From df43e412f377f449fc78f19178461230e5e9cea7 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Mon, 23 Sep 2024 09:08:32 +0100 Subject: [PATCH] Update headscale config to support 0.23.0 --- ansible/roles/headscale/files/headscale.yml | 39 +++++++++++++++------ 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/ansible/roles/headscale/files/headscale.yml b/ansible/roles/headscale/files/headscale.yml index 34825b9..99c0333 100644 --- a/ansible/roles/headscale/files/headscale.yml +++ b/ansible/roles/headscale/files/headscale.yml @@ -63,9 +63,11 @@ noise: # IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71 # IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33 # Any other range is NOT supported, and it will cause unexpected issues. -ip_prefixes: - - fd7a:115c:a1e0::/48 - - 100.64.0.0/10 +prefixes: + v6: fd7a:115c:a1e0::/48 + v4: 100.64.0.0/10 + + allocation: sequential # DERP is a relay system that Tailscale uses when a direct # connection cannot be established. @@ -129,10 +131,25 @@ ephemeral_node_inactivity_timeout: 30m node_update_check_interval: 20s # SQLite config -db_type: sqlite3 +database: + type: sqlite -# For production: -db_path: /var/lib/headscale/db.sqlite + gorm: + # Enable prepared statements. + prepare_stmt: true + + # Enable parameterized queries. + parameterized_queries: true + + # Skip logging "record not found" errors. + skip_err_record_not_found: true + + # Threshold for slow queries in milliseconds. + slow_threshold: 3000 + + sqlite: + path: /var/lib/headscale/db.sqlite + write_ahead_log: true # # Postgres config # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. @@ -189,7 +206,9 @@ log: # Path to a file containg ACL policies. # ACLs can be defined as YAML or HUJSON. # https://tailscale.com/kb/1018/acls/ -acl_policy_path: /etc/headscale/acls.json +policy: + mode: file + path: /etc/headscale/acls.json ## DNS # @@ -200,13 +219,13 @@ acl_policy_path: /etc/headscale/acls.json # - https://tailscale.com/kb/1081/magicdns/ # - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/ # -dns_config: +dns: # Whether to prefer using Headscale provided DNS or use local. override_local_dns: false # List of DNS servers to expose to clients. nameservers: - - 1.1.1.1 + global: [] # NextDNS (see https://tailscale.com/kb/1218/nextdns/). # "abc123" is example NextDNS ID, replace with yours. @@ -252,7 +271,7 @@ dns_config: # `base_domain` must be a FQDNs, without the trailing dot. # The FQDN of the hosts will be # `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_). - base_domain: headscale.jakehoward.tech + base_domain: hs.sys.theorangeone.net # Unix socket used for the CLI to connect without authentication # Note: for production you will want to set this to something like: