headscale/config-example.yaml

---
# The url clients will connect to.
# Typically this will be a domain.
server_url: http://127.0.0.1:8080

# Address to listen to / bind to on the server
listen_addr: 0.0.0.0:8080

# Path to WireGuard private key file
private_key_path: private.key

derp:
  # List of externally available DERP maps encoded in JSON
  urls:
    - https://controlplane.tailscale.com/derpmap/default

  # Locally available DERP map files encoded in YAML
  paths:
    - derp-example.yaml

  # If enabled, a worker will be set up to periodically
  # refresh the given sources and update the derpmap
  # will be set up.
  auto_update_enabled: true

  # How often should we check for updates?
  update_frequency: 24h

# Disables the automatic check for updates on startup
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m

# SQLite config
db_type: sqlite3
db_path: db.sqlite

# # Postgres config
# db_type: postgres
# db_host: localhost
# db_port: 5432
# db_name: headscale
# db_user: foo
# db_pass: bar

acme_url: https://acme-v02.api.letsencrypt.org/directory
acme_email: ""

tls_letsencrypt_hostname: ""
tls_letsencrypt_listen: ":http"
tls_letsencrypt_cache_dir: ".cache"
tls_letsencrypt_challenge_type: HTTP-01

tls_cert_path: ""
tls_key_path: ""

# Path to a file containg ACL policies.
acl_policy_path: ""

dns_config:
  # Upstream DNS servers
  nameservers:
    - 1.1.1.1
  domains: []

  magic_dns: true
  base_domain: example.com

# Unix socket used for the CLI to connect without authentication
# Note: for local development, you probably want to change this to:
# unix_socket: ./headscale.sock
unix_socket: /var/run/headscale.sock