2021-10-19 18:17:08 -04:00
|
|
|
---
|
2021-10-22 13:27:11 -04:00
|
|
|
# The url clients will connect to.
|
|
|
|
# Typically this will be a domain.
|
2021-10-19 18:17:08 -04:00
|
|
|
server_url: http://127.0.0.1:8080
|
2021-10-22 13:27:11 -04:00
|
|
|
|
|
|
|
# Address to listen to / bind to on the server
|
2021-10-19 18:17:08 -04:00
|
|
|
listen_addr: 0.0.0.0:8080
|
2021-10-22 13:27:11 -04:00
|
|
|
|
|
|
|
# Path to WireGuard private key file
|
2021-10-19 18:17:08 -04:00
|
|
|
private_key_path: private.key
|
2021-10-22 13:27:11 -04:00
|
|
|
|
2021-10-24 16:30:51 -04:00
|
|
|
derp:
|
|
|
|
# List of externally available DERP maps encoded in JSON
|
|
|
|
urls:
|
|
|
|
- https://controlplane.tailscale.com/derpmap/default
|
|
|
|
|
|
|
|
# Locally available DERP map files encoded in YAML
|
|
|
|
paths:
|
|
|
|
- derp-example.yaml
|
|
|
|
|
|
|
|
# If enabled, a worker will be set up to periodically
|
|
|
|
# refresh the given sources and update the derpmap
|
|
|
|
# will be set up.
|
|
|
|
auto_update_enabled: true
|
|
|
|
|
|
|
|
# How often should we check for updates?
|
|
|
|
update_frequency: 24h
|
2021-10-22 13:27:11 -04:00
|
|
|
|
2021-10-23 05:40:15 -04:00
|
|
|
# Disables the automatic check for updates on startup
|
|
|
|
disable_check_updates: false
|
2021-10-19 18:17:08 -04:00
|
|
|
ephemeral_node_inactivity_timeout: 30m
|
|
|
|
|
2021-10-22 13:27:11 -04:00
|
|
|
# SQLite config
|
2021-10-20 17:27:59 -04:00
|
|
|
db_type: sqlite3
|
|
|
|
db_path: db.sqlite
|
2021-10-19 18:17:08 -04:00
|
|
|
|
2021-10-22 13:14:29 -04:00
|
|
|
# # Postgres config
|
|
|
|
# db_type: postgres
|
|
|
|
# db_host: localhost
|
|
|
|
# db_port: 5432
|
|
|
|
# db_name: headscale
|
|
|
|
# db_user: foo
|
|
|
|
# db_pass: bar
|
|
|
|
|
2021-10-19 18:17:08 -04:00
|
|
|
acme_url: https://acme-v02.api.letsencrypt.org/directory
|
2021-10-22 13:14:29 -04:00
|
|
|
acme_email: ""
|
2021-10-22 13:27:11 -04:00
|
|
|
|
2021-10-22 13:14:29 -04:00
|
|
|
tls_letsencrypt_hostname: ""
|
2021-10-19 18:17:08 -04:00
|
|
|
tls_letsencrypt_listen: ":http"
|
|
|
|
tls_letsencrypt_cache_dir: ".cache"
|
|
|
|
tls_letsencrypt_challenge_type: HTTP-01
|
2021-10-22 13:27:11 -04:00
|
|
|
|
2021-10-22 13:14:29 -04:00
|
|
|
tls_cert_path: ""
|
|
|
|
tls_key_path: ""
|
2021-10-22 13:27:11 -04:00
|
|
|
|
|
|
|
# Path to a file containg ACL policies.
|
2021-10-22 13:14:29 -04:00
|
|
|
acl_policy_path: ""
|
2021-10-22 13:27:11 -04:00
|
|
|
|
2021-10-19 18:17:08 -04:00
|
|
|
dns_config:
|
2021-10-22 13:27:11 -04:00
|
|
|
# Upstream DNS servers
|
2021-10-19 18:17:08 -04:00
|
|
|
nameservers:
|
2021-10-22 13:14:29 -04:00
|
|
|
- 1.1.1.1
|
2021-10-19 18:17:08 -04:00
|
|
|
domains: []
|
2021-10-22 13:27:11 -04:00
|
|
|
|
2021-10-19 18:17:08 -04:00
|
|
|
magic_dns: true
|
|
|
|
base_domain: example.com
|
2021-10-30 10:08:16 -04:00
|
|
|
|
|
|
|
# Unix socket used for the CLI to connect without authentication
|
|
|
|
# Note: for local development, you probably want to change this to:
|
|
|
|
# unix_socket: ./headscale.sock
|
|
|
|
unix_socket: /var/run/headscale.sock
|
2021-10-31 05:40:43 -04:00
|
|
|
# headscale supports experimental OpenID connect support,
|
2021-10-30 11:35:58 -04:00
|
|
|
# it is still being tested and might have some bugs, please
|
|
|
|
# help us test it.
|
|
|
|
# OpenID Connect
|
2021-10-30 11:33:01 -04:00
|
|
|
# oidc:
|
|
|
|
# issuer: "https://your-oidc.issuer.com/path"
|
|
|
|
# client_id: "your-oidc-client-id"
|
|
|
|
# client_secret: "your-oidc-client-secret"
|
2021-10-30 11:35:58 -04:00
|
|
|
#
|
2021-10-31 05:40:43 -04:00
|
|
|
# # Domain map is used to map incomming users (by their email) to
|
2021-10-30 11:35:58 -04:00
|
|
|
# # a namespace. The key can be a string, or regex.
|
2021-10-30 11:33:01 -04:00
|
|
|
# domain_map:
|
|
|
|
# ".*": default-namespace
|