From 3460ed6ff30312818fe4335f3fc4680815615a19 Mon Sep 17 00:00:00 2001 From: lmwangi Date: Mon, 12 Aug 2024 21:54:05 +0300 Subject: [PATCH 1/4] easier to use bash one liners to download the latest headscale version. Added a sample config.yml --- docs/running-headscale-linux.md | 108 ++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/docs/running-headscale-linux.md b/docs/running-headscale-linux.md index f08789c457..112886f3f5 100644 --- a/docs/running-headscale-linux.md +++ b/docs/running-headscale-linux.md @@ -24,7 +24,11 @@ configuration (`/etc/headscale/config.yaml`). ```shell HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!) + # Or you can use the following bash one liner + # HEADSCALE_VERSION="$(curl -v https://github.com/juanfont/headscale/releases/latest 2>&1 |grep location | awk -F'/' '{print $NF}' | sed -e 's/v//' | |tr -d '\r')" HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64" + # Or you can use: + # HEADSCALE_ARCH="$(dpkg --print-architecture)" wget --output-document=headscale.deb \ "https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb" ``` @@ -95,3 +99,107 @@ connect a node to `headscale` during the `tailscale` command: ```shell tailscale up --login-server --authkey ``` + +# Sample config.yml + +A sane config.yml might look like this + +```shell +--- + +# Remember to punch a hole in your firewall for this port +server_url: https://headscale.example.com:28000 + +listen_addr: 0.0.0.0:28000 + +metrics_listen_addr: 127.0.0.1:9090 + +grpc_listen_addr: 127.0.0.1:50443 + +grpc_allow_insecure: false + +private_key_path: /var/lib/headscale/private.key + +noise: + private_key_path: /var/lib/headscale/noise_private.key + +ip_prefixes: + - fd7a:115c:a1e0::/48 + - 100.64.0.0/10 + +derp: + server: + enabled: false + + region_id: 999 + + region_code: "headscale" + region_name: "Headscale Embedded DERP" + + stun_listen_addr: "0.0.0.0:3478" + + urls: + - https://controlplane.tailscale.com/derpmap/default + + paths: [] + + auto_update_enabled: true + + update_frequency: 24h + +disable_check_updates: false + +ephemeral_node_inactivity_timeout: 30m + +node_update_check_interval: 10s + +db_type: sqlite3 + +db_path: /var/lib/headscale/db.sqlite + + + +acme_url: https://acme-v02.api.letsencrypt.org/directory + +acme_email: "contact@example.com" + + +tls_letsencrypt_cache_dir: /var/lib/headscale/cache + +tls_letsencrypt_challenge_type: HTTP-01 +tls_letsencrypt_listen: ":http" + +# Provisioned via certbot +tls_cert_path: "/etc/letsencrypt/live/headscale.example.com/fullchain.pem" +tls_key_path: "/etc/letsencrypt/live/headscale.example.com/privkey.pem" + +log: + format: text + level: info + +acl_policy_path: "" + +dns_config: + override_local_dns: true + + nameservers: + - 9.9.9.9 + - 1.1.1.1 + + + + domains: [] + + + magic_dns: true + + base_domain: example.com + +unix_socket: /var/run/headscale/headscale.sock +unix_socket_permission: "0770" + +logtail: + enabled: false + +randomize_client_port: false +``` From 866b4810818fe31881ff05b67325e99eecdadc9f Mon Sep 17 00:00:00 2001 From: lmwangi Date: Mon, 12 Aug 2024 21:55:51 +0300 Subject: [PATCH 2/4] cosmetic updates for the markdown file --- docs/running-headscale-linux.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/running-headscale-linux.md b/docs/running-headscale-linux.md index 112886f3f5..d79422da58 100644 --- a/docs/running-headscale-linux.md +++ b/docs/running-headscale-linux.md @@ -26,9 +26,11 @@ configuration (`/etc/headscale/config.yaml`). HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!) # Or you can use the following bash one liner # HEADSCALE_VERSION="$(curl -v https://github.com/juanfont/headscale/releases/latest 2>&1 |grep location | awk -F'/' '{print $NF}' | sed -e 's/v//' | |tr -d '\r')" + HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64" # Or you can use: # HEADSCALE_ARCH="$(dpkg --print-architecture)" + wget --output-document=headscale.deb \ "https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb" ``` @@ -104,7 +106,7 @@ tailscale up --login-server --authkey A sane config.yml might look like this -```shell +```yaml --- # Remember to punch a hole in your firewall for this port From 99563e5da8cd737fcc9a7760bb2faa2dbeeafa44 Mon Sep 17 00:00:00 2001 From: lmwangi Date: Mon, 12 Aug 2024 22:36:46 +0300 Subject: [PATCH 3/4] removing config-example.yaml in favour of the existing one --- docs/running-headscale-linux.md | 108 +------------------------------- 1 file changed, 2 insertions(+), 106 deletions(-) diff --git a/docs/running-headscale-linux.md b/docs/running-headscale-linux.md index d79422da58..5c92d793f2 100644 --- a/docs/running-headscale-linux.md +++ b/docs/running-headscale-linux.md @@ -24,11 +24,11 @@ configuration (`/etc/headscale/config.yaml`). ```shell HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!) - # Or you can use the following bash one liner + # Or you can use the following bash one liner which intercepts the latest redirect to a specific version number and extracts the version. # HEADSCALE_VERSION="$(curl -v https://github.com/juanfont/headscale/releases/latest 2>&1 |grep location | awk -F'/' '{print $NF}' | sed -e 's/v//' | |tr -d '\r')" HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64" - # Or you can use: + # Or you can use dpkg to figure out the architecture of the box. # HEADSCALE_ARCH="$(dpkg --print-architecture)" wget --output-document=headscale.deb \ @@ -101,107 +101,3 @@ connect a node to `headscale` during the `tailscale` command: ```shell tailscale up --login-server --authkey ``` - -# Sample config.yml - -A sane config.yml might look like this - -```yaml ---- - -# Remember to punch a hole in your firewall for this port -server_url: https://headscale.example.com:28000 - -listen_addr: 0.0.0.0:28000 - -metrics_listen_addr: 127.0.0.1:9090 - -grpc_listen_addr: 127.0.0.1:50443 - -grpc_allow_insecure: false - -private_key_path: /var/lib/headscale/private.key - -noise: - private_key_path: /var/lib/headscale/noise_private.key - -ip_prefixes: - - fd7a:115c:a1e0::/48 - - 100.64.0.0/10 - -derp: - server: - enabled: false - - region_id: 999 - - region_code: "headscale" - region_name: "Headscale Embedded DERP" - - stun_listen_addr: "0.0.0.0:3478" - - urls: - - https://controlplane.tailscale.com/derpmap/default - - paths: [] - - auto_update_enabled: true - - update_frequency: 24h - -disable_check_updates: false - -ephemeral_node_inactivity_timeout: 30m - -node_update_check_interval: 10s - -db_type: sqlite3 - -db_path: /var/lib/headscale/db.sqlite - - - -acme_url: https://acme-v02.api.letsencrypt.org/directory - -acme_email: "contact@example.com" - - -tls_letsencrypt_cache_dir: /var/lib/headscale/cache - -tls_letsencrypt_challenge_type: HTTP-01 -tls_letsencrypt_listen: ":http" - -# Provisioned via certbot -tls_cert_path: "/etc/letsencrypt/live/headscale.example.com/fullchain.pem" -tls_key_path: "/etc/letsencrypt/live/headscale.example.com/privkey.pem" - -log: - format: text - level: info - -acl_policy_path: "" - -dns_config: - override_local_dns: true - - nameservers: - - 9.9.9.9 - - 1.1.1.1 - - - - domains: [] - - - magic_dns: true - - base_domain: example.com - -unix_socket: /var/run/headscale/headscale.sock -unix_socket_permission: "0770" - -logtail: - enabled: false - -randomize_client_port: false -``` From 641e6763e305aae7a35dfc7317675ef118148db6 Mon Sep 17 00:00:00 2001 From: lmwangi Date: Mon, 12 Aug 2024 22:37:54 +0300 Subject: [PATCH 4/4] bugfix - extra pipe removed --- docs/running-headscale-linux.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/running-headscale-linux.md b/docs/running-headscale-linux.md index 5c92d793f2..bea7f9f90e 100644 --- a/docs/running-headscale-linux.md +++ b/docs/running-headscale-linux.md @@ -25,7 +25,7 @@ configuration (`/etc/headscale/config.yaml`). ```shell HEADSCALE_VERSION="" # See above URL for latest version, e.g. "X.Y.Z" (NOTE: do not add the "v" prefix!) # Or you can use the following bash one liner which intercepts the latest redirect to a specific version number and extracts the version. - # HEADSCALE_VERSION="$(curl -v https://github.com/juanfont/headscale/releases/latest 2>&1 |grep location | awk -F'/' '{print $NF}' | sed -e 's/v//' | |tr -d '\r')" + # HEADSCALE_VERSION="$(curl -v https://github.com/juanfont/headscale/releases/latest 2>&1 | grep location | awk -F'/' '{print $NF}' | sed -e 's/v//' | tr -d '\r')" HEADSCALE_ARCH="" # Your system architecture, e.g. "amd64" # Or you can use dpkg to figure out the architecture of the box.