dahjah/headplane
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

chore: update to headscale beta for compose dev

Browse Source
This commit is contained in:
Aarnav Tale 2024-08-04 11:33:11 -04:00
parent 75ba3a3dc7
commit 224cbbdcaf
No known key found for this signature in database
2 changed files with 44 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
compose.yaml
View File

@ -2,14 +2,13 @@
# IT IS NOT AN EXAMPLE OF SOMETHING YOU DEPLOY # IT IS NOT AN EXAMPLE OF SOMETHING YOU DEPLOY
# I ONLY USE IT FOR DEVELOPING HEADPLANE # I ONLY USE IT FOR DEVELOPING HEADPLANE
version: '3.9'
networks: networks:
headplane-dev: headplane-dev:
name: 'headplane-dev' name: 'headplane-dev'
driver: 'bridge' driver: 'bridge'
services: services:
headscale: headscale:
image: 'headscale/headscale:0.23.0-alpha5' image: 'headscale/headscale:0.23.0-beta1'
container_name: 'headscale' container_name: 'headscale'
restart: 'unless-stopped' restart: 'unless-stopped'
command: 'serve' command: 'serve'

81
test/config.yaml
View File

@ -186,7 +186,8 @@ log:
# Path to a file containg ACL policies. # Path to a file containg ACL policies.
# ACLs can be defined as YAML or HUJSON. # ACLs can be defined as YAML or HUJSON.
# https://tailscale.com/kb/1018/acls/ # https://tailscale.com/kb/1018/acls/
acl_policy_path: /etc/headscale/acl.json policy:
mode: 'database'
## DNS ## DNS
# #
@ -253,6 +254,10 @@ dns_config:
# The FQDN of the hosts will be # The FQDN of the hosts will be
# `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_). # `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
base_domain: ts.net base_domain: ts.net
extra_records:
- name: test.example.com
type: A
value: 1.1.1.1
# Unix socket used for the CLI to connect without authentication # Unix socket used for the CLI to connect without authentication
# Note: for production you will want to set this to something like: # Note: for production you will want to set this to something like:
@ -268,46 +273,46 @@ oidc:
issuer: "https://sso.example.com" issuer: "https://sso.example.com"
client_id: "headscale" client_id: "headscale"
client_secret: "super_secret_client_secret" client_secret: "super_secret_client_secret"
# # Alternatively, set `client_secret_path` to read the secret from the file. # # Alternatively, set `client_secret_path` to read the secret from the file.
# # It resolves environment variables, making integration to systemd's # # It resolves environment variables, making integration to systemd's
# # `LoadCredential` straightforward: # # `LoadCredential` straightforward:
# client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret" # client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
# # client_secret and client_secret_path are mutually exclusive. # # client_secret and client_secret_path are mutually exclusive.
# #
# # The amount of time from a node is authenticated with OpenID until it # # The amount of time from a node is authenticated with OpenID until it
# # expires and needs to reauthenticate. # # expires and needs to reauthenticate.
# # Setting the value to "0" will mean no expiry. # # Setting the value to "0" will mean no expiry.
expiry: 180d expiry: 180d
# #
# # Use the expiry from the token received from OpenID when the user logged # # Use the expiry from the token received from OpenID when the user logged
# # in, this will typically lead to frequent need to reauthenticate and should # # in, this will typically lead to frequent need to reauthenticate and should
# # only been enabled if you know what you are doing. # # only been enabled if you know what you are doing.
# # Note: enabling this will cause `oidc.expiry` to be ignored. # # Note: enabling this will cause `oidc.expiry` to be ignored.
# use_expiry_from_token: false # use_expiry_from_token: false
# #
# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query # # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email". # # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
# #
# scope: ["openid", "profile", "email", "custom"] # scope: ["openid", "profile", "email", "custom"]
# extra_params: # extra_params:
# domain_hint: example.com # domain_hint: example.com
# #
# # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the # # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
# # authentication request will be rejected. # # authentication request will be rejected.
# #
allowed_domains: allowed_domains:
- example.com - example.com
# # Note: Groups from keycloak have a leading '/' # # Note: Groups from keycloak have a leading '/'
# allowed_groups: # allowed_groups:
# - /headscale # - /headscale
# allowed_users: # allowed_users:
# - alice@example.com # - alice@example.com
# #
# # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. # # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
# # This will transform `first-name.last-name@example.com` to the user `first-name.last-name` # # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
# # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following # # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
# user: `first-name.last-name.example.com` # user: `first-name.last-name.example.com`
# #
strip_email_domain: true strip_email_domain: true
# Logtail configuration # Logtail configuration