diff --git a/scripts/docker/run.sh b/scripts/docker/run.sh index bb861eedf..812f18252 100755 --- a/scripts/docker/run.sh +++ b/scripts/docker/run.sh @@ -27,6 +27,10 @@ if [ -n "$TSIDP_LOCAL_PORT" ]; then ARGS="$ARGS -local-port=$TSIDP_LOCAL_PORT" fi +if [ -n "$TS_AUTHKEY_FILE" ]; then + ARGS="$ARGS -ts-authkey-file=$TS_AUTHKEY_FILE" +fi + # logging control if [ -n "$TSIDP_LOG" ]; then case "$TSIDP_LOG" in diff --git a/tsidp-server.go b/tsidp-server.go index 26ec132c2..12f4a80c1 100644 --- a/tsidp-server.go +++ b/tsidp-server.go @@ -19,6 +19,7 @@ import ( "net/http" "os" "os/signal" + "path/filepath" "strings" "time" @@ -29,7 +30,6 @@ import ( "tailscale.com/hostinfo" "tailscale.com/ipn" "tailscale.com/ipn/ipnstate" - "tailscale.com/tsnet" "tailscale.com/version" ) @@ -51,6 +51,8 @@ var ( // extended debugging information flagDebugAllRequests = flag.Bool("debug-all-requests", false, "capture and print all HTTP requests and responses") flagDebugTSNet = flag.Bool("debug-tsnet", false, "enable tsnet.Server logging") + + flagAuthKeyFile = flag.String("ts-authkey-file", "", "authkey file") ) // main initializes and starts the tsidp server @@ -127,10 +129,28 @@ func main() { defer cleanup() } else { hostinfo.SetApp("tsidp") + if *flagAuthKeyFile != "" { + f, _ := filepath.Abs(*flagAuthKeyFile) + file, err := os.Open(f) + if err != nil { + slog.Error("error opening auth key file", slog.Any("err", err)) + os.Exit(1) + } + authKeyBytes, err := io.ReadAll(file) + if err != nil { + slog.Error("error reading auth key file", slog.Any("err", err)) + os.Exit(1) + } + // reuse tsAuthKeyFile variable + *flagAuthKeyFile = string(authKeyBytes) + } ts := &tsnet.Server{ Hostname: *flagHostname, Dir: *flagDir, } + if *flagAuthKeyFile != "" { + ts.AuthKey = *flagAuthKeyFile + } if *flagDebugTSNet { ts.Logf = func(format string, args ...any) { cur := slog.SetLogLoggerLevel(slog.LevelDebug) // force debug if this option is on