headscale/config-example.yaml

85 lines
2.0 KiB
YAML
Raw Normal View History

2021-10-19 18:17:08 -04:00
---
2021-10-22 13:27:11 -04:00
# The url clients will connect to.
# Typically this will be a domain.
2021-10-19 18:17:08 -04:00
server_url: http://127.0.0.1:8080
2021-10-22 13:27:11 -04:00
# Address to listen to / bind to on the server
2021-10-19 18:17:08 -04:00
listen_addr: 0.0.0.0:8080
2021-10-22 13:27:11 -04:00
# Path to WireGuard private key file
2021-10-19 18:17:08 -04:00
private_key_path: private.key
2021-10-22 13:27:11 -04:00
2021-10-24 16:30:51 -04:00
derp:
# List of externally available DERP maps encoded in JSON
urls:
- https://controlplane.tailscale.com/derpmap/default
# Locally available DERP map files encoded in YAML
paths:
- derp-example.yaml
# If enabled, a worker will be set up to periodically
# refresh the given sources and update the derpmap
# will be set up.
auto_update_enabled: true
# How often should we check for updates?
update_frequency: 24h
2021-10-22 13:27:11 -04:00
# Disables the automatic check for updates on startup
disable_check_updates: false
2021-10-19 18:17:08 -04:00
ephemeral_node_inactivity_timeout: 30m
2021-10-22 13:27:11 -04:00
# SQLite config
db_type: sqlite3
db_path: db.sqlite
2021-10-19 18:17:08 -04:00
# # Postgres config
# db_type: postgres
# db_host: localhost
# db_port: 5432
# db_name: headscale
# db_user: foo
# db_pass: bar
2021-10-19 18:17:08 -04:00
acme_url: https://acme-v02.api.letsencrypt.org/directory
acme_email: ""
2021-10-22 13:27:11 -04:00
tls_letsencrypt_hostname: ""
2021-10-19 18:17:08 -04:00
tls_letsencrypt_listen: ":http"
tls_letsencrypt_cache_dir: ".cache"
tls_letsencrypt_challenge_type: HTTP-01
2021-10-22 13:27:11 -04:00
tls_cert_path: ""
tls_key_path: ""
2021-10-22 13:27:11 -04:00
# Path to a file containg ACL policies.
acl_policy_path: ""
2021-10-22 13:27:11 -04:00
2021-10-19 18:17:08 -04:00
dns_config:
2021-10-22 13:27:11 -04:00
# Upstream DNS servers
2021-10-19 18:17:08 -04:00
nameservers:
- 1.1.1.1
2021-10-19 18:17:08 -04:00
domains: []
2021-10-22 13:27:11 -04:00
2021-10-19 18:17:08 -04:00
magic_dns: true
base_domain: example.com
# Unix socket used for the CLI to connect without authentication
# Note: for local development, you probably want to change this to:
# unix_socket: ./headscale.sock
unix_socket: /var/run/headscale.sock
2021-10-31 05:40:43 -04:00
# headscale supports experimental OpenID connect support,
# it is still being tested and might have some bugs, please
# help us test it.
# OpenID Connect
2021-10-30 11:33:01 -04:00
# oidc:
# issuer: "https://your-oidc.issuer.com/path"
# client_id: "your-oidc-client-id"
# client_secret: "your-oidc-client-secret"
#
2021-10-31 05:40:43 -04:00
# # Domain map is used to map incomming users (by their email) to
# # a namespace. The key can be a string, or regex.
2021-10-30 11:33:01 -04:00
# domain_map:
# ".*": default-namespace