coder
diff --git a/‎.vscode/settings.json
+3 b/‎.vscode/settings.json
+3
diff --git a/‎agent/agent.go
+1 b/‎agent/agent.go
+1
diff --git a/‎agent/agent_test.go
+2-4 b/‎agent/agent_test.go
+2-4
diff --git a/‎cli/agent_test.go
+6-8 b/‎cli/agent_test.go
+6-8
diff --git a/‎cli/config/file.go
+5 b/‎cli/config/file.go
+5
diff --git a/‎cli/configssh_test.go
+1-2 b/‎cli/configssh_test.go
+1-2
diff --git a/‎cli/deployment/flags.go
+7 b/‎cli/deployment/flags.go
+7
diff --git a/‎cli/portforward.go
+2-3 b/‎cli/portforward.go
+2-3
diff --git a/‎cli/root.go
+4-2 b/‎cli/root.go
+4-2
diff --git a/‎cli/server.go
+16-7 b/‎cli/server.go
+16-7
diff --git a/‎cli/speedtest.go
+4-2 b/‎cli/speedtest.go
+4-2
diff --git a/‎cli/ssh.go
+1-3 b/‎cli/ssh.go
+1-3
diff --git a/‎coderd/activitybump_test.go
+4-2 b/‎coderd/activitybump_test.go
+4-2
@@ -19,6 +19,7 @@
     "derphttp",
     "derpmap",
     "devel",
+    "dflags",
     "drpc",
     "drpcconn",
     "drpcmux",
@@ -86,8 +87,10 @@
     "ptytest",
     "quickstart",
     "reconfig",
+    "replicasync",
     "retrier",
     "rpty",
+    "SCIM",
     "sdkproto",
     "sdktrace",
     "Signup",
 
@@ -170,6 +170,7 @@ func (a *agent) runTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) {
 	if a.isClosed() {
 		return
 	}
+	a.logger.Debug(ctx, "running tailnet with derpmap", slog.F("derpmap", derpMap))
 	if a.network != nil {
 		a.network.SetDERPMap(derpMap)
 		return
 
@@ -465,7 +465,7 @@ func TestAgent(t *testing.T) {
 
 				conn, _ := setupAgent(t, codersdk.WorkspaceAgentMetadata{}, 0)
 				require.Eventually(t, func() bool {
-					_, err := conn.Ping()
+					_, err := conn.Ping(context.Background())
 					return err == nil
 				}, testutil.WaitMedium, testutil.IntervalFast)
 				conn1, err := conn.DialContext(context.Background(), l.Addr().Network(), l.Addr().String())
@@ -483,9 +483,7 @@ func TestAgent(t *testing.T) {
 
 	t.Run("Speedtest", func(t *testing.T) {
 		t.Parallel()
-		if testing.Short() {
-			t.Skip("The minimum duration for a speedtest is hardcoded in Tailscale to 5s!")
-		}
+		t.Skip("This test is relatively flakey because of Tailscale's speedtest code...")
 		derpMap := tailnettest.RunDERPAndSTUN(t)
 		conn, _ := setupAgent(t, codersdk.WorkspaceAgentMetadata{
 			DERPMap: derpMap,
 
@@ -7,8 +7,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"cdr.dev/slog"
-
 	"github.com/coder/coder/cli/clitest"
 	"github.com/coder/coder/coderd/coderdtest"
 	"github.com/coder/coder/provisioner/echo"
@@ -67,11 +65,11 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, workspace.LatestBuild.Resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
-			_, err := dialer.Ping()
+			_, err := dialer.Ping(ctx)
 			return err == nil
 		}, testutil.WaitMedium, testutil.IntervalFast)
 		cancelFunc()
@@ -128,11 +126,11 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
-			_, err := dialer.Ping()
+			_, err := dialer.Ping(ctx)
 			return err == nil
 		}, testutil.WaitMedium, testutil.IntervalFast)
 		cancelFunc()
@@ -189,11 +187,11 @@ func TestWorkspaceAgent(t *testing.T) {
 		if assert.NotEmpty(t, resources) && assert.NotEmpty(t, resources[0].Agents) {
 			assert.NotEmpty(t, resources[0].Agents[0].Version)
 		}
-		dialer, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, resources[0].Agents[0].ID)
+		dialer, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil)
 		require.NoError(t, err)
 		defer dialer.Close()
 		require.Eventually(t, func() bool {
-			_, err := dialer.Ping()
+			_, err := dialer.Ping(ctx)
 			return err == nil
 		}, testutil.WaitMedium, testutil.IntervalFast)
 		cancelFunc()
 
@@ -13,6 +13,11 @@ func (r Root) Session() File {
 	return File(filepath.Join(string(r), "session"))
 }
 
+// ReplicaID is a unique identifier for the Coder server.
+func (r Root) ReplicaID() File {
+	return File(filepath.Join(string(r), "replica_id"))
+}
+
 func (r Root) URL() File {
 	return File(filepath.Join(string(r), "url"))
 }
 
@@ -19,7 +19,6 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
-	"cdr.dev/slog"
 	"cdr.dev/slog/sloggers/slogtest"
 
 	"github.com/coder/coder/agent"
@@ -115,7 +114,7 @@ func TestConfigSSH(t *testing.T) {
 		_ = agentCloser.Close()
 	}()
 	resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
-	agentConn, err := client.DialWorkspaceAgentTailnet(context.Background(), slog.Logger{}, resources[0].Agents[0].ID)
+	agentConn, err := client.DialWorkspaceAgent(context.Background(), resources[0].Agents[0].ID, nil)
 	require.NoError(t, err)
 	defer agentConn.Close()
 
 
@@ -85,6 +85,13 @@ func Flags() *codersdk.DeploymentFlags {
 			Description: "Addresses for STUN servers to establish P2P connections. Set empty to disable P2P connections.",
 			Default:     []string{"stun.l.google.com:19302"},
 		},
+		DerpServerRelayAddress: &codersdk.StringFlag{
+			Name:        "DERP Server Relay Address",
+			Flag:        "derp-server-relay-address",
+			EnvVar:      "CODER_DERP_SERVER_RELAY_ADDRESS",
+			Description: "An HTTP address that is accessible by other replicas to relay DERP traffic. Required for high availability.",
+			Enterprise:  true,
+		},
 		DerpConfigURL: &codersdk.StringFlag{
 			Name:        "DERP Config URL",
 			Flag:        "derp-config-url",
 
@@ -16,7 +16,6 @@ import (
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 
-	"cdr.dev/slog"
 	"github.com/coder/coder/agent"
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
@@ -96,7 +95,7 @@ func portForward() *cobra.Command {
 				return xerrors.Errorf("await agent: %w", err)
 			}
 
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)
 			if err != nil {
 				return err
 			}
@@ -156,7 +155,7 @@ func portForward() *cobra.Command {
 				case <-ticker.C:
 				}
 
-				_, err = conn.Ping()
+				_, err = conn.Ping(ctx)
 				if err != nil {
 					continue
 				}
 
@@ -4,6 +4,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
@@ -100,8 +101,9 @@ func Core() []*cobra.Command {
 }
 
 func AGPL() []*cobra.Command {
-	all := append(Core(), Server(deployment.Flags(), func(_ context.Context, o *coderd.Options) (*coderd.API, error) {
-		return coderd.New(o), nil
+	all := append(Core(), Server(deployment.Flags(), func(_ context.Context, o *coderd.Options) (*coderd.API, io.Closer, error) {
+		api := coderd.New(o)
+		return api, api, nil
 	}))
 	return all
 }
 
@@ -69,7 +69,7 @@ import (
 )
 
 // nolint:gocyclo
-func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *coderd.Options) (*coderd.API, error)) *cobra.Command {
+func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *coderd.Options) (*coderd.API, io.Closer, error)) *cobra.Command {
 	root := &cobra.Command{
 		Use:   "server",
 		Short: "Start a Coder server",
@@ -167,9 +167,10 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 			}
 			defer listener.Close()
 
+			var tlsConfig *tls.Config
 			if dflags.TLSEnable.Value {
-				listener, err = configureServerTLS(
-					listener, dflags.TLSMinVersion.Value,
+				tlsConfig, err = configureTLS(
+					dflags.TLSMinVersion.Value,
 					dflags.TLSClientAuth.Value,
 					dflags.TLSCertFiles.Value,
 					dflags.TLSKeyFiles.Value,
@@ -178,6 +179,7 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 				if err != nil {
 					return xerrors.Errorf("configure tls: %w", err)
 				}
+				listener = tls.NewListener(listener, tlsConfig)
 			}
 
 			tcpAddr, valid := listener.Addr().(*net.TCPAddr)
@@ -328,6 +330,9 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 				Experimental:                ExperimentalEnabled(cmd),
 				DeploymentFlags:             dflags,
 			}
+			if tlsConfig != nil {
+				options.TLSCertificates = tlsConfig.Certificates
+			}
 
 			if dflags.OAuth2GithubClientSecret.Value != "" {
 				options.GithubOAuth2Config, err = configureGithubOAuth2(accessURLParsed,
@@ -471,11 +476,14 @@ func Server(dflags *codersdk.DeploymentFlags, newAPI func(context.Context, *code
 				), dflags.PromAddress.Value, "prometheus")()
 			}
 
-			coderAPI, err := newAPI(ctx, options)
+			// We use a separate closer so the Enterprise API
+			// can have it's own close functions. This is cleaner
+			// than abstracting the Coder API itself.
+			coderAPI, closer, err := newAPI(ctx, options)
 			if err != nil {
 				return err
 			}
-			defer coderAPI.Close()
+			defer closer.Close()
 
 			client := codersdk.New(localURL)
 			if dflags.TLSEnable.Value {
@@ -893,7 +901,7 @@ func loadCertificates(tlsCertFiles, tlsKeyFiles []string) ([]tls.Certificate, er
 	return certs, nil
 }
 
-func configureServerTLS(listener net.Listener, tlsMinVersion, tlsClientAuth string, tlsCertFiles, tlsKeyFiles []string, tlsClientCAFile string) (net.Listener, error) {
+func configureTLS(tlsMinVersion, tlsClientAuth string, tlsCertFiles, tlsKeyFiles []string, tlsClientCAFile string) (*tls.Config, error) {
 	tlsConfig := &tls.Config{
 		MinVersion: tls.VersionTLS12,
 	}
@@ -929,6 +937,7 @@ func configureServerTLS(listener net.Listener, tlsMinVersion, tlsClientAuth stri
 	if err != nil {
 		return nil, xerrors.Errorf("load certificates: %w", err)
 	}
+	tlsConfig.Certificates = certs
 	tlsConfig.GetCertificate = func(hi *tls.ClientHelloInfo) (*tls.Certificate, error) {
 		// If there's only one certificate, return it.
 		if len(certs) == 1 {
@@ -963,7 +972,7 @@ func configureServerTLS(listener net.Listener, tlsMinVersion, tlsClientAuth stri
 		tlsConfig.ClientCAs = caPool
 	}
 
-	return tls.NewListener(listener, tlsConfig), nil
+	return tlsConfig, nil
 }
 
 func configureGithubOAuth2(accessURL *url.URL, clientID, clientSecret string, allowSignups bool, allowOrgs []string, rawTeams []string, enterpriseBaseURL string) (*coderd.GithubOAuth2Config, error) {
 
@@ -55,7 +55,9 @@ func speedtest() *cobra.Command {
 			if cliflag.IsSetBool(cmd, varVerbose) {
 				logger = logger.Leveled(slog.LevelDebug)
 			}
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, logger, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, &codersdk.DialWorkspaceAgentOptions{
+				Logger: logger,
+			})
 			if err != nil {
 				return err
 			}
@@ -68,7 +70,7 @@ func speedtest() *cobra.Command {
 					return ctx.Err()
 				case <-ticker.C:
 				}
-				dur, err := conn.Ping()
+				dur, err := conn.Ping(ctx)
 				if err != nil {
 					continue
 				}
 
@@ -20,8 +20,6 @@ import (
 	"golang.org/x/term"
 	"golang.org/x/xerrors"
 
-	"cdr.dev/slog"
-
 	"github.com/coder/coder/cli/cliflag"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/coderd/autobuild/notify"
@@ -86,7 +84,7 @@ func ssh() *cobra.Command {
 				return xerrors.Errorf("await agent: %w", err)
 			}
 
-			conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)
+			conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)
 			if err != nil {
 				return err
 			}
 
@@ -72,7 +72,7 @@ func TestWorkspaceActivityBump(t *testing.T) {
 				"deadline %v never updated", firstDeadline,
 			)
 
-			require.WithinDuration(t, database.Now().Add(time.Hour), workspace.LatestBuild.Deadline.Time, time.Second)
+			require.WithinDuration(t, database.Now().Add(time.Hour), workspace.LatestBuild.Deadline.Time, 3*time.Second)
 		}
 	}
 
@@ -82,7 +82,9 @@ func TestWorkspaceActivityBump(t *testing.T) {
 		client, workspace, assertBumped := setupActivityTest(t)
 
 		resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)
-		conn, err := client.DialWorkspaceAgentTailnet(ctx, slogtest.Make(t, nil), resources[0].Agents[0].ID)
+		conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, &codersdk.DialWorkspaceAgentOptions{
+			Logger: slogtest.Make(t, nil),
+		})
 		require.NoError(t, err)
 		defer conn.Close()
Original file line number	Diff line number	Diff line change
`@@ -170,6 +170,7 @@ func (a agent) runTailnet(ctx context.Context, derpMap tailcfg.DERPMap) {`
`170`	`170`	`if a.isClosed() {`
`171`	`171`	`return`
`172`	`172`	`}`
	`173`	`+ a.logger.Debug(ctx, "running tailnet with derpmap", slog.F("derpmap", derpMap))`
`173`	`174`	`if a.network != nil {`
`174`	`175`	`a.network.SetDERPMap(derpMap)`
`175`	`176`	`return`
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,11 @@ func (r Root) Session() File {`
`13`	`13`	`return File(filepath.Join(string(r), "session"))`
`14`	`14`	`}`
`15`	`15`
	`16`	`+// ReplicaID is a unique identifier for the Coder server.`
	`17`	`+func (r Root) ReplicaID() File {`
	`18`	`+ return File(filepath.Join(string(r), "replica_id"))`
	`19`	`+}`
	`20`	`+`
`16`	`21`	`func (r Root) URL() File {`
`17`	`22`	`return File(filepath.Join(string(r), "url"))`
`18`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,6 @@ import (`
`16`	`16`	`"github.com/spf13/cobra"`
`17`	`17`	`"golang.org/x/xerrors"`
`18`	`18`
`19`		`- "cdr.dev/slog"`
`20`	`19`	`"github.com/coder/coder/agent"`
`21`	`20`	`"github.com/coder/coder/cli/cliflag"`
`22`	`21`	`"github.com/coder/coder/cli/cliui"`
`@@ -96,7 +95,7 @@ func portForward() *cobra.Command {`
`96`	`95`	`return xerrors.Errorf("await agent: %w", err)`
`97`	`96`	`}`
`98`	`97`
`99`		`- conn, err := client.DialWorkspaceAgentTailnet(ctx, slog.Logger{}, workspaceAgent.ID)`
	`98`	`+ conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, nil)`
`100`	`99`	`if err != nil {`
`101`	`100`	`return err`
`102`	`101`	`}`
`@@ -156,7 +155,7 @@ func portForward() *cobra.Command {`
`156`	`155`	`case <-ticker.C:`
`157`	`156`	`}`
`158`	`157`
`159`		`- _, err = conn.Ping()`
	`158`	`+ _, err = conn.Ping(ctx)`
`160`	`159`	`if err != nil {`
`161`	`160`	`continue`
`162`	`161`	`}`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,9 @@ func speedtest() *cobra.Command {`
`55`	`55`	`if cliflag.IsSetBool(cmd, varVerbose) {`
`56`	`56`	`logger = logger.Leveled(slog.LevelDebug)`
`57`	`57`	`}`
`58`		`- conn, err := client.DialWorkspaceAgentTailnet(ctx, logger, workspaceAgent.ID)`
	`58`	`+ conn, err := client.DialWorkspaceAgent(ctx, workspaceAgent.ID, &codersdk.DialWorkspaceAgentOptions{`
	`59`	`+ Logger: logger,`
	`60`	`+ })`
`59`	`61`	`if err != nil {`
`60`	`62`	`return err`
`61`	`63`	`}`
`@@ -68,7 +70,7 @@ func speedtest() *cobra.Command {`
`68`	`70`	`return ctx.Err()`
`69`	`71`	`case <-ticker.C:`
`70`	`72`	`}`
`71`		`- dur, err := conn.Ping()`
	`73`	`+ dur, err := conn.Ping(ctx)`
`72`	`74`	`if err != nil {`
`73`	`75`	`continue`
`74`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,7 +72,7 @@ func TestWorkspaceActivityBump(t *testing.T) {`
`72`	`72`	`"deadline %v never updated", firstDeadline,`
`73`	`73`	`)`
`74`	`74`
`75`		`- require.WithinDuration(t, database.Now().Add(time.Hour), workspace.LatestBuild.Deadline.Time, time.Second)`
	`75`	`+ require.WithinDuration(t, database.Now().Add(time.Hour), workspace.LatestBuild.Deadline.Time, 3*time.Second)`
`76`	`76`	`}`
`77`	`77`	`}`
`78`	`78`
`@@ -82,7 +82,9 @@ func TestWorkspaceActivityBump(t *testing.T) {`
`82`	`82`	`client, workspace, assertBumped := setupActivityTest(t)`
`83`	`83`
`84`	`84`	`resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID)`
`85`		`- conn, err := client.DialWorkspaceAgentTailnet(ctx, slogtest.Make(t, nil), resources[0].Agents[0].ID)`
	`85`	`+ conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, &codersdk.DialWorkspaceAgentOptions{`
	`86`	`+ Logger: slogtest.Make(t, nil),`
	`87`	`+ })`
`86`	`88`	`require.NoError(t, err)`
`87`	`89`	`defer conn.Close()`
`88`	`90`