Use Tailscale's DERP servers

Close another port, and hopefully get a little more reliability in weird network configurations

ansible/roles/headscale/files/headscale.yml

@@ -77,7 +77,7 @@ derp:
   server:
     # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
     # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
-    enabled: true
+    enabled: false
 
     # Region ID to use for the embedded DERP server.
     # The local DERP prevails if the region ID collides with other region ID coming from
@@ -95,7 +95,8 @@ derp:
     stun_listen_addr: 0.0.0.0:3478
 
   # List of externally available DERP maps encoded in JSON
-  urls: []
+  urls:
+    - https://controlplane.tailscale.com/derpmap/default
 
   # Locally available DERP map files encoded in YAML
   #

terraform/casey_vps.tf

@@ -76,22 +76,13 @@ resource "linode_firewall" "casey" {
   }
 
   inbound {
-    label    = "allow-inbound-headscale"
+    label    = "allow-inbound-tailscale"
     action   = "ACCEPT"
     protocol = "UDP"
     ports    = "41641"
     ipv4     = ["0.0.0.0/0"]
     ipv6     = ["::/0"]
   }
-
-  inbound {
-    label    = "allow-inbound-stun"
-    action   = "ACCEPT"
-    protocol = "UDP"
-    ports    = "3478"
-    ipv4     = ["0.0.0.0/0"]
-    ipv6     = ["::/0"]
-  }
 }
 
 resource "linode_rdns" "casey_reverse_ipv4" {