coder
diff --git a/‎.github/dependabot.yaml
Lines changed: 9 additions & 9 deletions b/‎.github/dependabot.yaml
Lines changed: 9 additions & 9 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎agent/agent.go
Lines changed: 29 additions & 3 deletions b/‎agent/agent.go
Lines changed: 29 additions & 3 deletions
@@ -44,7 +44,7 @@ updates:
         update-types:
           - version-update:semver-patch
     groups:
-      go-otel:
+      otel:
         patterns:
           - "go.nhat.io/otelsql"
           - "go.opentelemetry.io/otel*"
@@ -67,7 +67,7 @@ updates:
       # our Go code.
       - dependency-name: "terraform"
     groups:
-      docker:
+      scripts-docker:
         patterns:
           - "*"
 
@@ -93,31 +93,31 @@ updates:
         update-types:
           - version-update:semver-major
     groups:
-      npm-react:
+      react:
         patterns:
           - "react*"
           - "@types/react*"
-      npm-xterm:
+      xterm:
         patterns:
           - "xterm*"
-      npm-xstate:
+      xstate:
         patterns:
           - "xstate"
           - "@xstate*"
-      npm-mui:
+      mui:
         patterns:
           - "@mui*"
-      npm-storybook:
+      storybook:
         patterns:
           - "@storybook*"
           - "storybook*"
-      npm-eslint:
+      eslint:
         patterns:
           - "eslint*"
           - "@eslint*"
           - "@typescript-eslint/eslint-plugin"
           - "@typescript-eslint/parser"
-      npm-jest:
+      jest:
         patterns:
           - "jest*"
           - "@swc/jest"
 
@@ -198,7 +198,7 @@ jobs:
         with:
           # This doesn't need caching. It's super fast anyways!
           cache: false
-          go-version: 1.20.5
+          go-version: 1.20.6
 
       - name: Install prettier
         # We only need prettier for fmt, so do not install all dependencies.
 
@@ -31,7 +31,7 @@ env:
   # For some reason, setup-go won't actually pick up a new patch version if
   # it has an old one cached. We need to manually specify the versions so we
   # can get the latest release. Never use "~1.xx" here!
-  CODER_GO_VERSION: "1.20.5"
+  CODER_GO_VERSION: "1.20.6"
 
 jobs:
   release:
 
@@ -22,7 +22,7 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 env:
-  CODER_GO_VERSION: "1.20.5"
+  CODER_GO_VERSION: "1.20.6"
 
 jobs:
   codeql:
 
@@ -64,6 +64,7 @@ type Options struct {
 	SSHMaxTimeout          time.Duration
 	TailnetListenPort      uint16
 	Subsystem              codersdk.AgentSubsystem
+	Addresses              []netip.Prefix
 
 	PrometheusRegistry *prometheus.Registry
 }
@@ -132,6 +133,7 @@ func New(options Options) Agent {
 		connStatsChan:          make(chan *agentsdk.Stats, 1),
 		sshMaxTimeout:          options.SSHMaxTimeout,
 		subsystem:              options.Subsystem,
+		addresses:              options.Addresses,
 
 		prometheusRegistry: prometheusRegistry,
 		metrics:            newAgentMetrics(prometheusRegistry),
@@ -177,6 +179,7 @@ type agent struct {
 	lifecycleStates   []agentsdk.PostLifecycleRequest
 
 	network       *tailnet.Conn
+	addresses     []netip.Prefix
 	connStatsChan chan *agentsdk.Stats
 	latestStat    atomic.Pointer[agentsdk.Stats]
 
@@ -545,6 +548,10 @@ func (a *agent) run(ctx context.Context) error {
 	}
 	a.logger.Info(ctx, "fetched manifest", slog.F("manifest", manifest))
 
+	if manifest.AgentID == uuid.Nil {
+		return xerrors.New("nil agentID returned by manifest")
+	}
+
 	// Expand the directory and send it back to coderd so external
 	// applications that rely on the directory can use it.
 	//
@@ -630,7 +637,7 @@ func (a *agent) run(ctx context.Context) error {
 	network := a.network
 	a.closeMutex.Unlock()
 	if network == nil {
-		network, err = a.createTailnet(ctx, manifest.DERPMap, manifest.DisableDirectConnections)
+		network, err = a.createTailnet(ctx, manifest.AgentID, manifest.DERPMap, manifest.DisableDirectConnections)
 		if err != nil {
 			return xerrors.Errorf("create tailnet: %w", err)
 		}
@@ -648,6 +655,11 @@ func (a *agent) run(ctx context.Context) error {
 
 		a.startReportingConnectionStats(ctx)
 	} else {
+		// Update the wireguard IPs if the agent ID changed.
+		err := network.SetAddresses(a.wireguardAddresses(manifest.AgentID))
+		if err != nil {
+			a.logger.Error(ctx, "update tailnet addresses", slog.Error(err))
+		}
 		// Update the DERP map and allow/disallow direct connections.
 		network.SetDERPMap(manifest.DERPMap)
 		network.SetBlockEndpoints(manifest.DisableDirectConnections)
@@ -661,6 +673,20 @@ func (a *agent) run(ctx context.Context) error {
 	return nil
 }
 
+func (a *agent) wireguardAddresses(agentID uuid.UUID) []netip.Prefix {
+	if len(a.addresses) == 0 {
+		return []netip.Prefix{
+			// This is the IP that should be used primarily.
+			netip.PrefixFrom(tailnet.IPFromUUID(agentID), 128),
+			// We also listen on the legacy codersdk.WorkspaceAgentIP. This
+			// allows for a transition away from wsconncache.
+			netip.PrefixFrom(codersdk.WorkspaceAgentIP, 128),
+		}
+	}
+
+	return a.addresses
+}
+
 func (a *agent) trackConnGoroutine(fn func()) error {
 	a.closeMutex.Lock()
 	defer a.closeMutex.Unlock()
@@ -675,9 +701,9 @@ func (a *agent) trackConnGoroutine(fn func()) error {
 	return nil
 }
 
-func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap, disableDirectConnections bool) (_ *tailnet.Conn, err error) {
+func (a *agent) createTailnet(ctx context.Context, agentID uuid.UUID, derpMap *tailcfg.DERPMap, disableDirectConnections bool) (_ *tailnet.Conn, err error) {
 	network, err := tailnet.NewConn(&tailnet.Options{
-		Addresses:      []netip.Prefix{netip.PrefixFrom(codersdk.WorkspaceAgentIP, 128)},
+		Addresses:      a.wireguardAddresses(agentID),
 		DERPMap:        derpMap,
 		Logger:         a.logger.Named("tailnet"),
 		ListenPort:     a.tailnetListenPort,