Revert "Use Tailscale's DERP servers"

This reverts commit 94b229abd0.
2024-12-06 18:19:32 +00:00 · 2024-12-06 18:19:32 +00:00 · 2618ab6b24
commit 2618ab6b24
parent c66e9f368f
2 changed files with 12 additions and 4 deletions
--- a/ansible/roles/headscale/files/headscale.yml
+++ b/ansible/roles/headscale/files/headscale.yml
@ -79,7 +79,7 @@ derp:
  server:
    # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
    # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
-    enabled: false
+    enabled: true

    # Region ID to use for the embedded DERP server.
    # The local DERP prevails if the region ID collides with other region ID coming from
@ -97,8 +97,7 @@ derp:
    stun_listen_addr: 0.0.0.0:3478

  # List of externally available DERP maps encoded in JSON
-  urls:
-    - https://controlplane.tailscale.com/derpmap/default
+  urls: []

  # Locally available DERP map files encoded in YAML
  #
--- a/terraform/casey_vps.tf
+++ b/terraform/casey_vps.tf
@ -76,13 +76,22 @@ resource "linode_firewall" "casey" {
  }

  inbound {
-    label    = "allow-inbound-tailscale"
+    label    = "allow-inbound-headscale"
    action   = "ACCEPT"
    protocol = "UDP"
    ports    = "41641"
    ipv4     = ["0.0.0.0/0"]
    ipv6     = ["::/0"]
  }
+
+  inbound {
+    label    = "allow-inbound-stun"
+    action   = "ACCEPT"
+    protocol = "UDP"
+    ports    = "3478"
+    ipv4     = ["0.0.0.0/0"]
+    ipv6     = ["::/0"]
+  }
 }

 resource "linode_rdns" "casey_reverse_ipv4" {