coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 24 additions & 15 deletions b/‎.github/workflows/ci.yaml
Lines changed: 24 additions & 15 deletions
diff --git a/‎agent/agent.go
Lines changed: 12 additions & 9 deletions b/‎agent/agent.go
Lines changed: 12 additions & 9 deletions
diff --git a/‎cli/netcheck_test.go
Lines changed: 1 addition & 1 deletion b/‎cli/netcheck_test.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/templatecreate.go
Lines changed: 1 addition & 1 deletion b/‎cli/templatecreate.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/templateedit.go
Lines changed: 1 addition & 1 deletion b/‎cli/templateedit.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/templateedit_test.go
Lines changed: 4 additions & 4 deletions b/‎cli/templateedit_test.go
Lines changed: 4 additions & 4 deletions
diff --git a/‎cli/testdata/coder_list_--output_json.golden
Lines changed: 1 addition & 1 deletion b/‎cli/testdata/coder_list_--output_json.golden
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/testdata/coder_server_--help.golden
Lines changed: 7 additions & 0 deletions b/‎cli/testdata/coder_server_--help.golden
Lines changed: 7 additions & 0 deletions
diff --git a/‎cli/testdata/server-config.yaml.golden
Lines changed: 6 additions & 0 deletions b/‎cli/testdata/server-config.yaml.golden
Lines changed: 6 additions & 0 deletions
@@ -188,16 +188,13 @@ jobs:
 
       - name: Install Protoc
         run: |
-          # protoc must be in lockstep with our dogfood Dockerfile or the
-          # version in the comments will differ. This is also defined in
-          # security.yaml
-          set -x
-          cd dogfood
-          DOCKER_BUILDKIT=1 docker build . --target proto -t protoc
-          protoc_path=/usr/local/bin/protoc
-          docker run --rm --entrypoint cat protoc /tmp/bin/protoc > $protoc_path
-          chmod +x $protoc_path
-          protoc --version
+          mkdir -p /tmp/proto
+          pushd /tmp/proto
+          curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip
+          unzip protoc.zip
+          cp -r ./bin/* /usr/local/bin
+          cp -r ./include /usr/local/bin/include
+          popd
 
       - name: make gen
         run: "make --output-sync -j -B gen"
@@ -532,15 +529,27 @@ jobs:
       - name: Setup Terraform
         uses: ./.github/actions/setup-tf
 
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v4
+      - name: go install tools
+        run: |
+          go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30
+          go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33
+          go install golang.org/x/tools/cmd/goimports@latest
+          go install github.com/mikefarah/yq/v4@v4.30.6
+          go install github.com/golang/mock/mockgen@v1.6.0
 
-      - name: Run the Magic Nix Cache
-        uses: DeterminateSystems/magic-nix-cache-action@v2
+      - name: Install Protoc
+        run: |
+          mkdir -p /tmp/proto
+          pushd /tmp/proto
+          curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip
+          unzip protoc.zip
+          cp -r ./bin/* /usr/local/bin
+          cp -r ./include /usr/local/bin/include
+          popd
 
       - name: Build
         run: |
-          nix-shell --command 'make -B site/out/index.html'
+          make -B site/out/index.html
 
       - run: pnpm playwright:install
         working-directory: site
 
@@ -678,7 +678,7 @@ func (a *agent) run(ctx context.Context) error {
 	network := a.network
 	a.closeMutex.Unlock()
 	if network == nil {
-		network, err = a.createTailnet(ctx, manifest.AgentID, manifest.DERPMap, manifest.DisableDirectConnections)
+		network, err = a.createTailnet(ctx, manifest.AgentID, manifest.DERPMap, manifest.DERPForceWebSockets, manifest.DisableDirectConnections)
 		if err != nil {
 			return xerrors.Errorf("create tailnet: %w", err)
 		}
@@ -701,8 +701,10 @@ func (a *agent) run(ctx context.Context) error {
 		if err != nil {
 			a.logger.Error(ctx, "update tailnet addresses", slog.Error(err))
 		}
-		// Update the DERP map and allow/disallow direct connections.
+		// Update the DERP map, force WebSocket setting and allow/disallow
+		// direct connections.
 		network.SetDERPMap(manifest.DERPMap)
+		network.SetDERPForceWebSockets(manifest.DERPForceWebSockets)
 		network.SetBlockEndpoints(manifest.DisableDirectConnections)
 	}
 
@@ -756,14 +758,15 @@ func (a *agent) trackConnGoroutine(fn func()) error {
 	return nil
 }
 
-func (a *agent) createTailnet(ctx context.Context, agentID uuid.UUID, derpMap *tailcfg.DERPMap, disableDirectConnections bool) (_ *tailnet.Conn, err error) {
+func (a *agent) createTailnet(ctx context.Context, agentID uuid.UUID, derpMap *tailcfg.DERPMap, derpForceWebSockets, disableDirectConnections bool) (_ *tailnet.Conn, err error) {
 	network, err := tailnet.NewConn(&tailnet.Options{
-		ID:             agentID,
-		Addresses:      a.wireguardAddresses(agentID),
-		DERPMap:        derpMap,
-		Logger:         a.logger.Named("net.tailnet"),
-		ListenPort:     a.tailnetListenPort,
-		BlockEndpoints: disableDirectConnections,
+		ID:                  agentID,
+		Addresses:           a.wireguardAddresses(agentID),
+		DERPMap:             derpMap,
+		DERPForceWebSockets: derpForceWebSockets,
+		Logger:              a.logger.Named("net.tailnet"),
+		ListenPort:          a.tailnetListenPort,
+		BlockEndpoints:      disableDirectConnections,
 	})
 	if err != nil {
 		return nil, xerrors.Errorf("create tailnet: %w", err)
 
@@ -31,7 +31,7 @@ func TestNetcheck(t *testing.T) {
 	require.NoError(t, json.Unmarshal(b, &report))
 
 	assert.True(t, report.Healthy)
-	require.Len(t, report.Regions, 1+5) // 1 built-in region + 5 STUN regions by default
+	require.Len(t, report.Regions, 1+1) // 1 built-in region + 1 test-managed STUN region
 	for _, v := range report.Regions {
 		require.Len(t, v.NodeReports, len(v.Region.Nodes))
 	}
 
@@ -134,7 +134,7 @@ func (r *RootCmd) templateCreate() *clibase.Cmd {
 				VersionID:                  job.ID,
 				DefaultTTLMillis:           ptr.Ref(defaultTTL.Milliseconds()),
 				FailureTTLMillis:           ptr.Ref(failureTTL.Milliseconds()),
-				InactivityTTLMillis:        ptr.Ref(inactivityTTL.Milliseconds()),
+				TimeTilDormantMillis:       ptr.Ref(inactivityTTL.Milliseconds()),
 				DisableEveryoneGroupAccess: disableEveryone,
 			}
 
 
@@ -104,7 +104,7 @@ func (r *RootCmd) templateEdit() *clibase.Cmd {
 					Weeks:      restartRequirementWeeks,
 				},
 				FailureTTLMillis:             failureTTL.Milliseconds(),
-				InactivityTTLMillis:          inactivityTTL.Milliseconds(),
+				TimeTilDormantMillis:         inactivityTTL.Milliseconds(),
 				AllowUserCancelWorkspaceJobs: allowUserCancelWorkspaceJobs,
 				AllowUserAutostart:           allowUserAutostart,
 				AllowUserAutostop:            allowUserAutostop,
 
@@ -752,7 +752,7 @@ func TestTemplateEdit(t *testing.T) {
 				ctr.DefaultTTLMillis = nil
 				ctr.RestartRequirement = nil
 				ctr.FailureTTLMillis = nil
-				ctr.InactivityTTLMillis = nil
+				ctr.TimeTilDormantMillis = nil
 			})
 
 			// Test the cli command with --allow-user-autostart.
@@ -798,7 +798,7 @@ func TestTemplateEdit(t *testing.T) {
 			assert.Equal(t, template.AllowUserAutostart, updated.AllowUserAutostart)
 			assert.Equal(t, template.AllowUserAutostop, updated.AllowUserAutostop)
 			assert.Equal(t, template.FailureTTLMillis, updated.FailureTTLMillis)
-			assert.Equal(t, template.InactivityTTLMillis, updated.InactivityTTLMillis)
+			assert.Equal(t, template.TimeTilDormantMillis, updated.TimeTilDormantMillis)
 		})
 
 		t.Run("BlockedNotEntitled", func(t *testing.T) {
@@ -892,7 +892,7 @@ func TestTemplateEdit(t *testing.T) {
 			assert.Equal(t, template.AllowUserAutostart, updated.AllowUserAutostart)
 			assert.Equal(t, template.AllowUserAutostop, updated.AllowUserAutostop)
 			assert.Equal(t, template.FailureTTLMillis, updated.FailureTTLMillis)
-			assert.Equal(t, template.InactivityTTLMillis, updated.InactivityTTLMillis)
+			assert.Equal(t, template.TimeTilDormantMillis, updated.TimeTilDormantMillis)
 		})
 		t.Run("Entitled", func(t *testing.T) {
 			t.Parallel()
@@ -990,7 +990,7 @@ func TestTemplateEdit(t *testing.T) {
 			assert.Equal(t, template.AllowUserAutostart, updated.AllowUserAutostart)
 			assert.Equal(t, template.AllowUserAutostop, updated.AllowUserAutostop)
 			assert.Equal(t, template.FailureTTLMillis, updated.FailureTTLMillis)
-			assert.Equal(t, template.InactivityTTLMillis, updated.InactivityTTLMillis)
+			assert.Equal(t, template.TimeTilDormantMillis, updated.TimeTilDormantMillis)
 		})
 	})
 }
@@ -52,7 +52,7 @@
     "ttl_ms": 28800000,
     "last_used_at": "[timestamp]",
     "deleting_at": null,
-    "locked_at": null,
+    "dormant_at": null,
     "health": {
       "healthy": true,
       "failing_agents": []
 
@@ -172,6 +172,13 @@ backed by Tailscale and WireGuard.
           URL to fetch a DERP mapping on startup. See:
           https://tailscale.com/kb/1118/custom-derp-servers/.
 
+      --derp-force-websockets bool, $CODER_DERP_FORCE_WEBSOCKETS
+          Force clients and agents to always use WebSocket to connect to DERP
+          relay servers. By default, DERP uses `Upgrade: derp`, which may cause
+          issues with some reverse proxies. Clients may automatically fallback
+          to WebSocket if they detect an issue with `Upgrade: derp`, but this
+          does not work in all situations.
+
       --derp-server-enable bool, $CODER_DERP_SERVER_ENABLE (default: true)
           Whether to enable or disable the embedded DERP relay server.
 
 
@@ -136,6 +136,12 @@ networking:
     # this change has been made, but new connections will still be proxied regardless.
     # (default: <unset>, type: bool)
     blockDirect: false
+    # Force clients and agents to always use WebSocket to connect to DERP relay
+    # servers. By default, DERP uses `Upgrade: derp`, which may cause issues with some
+    # reverse proxies. Clients may automatically fallback to WebSocket if they detect
+    # an issue with `Upgrade: derp`, but this does not work in all situations.
+    # (default: <unset>, type: bool)
+    forceWebSockets: false
     # URL to fetch a DERP mapping on startup. See:
     # https://tailscale.com/kb/1118/custom-derp-servers/.
     # (default: <unset>, type: string)
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ func TestNetcheck(t *testing.T) {`
`31`	`31`	`require.NoError(t, json.Unmarshal(b, &report))`
`32`	`32`
`33`	`33`	`assert.True(t, report.Healthy)`
`34`		`- require.Len(t, report.Regions, 1+5) // 1 built-in region + 5 STUN regions by default`
	`34`	`+ require.Len(t, report.Regions, 1+1) // 1 built-in region + 1 test-managed STUN region`
`35`	`35`	`for _, v := range report.Regions {`
`36`	`36`	`require.Len(t, v.NodeReports, len(v.Region.Nodes))`
`37`	`37`	`}`
Original file line number	Diff line number	Diff line change
`@@ -134,7 +134,7 @@ func (r RootCmd) templateCreate() clibase.Cmd {`
`134`	`134`	`VersionID: job.ID,`
`135`	`135`	`DefaultTTLMillis: ptr.Ref(defaultTTL.Milliseconds()),`
`136`	`136`	`FailureTTLMillis: ptr.Ref(failureTTL.Milliseconds()),`
`137`		`- InactivityTTLMillis: ptr.Ref(inactivityTTL.Milliseconds()),`
	`137`	`+ TimeTilDormantMillis: ptr.Ref(inactivityTTL.Milliseconds()),`
`138`	`138`	`DisableEveryoneGroupAccess: disableEveryone,`
`139`	`139`	`}`
`140`	`140`