mirror of
https://github.com/juanfont/headscale.git
synced 2024-11-29 18:33:05 +00:00
Compare commits
5 commits
e2073712de
...
7a1713c164
Author | SHA1 | Date | |
---|---|---|---|
|
7a1713c164 | ||
|
6275399327 | ||
|
29119bb7f4 | ||
|
93ba21ede5 | ||
|
0058a90ae9 |
10 changed files with 22 additions and 12 deletions
2
.github/workflows/docs.yml
vendored
2
.github/workflows/docs.yml
vendored
|
@ -13,6 +13,7 @@ permissions:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
|
if: github.repository == 'juanfont/headscale'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
|
@ -36,6 +37,7 @@ jobs:
|
||||||
path: ./site
|
path: ./site
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
|
if: github.repository == 'juanfont/headscale'
|
||||||
environment:
|
environment:
|
||||||
name: github-pages
|
name: github-pages
|
||||||
url: ${{ steps.deployment.outputs.page_url }}
|
url: ${{ steps.deployment.outputs.page_url }}
|
||||||
|
|
1
.github/workflows/gh-actions-updater.yaml
vendored
1
.github/workflows/gh-actions-updater.yaml
vendored
|
@ -7,6 +7,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
|
if: github.repository == 'juanfont/headscale'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
1
.github/workflows/release.yml
vendored
1
.github/workflows/release.yml
vendored
|
@ -9,6 +9,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
goreleaser:
|
goreleaser:
|
||||||
|
if: github.repository == 'juanfont/headscale'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
|
|
1
.github/workflows/stale.yml
vendored
1
.github/workflows/stale.yml
vendored
|
@ -6,6 +6,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
close-issues:
|
close-issues:
|
||||||
|
if: github.repository == 'juanfont/headscale'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
permissions:
|
permissions:
|
||||||
issues: write
|
issues: write
|
||||||
|
|
1
.github/workflows/update-flake.yml
vendored
1
.github/workflows/update-flake.yml
vendored
|
@ -6,6 +6,7 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
lockfile:
|
lockfile:
|
||||||
|
if: github.repository == 'juanfont/headscale'
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
|
|
|
@ -45,11 +45,11 @@ headscale server.
|
||||||
|
|
||||||
ACLs have to be written in [huJSON](https://github.com/tailscale/hujson).
|
ACLs have to be written in [huJSON](https://github.com/tailscale/hujson).
|
||||||
|
|
||||||
When registering the servers we will need to add the flag
|
When [registering the servers](../usage/getting-started.md#register-a-node) we
|
||||||
`--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user that is
|
will need to add the flag `--advertise-tags=tag:<tag1>,tag:<tag2>`, and the user
|
||||||
registering the server should be allowed to do it. Since anyone can add tags to
|
that is registering the server should be allowed to do it. Since anyone can add
|
||||||
a server they can register, the check of the tags is done on headscale server
|
tags to a server they can register, the check of the tags is done on headscale
|
||||||
and only valid tags are applied. A tag is valid if the user that is
|
server and only valid tags are applied. A tag is valid if the user that is
|
||||||
registering it is allowed to do it.
|
registering it is allowed to do it.
|
||||||
|
|
||||||
To use ACLs in headscale, you must edit your `config.yaml` file. In there you will find a `policy.path` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).
|
To use ACLs in headscale, you must edit your `config.yaml` file. In there you will find a `policy.path` parameter. This will need to point to your ACL file. More info on how these policies are written can be found [here](https://tailscale.com/kb/1018/acls/).
|
||||||
|
|
|
@ -9,6 +9,8 @@ tls_cert_path: ""
|
||||||
tls_key_path: ""
|
tls_key_path: ""
|
||||||
```
|
```
|
||||||
|
|
||||||
|
The certificate should contain the full chain, else some clients, like the Tailscale Android client, will reject it.
|
||||||
|
|
||||||
## Let's Encrypt / ACME
|
## Let's Encrypt / ACME
|
||||||
|
|
||||||
To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
|
To get a certificate automatically via [Let's Encrypt](https://letsencrypt.org/), set `tls_letsencrypt_hostname` to the desired certificate hostname. This name must resolve to the IP address(es) headscale is reachable on (i.e., it must correspond to the `server_url` configuration parameter). The certificate and Let's Encrypt account credentials will be stored in the directory configured in `tls_letsencrypt_cache_dir`. If the path is relative, it will be interpreted as relative to the directory the configuration file was read from.
|
||||||
|
|
|
@ -60,7 +60,7 @@ Install the official Tailscale tvOS client from the [App Store](https://apps.app
|
||||||
|
|
||||||
### Configuring the headscale URL
|
### Configuring the headscale URL
|
||||||
|
|
||||||
- Go Settings (the apple tvOS settings) > Apps > Tailscale
|
- Open Settings (the Apple tvOS settings) > Apps > Tailscale
|
||||||
- Under `ALTERNATE COORDINATION SERVER URL`, select `URL`
|
- Under `ALTERNATE COORDINATION SERVER URL`, select `URL`
|
||||||
- Enter the URL of your headscale instance (e.g `https://headscale.example.com`) and press `OK`
|
- Enter the URL of your headscale instance (e.g `https://headscale.example.com`) and press `OK`
|
||||||
- Return to the tvOS Home screen
|
- Return to the tvOS Home screen
|
||||||
|
|
|
@ -9,6 +9,8 @@ This page helps you get started with headscale and provides a few usage examples
|
||||||
installation instructions.
|
installation instructions.
|
||||||
* The configuration file exists and is adjusted to suit your environment, see
|
* The configuration file exists and is adjusted to suit your environment, see
|
||||||
[Configuration](../ref/configuration.md) for details.
|
[Configuration](../ref/configuration.md) for details.
|
||||||
|
* Headscale is reachable from the Internet. Verify this by opening client specific setup instructions in your
|
||||||
|
browser, e.g. https://headscale.example.com/windows
|
||||||
* The Tailscale client is installed, see [Client and operating system support](../about/clients.md) for more
|
* The Tailscale client is installed, see [Client and operating system support](../about/clients.md) for more
|
||||||
information.
|
information.
|
||||||
|
|
||||||
|
|
12
flake.lock
12
flake.lock
|
@ -5,11 +5,11 @@
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726560853,
|
"lastModified": 1731533236,
|
||||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -20,11 +20,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730958623,
|
"lastModified": 1731763621,
|
||||||
"narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
|
"narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "85f7e662eda4fa3a995556527c87b2524b691933",
|
"rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
Loading…
Reference in a new issue