whitney-coder
diff --git a/‎.vscode/settings.json
+1 b/‎.vscode/settings.json
+1
diff --git a/‎cli/ssh.go
+53-58 b/‎cli/ssh.go
+53-58
diff --git a/‎cli/wireguardtunnel.go
+76-81 b/‎cli/wireguardtunnel.go
+76-81
diff --git a/‎coderd/coderd.go
+5-11 b/‎coderd/coderd.go
+5-11
diff --git a/‎coderd/database/databasefake/databasefake.go
+1-1 b/‎coderd/database/databasefake/databasefake.go
+1-1
diff --git a/‎coderd/database/dump.sql
+1-1 b/‎coderd/database/dump.sql
+1-1
diff --git a/‎coderd/database/migrations/000029_tailnet.up.sql
+1-1 b/‎coderd/database/migrations/000029_tailnet.up.sql
+1-1
diff --git a/‎coderd/database/models.go
+1-1 b/‎coderd/database/models.go
+1-1
@@ -13,6 +13,7 @@
     "cronstrue",
     "DERP",
     "derphttp",
+    "derpmap",
     "devel",
     "drpc",
     "drpcconn",
 
@@ -18,18 +18,13 @@ import (
 	gosshagent "golang.org/x/crypto/ssh/agent"
 	"golang.org/x/term"
 	"golang.org/x/xerrors"
-	"inet.af/netaddr"
-	tslogger "tailscale.com/types/logger"
 
-	"cdr.dev/slog"
-	"cdr.dev/slog/sloggers/sloghuman"
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/coderd/autobuild/notify"
 	"github.com/coder/coder/coderd/util/ptr"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/cryptorand"
-	"github.com/coder/coder/peer/peerwg"
 )
 
 var workspacePollInterval = time.Minute
@@ -122,59 +117,59 @@ func ssh() *cobra.Command {
 				}
 			} else {
 				// TODO: more granual control of Tailscale logging.
-				peerwg.Logf = tslogger.Discard
-
-				ipv6 := peerwg.UUIDToNetaddr(uuid.New())
-				wgn, err := peerwg.New(
-					slog.Make(sloghuman.Sink(os.Stderr)),
-					[]netaddr.IPPrefix{netaddr.IPPrefixFrom(ipv6, 128)},
-				)
-				if err != nil {
-					return xerrors.Errorf("create wireguard network: %w", err)
-				}
-
-				err = client.PostWireguardPeer(cmd.Context(), workspace.ID, peerwg.Handshake{
-					Recipient:      workspaceAgent.ID,
-					NodePublicKey:  wgn.NodePrivateKey.Public(),
-					DiscoPublicKey: wgn.DiscoPublicKey,
-					IPv6:           ipv6,
-				})
-				if err != nil {
-					return xerrors.Errorf("post wireguard peer: %w", err)
-				}
-
-				err = wgn.AddPeer(peerwg.Handshake{
-					Recipient:      workspaceAgent.ID,
-					DiscoPublicKey: workspaceAgent.DiscoPublicKey,
-					NodePublicKey:  workspaceAgent.WireguardPublicKey,
-					IPv6:           workspaceAgent.IPv6.IP(),
-				})
-				if err != nil {
-					return xerrors.Errorf("add workspace agent as peer: %w", err)
-				}
-
-				if stdio {
-					rawSSH, err := wgn.SSH(cmd.Context(), workspaceAgent.IPv6.IP())
-					if err != nil {
-						return err
-					}
-
-					go func() {
-						_, _ = io.Copy(cmd.OutOrStdout(), rawSSH)
-					}()
-					_, _ = io.Copy(rawSSH, cmd.InOrStdin())
-					return nil
-				}
-
-				sshClient, err = wgn.SSHClient(cmd.Context(), workspaceAgent.IPv6.IP())
-				if err != nil {
-					return err
-				}
-
-				sshSession, err = sshClient.NewSession()
-				if err != nil {
-					return err
-				}
+				// peerwg.Logf = tslogger.Discard
+
+				// ipv6 := peerwg.UUIDToNetaddr(uuid.New())
+				// wgn, err := peerwg.New(
+				// 	slog.Make(sloghuman.Sink(os.Stderr)),
+				// 	[]netaddr.IPPrefix{netaddr.IPPrefixFrom(ipv6, 128)},
+				// )
+				// if err != nil {
+				// 	return xerrors.Errorf("create wireguard network: %w", err)
+				// }
+
+				// err = client.PostWireguardPeer(cmd.Context(), workspace.ID, peerwg.Handshake{
+				// 	Recipient:      workspaceAgent.ID,
+				// 	NodePublicKey:  wgn.NodePrivateKey.Public(),
+				// 	DiscoPublicKey: wgn.DiscoPublicKey,
+				// 	IPv6:           ipv6,
+				// })
+				// if err != nil {
+				// 	return xerrors.Errorf("post wireguard peer: %w", err)
+				// }
+
+				// err = wgn.AddPeer(peerwg.Handshake{
+				// 	Recipient:      workspaceAgent.ID,
+				// 	DiscoPublicKey: workspaceAgent.DiscoPublicKey,
+				// 	NodePublicKey:  workspaceAgent.WireguardPublicKey,
+				// 	IPv6:           workspaceAgent.IPv6.IP(),
+				// })
+				// if err != nil {
+				// 	return xerrors.Errorf("add workspace agent as peer: %w", err)
+				// }
+
+				// if stdio {
+				// 	rawSSH, err := wgn.SSH(cmd.Context(), workspaceAgent.IPv6.IP())
+				// 	if err != nil {
+				// 		return err
+				// 	}
+
+				// 	go func() {
+				// 		_, _ = io.Copy(cmd.OutOrStdout(), rawSSH)
+				// 	}()
+				// 	_, _ = io.Copy(rawSSH, cmd.InOrStdin())
+				// 	return nil
+				// }
+
+				// sshClient, err = wgn.SSHClient(cmd.Context(), workspaceAgent.IPv6.IP())
+				// if err != nil {
+				// 	return err
+				// }
+
+				// sshSession, err = sshClient.NewSession()
+				// if err != nil {
+				// 	return err
+				// }
 			}
 
 			if identityAgent == "" {
 
@@ -4,20 +4,14 @@ import (
 	"context"
 	"fmt"
 	"net"
-	"os"
-	"os/signal"
 	"strconv"
 	"sync"
-	"syscall"
 
-	"github.com/google/uuid"
 	"github.com/pion/udp"
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 	"inet.af/netaddr"
 
-	"cdr.dev/slog"
-	"cdr.dev/slog/sloggers/sloghuman"
 	coderagent "github.com/coder/coder/agent"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/codersdk"
@@ -94,81 +88,82 @@ func wireguardPortForward() *cobra.Command {
 				return xerrors.Errorf("await agent: %w", err)
 			}
 
-			ipv6 := peerwg.UUIDToNetaddr(uuid.New())
-			wgn, err := peerwg.New(
-				slog.Make(sloghuman.Sink(os.Stderr)),
-				[]netaddr.IPPrefix{netaddr.IPPrefixFrom(ipv6, 128)},
-			)
-			if err != nil {
-				return xerrors.Errorf("create wireguard network: %w", err)
-			}
-
-			err = client.PostWireguardPeer(cmd.Context(), workspace.ID, peerwg.Handshake{
-				Recipient:      workspaceAgent.ID,
-				NodePublicKey:  wgn.NodePrivateKey.Public(),
-				DiscoPublicKey: wgn.DiscoPublicKey,
-				IPv6:           ipv6,
-			})
-			if err != nil {
-				return xerrors.Errorf("post wireguard peer: %w", err)
-			}
-
-			err = wgn.AddPeer(peerwg.Handshake{
-				Recipient:      workspaceAgent.ID,
-				DiscoPublicKey: workspaceAgent.DiscoPublicKey,
-				NodePublicKey:  workspaceAgent.WireguardPublicKey,
-				IPv6:           workspaceAgent.IPv6.IP(),
-			})
-			if err != nil {
-				return xerrors.Errorf("add workspace agent as peer: %w", err)
-			}
-
-			// Start all listeners.
-			var (
-				ctx, cancel       = context.WithCancel(cmd.Context())
-				wg                = new(sync.WaitGroup)
-				listeners         = make([]net.Listener, len(specs))
-				closeAllListeners = func() {
-					for _, l := range listeners {
-						if l == nil {
-							continue
-						}
-						_ = l.Close()
-					}
-				}
-			)
-			defer cancel()
-			for i, spec := range specs {
-				l, err := listenAndPortForwardWireguard(ctx, cmd, wgn, wg, spec, workspaceAgent.IPv6.IP())
-				if err != nil {
-					closeAllListeners()
-					return err
-				}
-				listeners[i] = l
-			}
-
-			// Wait for the context to be canceled or for a signal and close
-			// all listeners.
-			var closeErr error
-			go func() {
-				sigs := make(chan os.Signal, 1)
-				signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
-
-				select {
-				case <-ctx.Done():
-					closeErr = ctx.Err()
-				case <-sigs:
-					_, _ = fmt.Fprintln(cmd.OutOrStderr(), "Received signal, closing all listeners and active connections")
-					closeErr = xerrors.New("signal received")
-				}
-
-				cancel()
-				closeAllListeners()
-			}()
-
-			_, _ = fmt.Fprintln(cmd.OutOrStderr(), "Ready!")
-			wg.Wait()
-			return closeErr
+			// ipv6 := peerwg.UUIDToNetaddr(uuid.New())
+			// wgn, err := peerwg.New(
+			// 	slog.Make(sloghuman.Sink(os.Stderr)),
+			// 	[]netaddr.IPPrefix{netaddr.IPPrefixFrom(ipv6, 128)},
+			// )
+			// if err != nil {
+			// 	return xerrors.Errorf("create wireguard network: %w", err)
+			// }
+
+			// err = client.PostWireguardPeer(cmd.Context(), workspace.ID, peerwg.Handshake{
+			// 	Recipient:      workspaceAgent.ID,
+			// 	NodePublicKey:  wgn.NodePrivateKey.Public(),
+			// 	DiscoPublicKey: wgn.DiscoPublicKey,
+			// 	IPv6:           ipv6,
+			// })
+			// if err != nil {
+			// 	return xerrors.Errorf("post wireguard peer: %w", err)
+			// }
+
+			// err = wgn.AddPeer(peerwg.Handshake{
+			// 	Recipient:      workspaceAgent.ID,
+			// 	DiscoPublicKey: workspaceAgent.DiscoPublicKey,
+			// 	NodePublicKey:  workspaceAgent.WireguardPublicKey,
+			// 	IPv6:           workspaceAgent.IPv6.IP(),
+			// })
+			// if err != nil {
+			// 	return xerrors.Errorf("add workspace agent as peer: %w", err)
+			// }
+
+			// // Start all listeners.
+			// var (
+			// 	ctx, cancel       = context.WithCancel(cmd.Context())
+			// 	wg                = new(sync.WaitGroup)
+			// 	listeners         = make([]net.Listener, len(specs))
+			// 	closeAllListeners = func() {
+			// 		for _, l := range listeners {
+			// 			if l == nil {
+			// 				continue
+			// 			}
+			// 			_ = l.Close()
+			// 		}
+			// 	}
+			// )
+			// defer cancel()
+			// for i, spec := range specs {
+			// 	l, err := listenAndPortForwardWireguard(ctx, cmd, wgn, wg, spec, workspaceAgent.IPv6.IP())
+			// 	if err != nil {
+			// 		closeAllListeners()
+			// 		return err
+			// 	}
+			// 	listeners[i] = l
+			// }
+
+			// // Wait for the context to be canceled or for a signal and close
+			// // all listeners.
+			// var closeErr error
+			// go func() {
+			// 	sigs := make(chan os.Signal, 1)
+			// 	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+
+			// 	select {
+			// 	case <-ctx.Done():
+			// 		closeErr = ctx.Err()
+			// 	case <-sigs:
+			// 		_, _ = fmt.Fprintln(cmd.OutOrStderr(), "Received signal, closing all listeners and active connections")
+			// 		closeErr = xerrors.New("signal received")
+			// 	}
+
+			// 	cancel()
+			// 	closeAllListeners()
+			// }()
+
+			// _, _ = fmt.Fprintln(cmd.OutOrStderr(), "Ready!")
+			// wg.Wait()
+			// return closeErr
+			return nil
 		},
 	}
 
 
@@ -322,14 +322,10 @@ func New(options *Options) *API {
 				r.Get("/gitsshkey", api.agentGitSSHKey)
 				r.Get("/turn", api.workspaceAgentTurn)
 				r.Get("/iceservers", api.workspaceAgentICEServers)
-				r.Get("/derp", api.derpMap)
 
-				// Posting map under "me" sets the agents node map.
-
-				// On the agent side, "map" is a WebSocket that sends
-				// updates via marshalled JSON and recieves networking
-				// messages on the other end.
-				r.Get("/netmap", api.workspaceAgentSelfNetmap)
+				// Everything below this is Tailnet.
+				r.Get("/node", api.workspaceAgentNode)
+				r.Get("/derpmap", api.derpMap)
 			})
 			r.Route("/{workspaceagent}", func(r chi.Router) {
 				r.Use(
@@ -342,11 +338,9 @@ func New(options *Options) *API {
 				r.Get("/turn", api.workspaceAgentTurn)
 				r.Get("/pty", api.workspaceAgentPTY)
 				r.Get("/iceservers", api.workspaceAgentICEServers)
-				r.Get("/derp", api.derpMap)
 
-				// Specific to Tailscale networking:
-				r.Post("/netmap")
-				r.Get("/tail-dial", api.workspaceAgentTailnetDial)
+				r.Get("/derpmap", api.derpMap)
+				r.Post("/node", api.postWorkspaceAgentNode)
 			})
 		})
 		r.Route("/workspaceresources/{workspaceresource}", func(r chi.Router) {
 
@@ -1925,7 +1925,7 @@ func (q *fakeQuerier) UpdateWorkspaceAgentNetworkByID(_ context.Context, arg dat
 
 		agent.DiscoPublicKey = arg.DiscoPublicKey
 		agent.NodePublicKey = arg.NodePublicKey
-		agent.DERP = arg.DERP
+		agent.PreferredDERP = arg.PreferredDERP
 		agent.DERPLatency = arg.DERPLatency
 		agent.UpdatedAt = database.Now()
 		q.provisionerJobAgents[index] = agent
 
@@ -2,5 +2,5 @@ ALTER TABLE workspace_agents DROP COLUMN wireguard_node_ipv6;
 ALTER TABLE workspace_agents ADD COLUMN ip_addresses inet[] NOT NULL DEFAULT array[]::inet[];
 ALTER TABLE workspace_agents RENAME COLUMN wireguard_node_public_key TO node_public_key;
 ALTER TABLE workspace_agents RENAME COLUMN wireguard_disco_public_key TO disco_public_key;
-ALTER TABLE workspace_agents ADD COLUMN derp varchar(128) NOT NULL DEFAULT '127.3.3.40:0';
+ALTER TABLE workspace_agents ADD COLUMN preferred_derp integer NOT NULL DEFAULT 0;
 ALTER TABLE workspace_agents ADD COLUMN derp_latency jsonb NOT NULL DEFAULT '{}';