,$(PR_ID)),$(filter ,$(PR_ID))),snaps
     		./certificate/selfsigned \
     		./core \
     		./database \
+    		./integration/docker \
     		./integration/truenas \
-    		./integration/docker
+    		./vpn/tailscale
 
 .build-frontend:
 	cd frontend/ && npm run build

README.md

@@ -22,8 +22,9 @@ Some of the available features include:
 - SSL certificates (Let's Encrypt, self-signed or bring your custom one) with automatic renew (when applicable)
 - Server and virtual hosts access and error logs with automatic log rotation
 - Multiple users with attribute-based access control (ABAC)
-- Native integration with TrueNAS, allowing to easily configure to proxy to an app hosted in your NAS
+- Support for TrueNAS, allowing to easily configure to proxy to an app hosted in your NAS
 - Native integration with Docker for easy pick of a container as the proxy target
+- Built-in support for Tailscale VPNs, enabling easy exposure of hosts in your Tailnet networks as virtual machines
 - Access lists for easy control of who can access what using basic authentication and/or source IP address checks 
 
 ## Getting started

api/access_list/dto.go

@@ -1,12 +1,12 @@
-package access_list
+package accesslist
 
 import (
 	"github.com/google/uuid"
 
-	"dillmann.com.br/nginx-ignition/core/access_list"
+	"dillmann.com.br/nginx-ignition/core/accesslist"
 )
 
-func toDto(accessList *access_list.AccessList) *accessListResponseDto {
+func toDto(accessList *accesslist.AccessList) *accessListResponseDto {
 	if accessList == nil {
 		return nil
 	}
@@ -40,33 +40,33 @@ func toDto(accessList *access_list.AccessList) *accessListResponseDto {
 	}
 }
 
-func toDomain(request *accessListRequestDto) *access_list.AccessList {
+func toDomain(request *accessListRequestDto) *accesslist.AccessList {
 	if request == nil {
 		return nil
 	}
 
-	var entries []access_list.AccessListEntry
+	var entries []accesslist.AccessListEntry
 	if request.Entries != nil {
 		for _, entry := range request.Entries {
-			entries = append(entries, access_list.AccessListEntry{
+			entries = append(entries, accesslist.AccessListEntry{
 				Priority:      *entry.Priority,
 				Outcome:       *entry.Outcome,
 				SourceAddress: entry.SourceAddresses,
 			})
 		}
 	}
 
-	var credentials []access_list.AccessListCredentials
+	var credentials []accesslist.AccessListCredentials
 	if request.Credentials != nil {
 		for _, credential := range request.Credentials {
-			credentials = append(credentials, access_list.AccessListCredentials{
+			credentials = append(credentials, accesslist.AccessListCredentials{
 				Username: *credential.Username,
 				Password: *credential.Password,
 			})
 		}
 	}
 
-	return &access_list.AccessList{
+	return &accesslist.AccessList{
 		ID:                          uuid.New(),
 		Name:                        *request.Name,
 		Realm:                       *request.Realm,

api/access_list/converter.go api/accesslist/converter.goapi/access_list/converter.go renamed to api/accesslist/converter.go

@@ -1,17 +1,16 @@
-package access_list
+package accesslist
 
 import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
-	"github.com/go-playground/validator/v10"
 	"github.com/google/uuid"
 
-	"dillmann.com.br/nginx-ignition/core/access_list"
+	"dillmann.com.br/nginx-ignition/core/accesslist"
 )
 
 type createHandler struct {
-	commands *access_list.Commands
+	commands *accesslist.Commands
 }
 
 func (h createHandler) handle(ctx *gin.Context) {
@@ -20,10 +19,6 @@ func (h createHandler) handle(ctx *gin.Context) {
 		panic(err)
 	}
 
-	if err := validator.New().Struct(payload); err != nil {
-		panic(err)
-	}
-
 	domainModel := toDomain(payload)
 	domainModel.ID = uuid.New()
 

api/access_list/create_handler.go api/accesslist/create_handler.goapi/access_list/create_handler.go renamed to api/accesslist/create_handler.go

@@ -1,16 +1,16 @@
-package access_list
+package accesslist
 
 import (
 	"net/http"
 
 	"github.com/gin-gonic/gin"
 	"github.com/google/uuid"
 
-	"dillmann.com.br/nginx-ignition/core/access_list"
+	"dillmann.com.br/nginx-ignition/core/accesslist"
 )
 
 type deleteHandler struct {
-	commands *access_list.Commands
+	commands *accesslist.Commands
 }
 
 func (h deleteHandler) handle(ctx *gin.Context) {

api/access_list/delete_handler.go api/accesslist/delete_handler.goapi/access_list/delete_handler.go renamed to api/accesslist/delete_handler.go

@@ -0,0 +1,39 @@
+package accesslist
+
+import (
+	"github.com/google/uuid"
+
+	"dillmann.com.br/nginx-ignition/core/accesslist"
+)
+
+type accessListRequestDto struct {
+	Name                        *string             `json:"name"`
+	Realm                       *string             `json:"realm"`
+	SatisfyAll                  *bool               `json:"satisfyAll"`
+	DefaultOutcome              *accesslist.Outcome `json:"defaultOutcome"`
+	Entries                     []*entrySetDto      `json:"entries"`
+	ForwardAuthenticationHeader *bool               `json:"forwardAuthenticationHeader"`
+	Credentials                 []*credentialsDto   `json:"credentials"`
+}
+
+type accessListResponseDto struct {
+	ID                          uuid.UUID          `json:"id"`
+	Name                        string             `json:"name"`
+	Realm                       *string            `json:"realm"`
+	SatisfyAll                  bool               `json:"satisfyAll"`
+	DefaultOutcome              accesslist.Outcome `json:"defaultOutcome"`
+	Entries                     []entrySetDto      `json:"entries"`
+	ForwardAuthenticationHeader bool               `json:"forwardAuthenticationHeader"`
+	Credentials                 []credentialsDto   `json:"credentials"`
+}
+
+type entrySetDto struct {
+	Priority        *int                `json:"priority"`
+	Outcome         *accesslist.Outcome `json:"outcome"`
+	SourceAddresses []*string           `json:"sourceAddresses"`
+}
+
+type credentialsDto struct {
+	Username *string `json:"username"`
+	Password *string `json:"password"`
+}