Skip to content

Add an IPv6-only mode, defaulted off #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
EdGeraghty merged 6 commits into from
Nov 26, 2025
Merged

Add an IPv6-only mode, defaulted off #65

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
cb058dc
Add an IPv6-only mode, defaulted off
EdGeraghty Nov 26, 2025
a7d03b6
Fix randomly indented code block
EdGeraghty Nov 26, 2025
6fd2ae7
Initial plan
Copilot Nov 26, 2025
a37c62a
Address review comments: fix indentation, add quotes, document IPV6_ONLY
Copilot Nov 26, 2025
c17ad37
Merge pull request #66 from privacyint/copilot/sub-pr-65
EdGeraghty Nov 26, 2025
94dfdd9
Output v6-only to the logs on init
EdGeraghty Nov 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 24 additions & 6 deletions scripts/container-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,23 @@ validate_extra_records() {
fi
}

#######################################
# Validate IP address settings
#######################################
check_ip_address_settings() {
check_env_var_or_set_default "IP_ALLOCATION" "${headscale_ip_allocation_default}" "^(sequential|random)$" "Invalid 'IP_ALLOCATION'. Must be either 'sequential' (default) or 'random'."
check_env_var_or_set_default "IPV6_ONLY" "${headscale_ipv6_only_default}" "^(true|false)$" "Invalid 'IPV6_ONLY'. Must be 'true' or 'false'."
check_env_var_or_set_default "IPV4_PREFIX" "${headscale_ipv4_prefix_default}"
check_env_var_or_set_default "IPV6_PREFIX" "${headscale_ipv6_prefix_default}"

if [[ "${IPV6_ONLY}" == "true" ]]; then
export IP_PREFIXES="v6: ${IPV6_PREFIX}"
else
export IP_PREFIXES="v4: ${IPV4_PREFIX}
v6: ${IPV6_PREFIX}"
fi
}

#######################################
# Perform all Headscale environment variable checks
#######################################
Expand All @@ -170,10 +187,8 @@ check_headscale_environment_vars() {
check_litestream_replica_url
validate_oidc_settings
validate_extra_records
check_ip_address_settings
check_env_var_or_set_default "HEADSCALE_OVERRIDE_LOCAL_DNS" "true" "^(true|false)$" "Invalid 'HEADSCALE_OVERRIDE_LOCAL_DNS'. Must be 'true' (default) or 'false'."
check_env_var_or_set_default "IP_ALLOCATION" "${headscale_ip_allocation_default}" "^(sequential|random)$" "Invalid 'IP_ALLOCATION'. Must be either 'sequential' (default) or 'random'."
check_env_var_or_set_default "IPV4_PREFIX" "${headscale_ipv4_prefix_default}"
check_env_var_or_set_default "IPV6_PREFIX" "${headscale_ipv6_prefix_default}"
check_env_var_or_set_default "MAGIC_DNS" "${headscale_magic_dns_default}" "^(true|false)$" "Invalid 'MAGIC_DNS'. Must be 'true' or 'false'."
require_env_var "PUBLIC_SERVER_URL"
require_env_var "HEADSCALE_DNS_BASE_DOMAIN"
Expand All @@ -193,8 +208,7 @@ create_headscale_config() {
"HEADSCALE_DNS_BASE_DOMAIN"
"HEADSCALE_OVERRIDE_LOCAL_DNS"
"MAGIC_DNS"
"IPV6_PREFIX"
"IPV4_PREFIX"
"IP_PREFIXES"
"IP_ALLOCATION"
"HEADSCALE_EXTRA_RECORDS_PATH"
)
Expand Down Expand Up @@ -437,7 +451,11 @@ display_configuration_summary() {
log_feature_status "Magic DNS" "${MAGIC_DNS}"

log_info "IP Allocation: ${IP_ALLOCATION}"
log_info "IPv4 Prefix: ${IPV4_PREFIX}"
if [[ "${IPV6_ONLY}" == "true" ]]; then
log_feature_status "IPv6 Only" true ""
else
log_info "IPv4 Prefix: ${IPV4_PREFIX}"
fi
log_info "IPv6 Prefix: ${IPV6_PREFIX}"

if env_var_is_defined "HEADSCALE_OIDC_ISSUER"; then
Expand Down
1 change: 1 addition & 0 deletions scripts/defaults.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ public_listen_port_default=443

headscale_extra_records_path_default="/data/headscale/extra-records.json"
headscale_magic_dns_default="true"
headscale_ipv6_only_default="false"
Comment thread
EdGeraghty marked this conversation as resolved.
headscale_ipv6_prefix_default="fd7a:115c:a1e0::/48"
headscale_ipv4_prefix_default="100.64.0.0/10"
headscale_ip_allocation_default="sequential"
Expand Down
11 changes: 5 additions & 6 deletions templates/headscale.template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,12 @@ noise:
# IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
# Any other range is NOT supported, and it will cause unexpected issues.
prefixes:
v6: $IPV6_PREFIX
v4: $IPV4_PREFIX
$IP_PREFIXES

# Strategy used for allocation of IPs to nodes, available options:
# - sequential (default): assigns the next free IP from the previous given IP.
# - random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).
allocation: $IP_ALLOCATION
# Strategy used for allocation of IPs to nodes, available options:
# - sequential (default): assigns the next free IP from the previous given IP.
# - random: assigns the next free IP from a pseudo-random IP generator (crypto/rand).
allocation: $IP_ALLOCATION

# DERP is a relay system that Tailscale uses when a direct
# connection cannot be established.
Expand Down
3 changes: 3 additions & 0 deletions templates/secrets.template.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@ HEADSCALE_DNS_BASE_DOMAIN=CHANGEME
# IPV6_PREFIX="fd7a:115c:a1e0::/48"
# IPV4_PREFIX="100.64.0.0/10"

# Enable IPv6-only mode (disables IPv4 prefix allocation)
# IPV6_ONLY=false

# The following one can be set after first deployment
# If not, it will require all Tailscale clients to restart on every deploy
# HEADSCALE_NOISE_PRIVATE_KEY=CHANGEME
Expand Down
Loading