Initial commit after Claude implementation

2026-03-23 14:29:32 -03:00
commit 5920d3fd7a
62 changed files with 1847 additions and 0 deletions
@@ -0,0 +1,28 @@
+services:
+  headscale:
+    image: headscale/headscale:{{ headscale_version }}
+    container_name: headscale
+    restart: unless-stopped
+    command: serve
+    volumes:
+      - {{ headscale_data_dir }}/config:/etc/headscale
+      - {{ headscale_data_dir }}/data:/var/lib/headscale
+    ports:
+      - "{{ wireguard_port }}:{{ wireguard_port }}/udp"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.headscale.rule=Host(`{{ headscale_domain }}`)"
+      - "traefik.http.routers.headscale.tls=true"
+      - "traefik.http.routers.headscale.tls.certresolver=letsencrypt"
+      - "traefik.http.services.headscale.loadbalancer.server.port=8080"
+    networks:
+      - {{ sovereign_network_name }}
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "headscale"
+
+networks:
+  {{ sovereign_network_name }}:
+    external: true
@@ -0,0 +1,50 @@
+server_url: "https://{{ headscale_domain }}"
+listen_addr: 0.0.0.0:8080
+grpc_listen_addr: 0.0.0.0:50443
+grpc_allow_insecure: false
+
+private_key_path: /var/lib/headscale/private.key
+noise:
+  private_key_path: /var/lib/headscale/noise_private.key
+
+prefixes:
+  v6: fd7a:115c:a1e0::/48
+  v4: 100.64.0.0/10
+  allocation: sequential
+
+derp:
+  server:
+    enabled: false
+  urls:
+    - https://controlplane.tailscale.com/derpmap/default
+  auto_update_enabled: true
+  update_frequency: 24h
+
+disable_check_updates: true
+ephemeral_node_inactivity_timeout: 30m
+
+database:
+  type: sqlite
+  sqlite:
+    path: /var/lib/headscale/db.sqlite
+
+log:
+  format: text
+  level: info
+
+dns:
+  magic_dns: true
+  base_domain: "{{ base_domain }}"
+  nameservers:
+    global:
+      - 1.1.1.1
+      - 8.8.8.8
+
+oidc:
+  only_start_if_oidc_is_available: true
+  issuer: "https://{{ authentik_domain }}/application/o/headscale/"
+  client_id: "headscale"
+  client_secret: "changeme_headscale_oidc_secret"
+  scope: ["openid", "profile", "email"]
+  extra_params:
+    domain_hint: "{{ base_domain }}"