create DB struct

This is step one in detaching the Database layer from Headscale (h). The
ultimate goal is to have all function that does database operations in
its own package, and keep the business logic and writing separate.

Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>

.gitignore

@@ -41,3 +41,5 @@ integration_test/etc/config.dump.yaml
 # MkDocs
 .cache
 /site
+
+__debug_bin

cmd/headscale/cli/api_key.go

@@ -6,7 +6,7 @@ import (
 	"time"
 
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
-	"github.com/juanfont/headscale/hscontrol"
+	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/prometheus/common/model"
 	"github.com/pterm/pterm"
 	"github.com/rs/zerolog/log"
@@ -83,7 +83,7 @@ var listAPIKeys = &cobra.Command{
 			}
 
 			tableData = append(tableData, []string{
-				strconv.FormatUint(key.GetId(), hscontrol.Base10),
+				strconv.FormatUint(key.GetId(), util.Base10),
 				key.GetPrefix(),
 				expiration,
 				key.GetCreatedAt().AsTime().Format(HeadscaleDateTimeFormat),

cmd/headscale/cli/debug.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
-	"github.com/juanfont/headscale/hscontrol"
+	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/status"
@@ -93,7 +93,7 @@ var createNodeCmd = &cobra.Command{
 
 			return
 		}
-		if !hscontrol.NodePublicKeyRegex.Match([]byte(machineKey)) {
+		if !util.NodePublicKeyRegex.Match([]byte(machineKey)) {
 			err = errPreAuthKeyMalformed
 			ErrorOutput(
 				err,

cmd/headscale/cli/nodes.go

@@ -10,7 +10,7 @@ import (
 
 	survey "github.com/AlecAivazis/survey/v2"
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
-	"github.com/juanfont/headscale/hscontrol"
+	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/pterm/pterm"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc/status"
@@ -529,15 +529,15 @@ func nodesToPtables(
 
 		var machineKey key.MachinePublic
 		err := machineKey.UnmarshalText(
-			[]byte(hscontrol.MachinePublicKeyEnsurePrefix(machine.MachineKey)),
+			[]byte(util.MachinePublicKeyEnsurePrefix(machine.MachineKey)),
 		)
 		if err != nil {
 			machineKey = key.MachinePublic{}
 		}
 
 		var nodeKey key.NodePublic
 		err = nodeKey.UnmarshalText(
-			[]byte(hscontrol.NodePublicKeyEnsurePrefix(machine.NodeKey)),
+			[]byte(util.NodePublicKeyEnsurePrefix(machine.NodeKey)),
 		)
 		if err != nil {
 			return nil, err
@@ -596,7 +596,7 @@ func nodesToPtables(
 		}
 
 		nodeData := []string{
-			strconv.FormatUint(machine.Id, hscontrol.Base10),
+			strconv.FormatUint(machine.Id, util.Base10),
 			machine.Name,
 			machine.GetGivenName(),
 			machineKey.ShortString(),

cmd/headscale/cli/users.go

@@ -1,11 +1,11 @@
 package cli
 
 import (
+	"errors"
 	"fmt"
 
 	survey "github.com/AlecAivazis/survey/v2"
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
-	"github.com/juanfont/headscale/hscontrol"
 	"github.com/pterm/pterm"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/cobra"
@@ -20,9 +20,7 @@ func init() {
 	userCmd.AddCommand(renameUserCmd)
 }
 
-const (
-	errMissingParameter = hscontrol.Error("missing parameters")
-)
+var errMissingParameter = errors.New("missing parameters")
 
 var userCmd = &cobra.Command{
 	Use:     "users",

cmd/headscale/cli/utils.go

@@ -10,6 +10,7 @@ import (
 
 	v1 "github.com/juanfont/headscale/gen/go/headscale/v1"
 	"github.com/juanfont/headscale/hscontrol"
+	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/rs/zerolog/log"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
@@ -39,7 +40,7 @@ func getHeadscaleApp() (*hscontrol.Headscale, error) {
 	// We are doing this here, as in the future could be cool to have it also hot-reload
 
 	if cfg.ACL.PolicyPath != "" {
-		aclPath := hscontrol.AbsolutePathFromConfigPath(cfg.ACL.PolicyPath)
+		aclPath := util.AbsolutePathFromConfigPath(cfg.ACL.PolicyPath)
 		err = app.LoadACLPolicyFromPath(aclPath)
 		if err != nil {
 			log.Fatal().
@@ -98,7 +99,7 @@ func getHeadscaleCLIClient() (context.Context, v1.HeadscaleServiceClient, *grpc.
 		grpcOptions = append(
 			grpcOptions,
 			grpc.WithTransportCredentials(insecure.NewCredentials()),
-			grpc.WithContextDialer(hscontrol.GrpcSocketDialer),
+			grpc.WithContextDialer(util.GrpcSocketDialer),
 		)
 	} else {
 		// If we are not connecting to a local server, require an API key for authentication

cmd/headscale/headscale_test.go

@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"github.com/juanfont/headscale/hscontrol"
+	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/spf13/viper"
 	"gopkg.in/check.v1"
 )
@@ -64,7 +65,7 @@ func (*Suite) TestConfigFileLoading(c *check.C) {
 	c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
 	c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
 	c.Assert(
-		hscontrol.GetFileMode("unix_socket_permission"),
+		util.GetFileMode("unix_socket_permission"),
 		check.Equals,
 		fs.FileMode(0o770),
 	)
@@ -107,7 +108,7 @@ func (*Suite) TestConfigLoading(c *check.C) {
 	c.Assert(viper.GetString("tls_letsencrypt_challenge_type"), check.Equals, "HTTP-01")
 	c.Assert(viper.GetStringSlice("dns_config.nameservers")[0], check.Equals, "1.1.1.1")
 	c.Assert(
-		hscontrol.GetFileMode("unix_socket_permission"),
+		util.GetFileMode("unix_socket_permission"),
 		check.Equals,
 		fs.FileMode(0o770),
 	)

hscontrol/acls.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/juanfont/headscale/hscontrol/util"
 	"github.com/rs/zerolog/log"
 	"github.com/tailscale/hujson"
 	"go4.org/netipx"
@@ -20,21 +21,16 @@ import (
 	"tailscale.com/tailcfg"
 )
 
-const (
-	errEmptyPolicy       = Error("empty policy")
-	errInvalidAction     = Error("invalid action")
-	errInvalidGroup      = Error("invalid group")
-	errInvalidTag        = Error("invalid tag")
-	errInvalidPortFormat = Error("invalid port format")
-	errWildcardIsNeeded  = Error("wildcard as port is required for the protocol")
+var (
+	errEmptyPolicy       = errors.New("empty policy")
+	errInvalidAction     = errors.New("invalid action")
+	errInvalidGroup      = errors.New("invalid group")
+	errInvalidTag        = errors.New("invalid tag")
+	errInvalidPortFormat = errors.New("invalid port format")
+	errWildcardIsNeeded  = errors.New("wildcard as port is required for the protocol")
 )
 
 const (
-	Base8              = 8
-	Base10             = 10
-	BitSize16          = 16
-	BitSize32          = 32
-	BitSize64          = 64
 	portRangeBegin     = 0
 	portRangeEnd       = 65535
 	expectedTokenItems = 2
@@ -123,7 +119,7 @@ func (h *Headscale) LoadACLPolicyFromBytes(acl []byte, format string) error {
 }
 
 func (h *Headscale) UpdateACLRules() error {
-	machines, err := h.ListMachines()
+	machines, err := h.db.ListMachines()
 	if err != nil {
 		return err
 	}
@@ -230,7 +226,7 @@ func (h *Headscale) generateSSHRules() ([]*tailcfg.SSHRule, error) {
 		return nil, errEmptyPolicy
 	}
 
-	machines, err := h.ListMachines()
+	machines, err := h.db.ListMachines()
 	if err != nil {
 		return nil, err
 	}
@@ -570,7 +566,7 @@ func excludeCorrectlyTaggedNodes(
 	for tag := range aclPolicy.TagOwners {
 		owners, _ := getTagOwners(aclPolicy, user, stripEmailDomain)
 		ns := append(owners, user)
-		if contains(ns, user) {
+		if util.StringOrPrefixListContains(ns, user) {
 			tags = append(tags, tag)
 		}
 	}
@@ -580,7 +576,7 @@ func excludeCorrectlyTaggedNodes(
 
 		found := false
 		for _, t := range hi.RequestTags {
-			if contains(tags, t) {
+			if util.StringOrPrefixListContains(tags, t) {
 				found = true
 
 				break
@@ -614,7 +610,7 @@ func expandPorts(portsStr string, needsWildcard bool) (*[]tailcfg.PortRange, err
 		rang := strings.Split(portStr, "-")
 		switch len(rang) {
 		case 1:
-			port, err := strconv.ParseUint(rang[0], Base10, BitSize16)
+			port, err := strconv.ParseUint(rang[0], util.Base10, util.BitSize16)
 			if err != nil {
 				return nil, err
 			}
@@ -624,11 +620,11 @@ func expandPorts(portsStr string, needsWildcard bool) (*[]tailcfg.PortRange, err
 			})
 
 		case expectedTokenItems:
-			start, err := strconv.ParseUint(rang[0], Base10, BitSize16)
+			start, err := strconv.ParseUint(rang[0], util.Base10, util.BitSize16)
 			if err != nil {
 				return nil, err
 			}
-			last, err := strconv.ParseUint(rang[1], Base10, BitSize16)
+			last, err := strconv.ParseUint(rang[1], util.Base10, util.BitSize16)
 			if err != nil {
 				return nil, err
 			}
@@ -754,7 +750,7 @@ func (pol *ACLPolicy) getIPsFromTag(
 
 	// check for forced tags
 	for _, machine := range machines {
-		if contains(machine.ForcedTags, alias) {
+		if util.StringOrPrefixListContains(machine.ForcedTags, alias) {
 			machine.IPAddresses.AppendToIPSet(&build)
 		}
 	}
@@ -783,7 +779,7 @@ func (pol *ACLPolicy) getIPsFromTag(
 		machines := filterMachinesByUser(machines, user)
 		for _, machine := range machines {
 			hi := machine.GetHostInfo()
-			if contains(hi.RequestTags, alias) {
+			if util.StringOrPrefixListContains(hi.RequestTags, alias) {
 				machine.IPAddresses.AppendToIPSet(&build)
 			}
 		}