Use Tailscale's DERP servers
All checks were successful
/ terraform (push) Successful in 41s
/ ansible (push) Successful in 1m30s

Close another port, and hopefully get a little more reliability in weird network configurations
This commit is contained in:
Jake Howard 2024-09-22 16:21:21 +01:00
parent 4e07e1c8dc
commit 94b229abd0
Signed by: jake
GPG key ID: 57AFB45680EDD477
2 changed files with 4 additions and 12 deletions

View file

@ -77,7 +77,7 @@ derp:
server: server:
# If enabled, runs the embedded DERP server and merges it into the rest of the DERP config # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
# The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
enabled: true enabled: false
# Region ID to use for the embedded DERP server. # Region ID to use for the embedded DERP server.
# The local DERP prevails if the region ID collides with other region ID coming from # The local DERP prevails if the region ID collides with other region ID coming from
@ -95,7 +95,8 @@ derp:
stun_listen_addr: 0.0.0.0:3478 stun_listen_addr: 0.0.0.0:3478
# List of externally available DERP maps encoded in JSON # List of externally available DERP maps encoded in JSON
urls: [] urls:
- https://controlplane.tailscale.com/derpmap/default
# Locally available DERP map files encoded in YAML # Locally available DERP map files encoded in YAML
# #

View file

@ -76,22 +76,13 @@ resource "linode_firewall" "casey" {
} }
inbound { inbound {
label = "allow-inbound-headscale" label = "allow-inbound-tailscale"
action = "ACCEPT" action = "ACCEPT"
protocol = "UDP" protocol = "UDP"
ports = "41641" ports = "41641"
ipv4 = ["0.0.0.0/0"] ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"] ipv6 = ["::/0"]
} }
inbound {
label = "allow-inbound-stun"
action = "ACCEPT"
protocol = "UDP"
ports = "3478"
ipv4 = ["0.0.0.0/0"]
ipv6 = ["::/0"]
}
} }
resource "linode_rdns" "casey_reverse_ipv4" { resource "linode_rdns" "casey_reverse_ipv4" {