diff options
author | Jesse Luehrs <doy@tozt.net> | 2024-02-21 00:27:17 -0500 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2024-02-21 00:27:17 -0500 |
commit | ec941f994fbc72ab9291e4fef39f167d17c0137e (patch) | |
tree | 4a2ccd33ae363961c446330212111c932d6d1f52 | |
parent | 5bfea3f6c1f7a99b36eb776d77c02d64059b9790 (diff) | |
download | puppet-tozt-ec941f994fbc72ab9291e4fef39f167d17c0137e.tar.gz puppet-tozt-ec941f994fbc72ab9291e4fef39f167d17c0137e.zip |
add an attempt at basic headscale configuration
-rw-r--r-- | modules/headscale/manifests/init.pp | 23 | ||||
-rw-r--r-- | modules/headscale/templates/config.yaml | 11 | ||||
-rw-r--r-- | modules/tozt/files/nginx/headscale-tls.conf | 29 | ||||
-rw-r--r-- | modules/tozt/files/nginx/headscale.conf | 10 | ||||
-rw-r--r-- | modules/tozt/manifests/headscale.pp | 16 |
5 files changed, 89 insertions, 0 deletions
diff --git a/modules/headscale/manifests/init.pp b/modules/headscale/manifests/init.pp new file mode 100644 index 0000000..183285e --- /dev/null +++ b/modules/headscale/manifests/init.pp @@ -0,0 +1,23 @@ +class headscale($data_dir) { + package { "headscale": + ensure => installed; + } + + file { + $data_dir: + ensure => directory; + "/etc/headscale/config.yaml": + content => template("headscale/config.yaml"), + require => Package['headscale']; + } + + service { "headscale": + ensure => running, + enable => true, + require => [ + File[$data_dir], + File['/etc/headscale/config.yaml'], + Package['headscale'], + ]; + } +} diff --git a/modules/headscale/templates/config.yaml b/modules/headscale/templates/config.yaml new file mode 100644 index 0000000..296fdd5 --- /dev/null +++ b/modules/headscale/templates/config.yaml @@ -0,0 +1,11 @@ +server_url: https://headscale.tozt.net +listen_addr: 0.0.0.0:8080 +metrics_listen_addr: 0.0.0.0:9090 +private_key_path: <%= @data_dir %>/private.key +noise: + private_key_path: <%= @data_dir %>/noise_private.key +ip_prefixes: + - 100.64.0.0/10 +disable_check_updates: true +db_type: sqlite3 +db_path: <%= @data_dir %>/db.sqlite diff --git a/modules/tozt/files/nginx/headscale-tls.conf b/modules/tozt/files/nginx/headscale-tls.conf new file mode 100644 index 0000000..392264d --- /dev/null +++ b/modules/tozt/files/nginx/headscale-tls.conf @@ -0,0 +1,29 @@ +map $http_upgrade $connection_upgrade { + default keep-alive; + 'websocket' upgrade; + '' close; +} + +server { + listen 443 ssl http2; + server_name headscale.tozt.net; + + access_log /var/log/nginx/headscale.access.log; + error_log /var/log/nginx/headscale.error.log; + + include ssl; + + location / { + proxy_pass http://127.0.0.1:8081; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $server_name; + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + } +} +# vim:ft=nginx diff --git a/modules/tozt/files/nginx/headscale.conf b/modules/tozt/files/nginx/headscale.conf new file mode 100644 index 0000000..830a95c --- /dev/null +++ b/modules/tozt/files/nginx/headscale.conf @@ -0,0 +1,10 @@ +server { + listen 80; + server_name headscale.tozt.net; + + access_log /var/log/nginx/headscale.access.log; + error_log /var/log/nginx/headscale.error.log; + + rewrite ^(.*) https://$host$1 permanent; +} +# vim:ft=nginx diff --git a/modules/tozt/manifests/headscale.pp b/modules/tozt/manifests/headscale.pp new file mode 100644 index 0000000..b337e3b --- /dev/null +++ b/modules/tozt/manifests/headscale.pp @@ -0,0 +1,16 @@ +class tozt::headscale { + include tozt::certbot + include tozt::persistent + + class { "headscale": + data_dir => "/media/persistent/headscale"; + } + + nginx::site { + "headscale-tls": + source => 'puppet:///modules/tozt/nginx/headscale-tls.conf', + require => Class['certbot']; + "headscale": + source => 'puppet:///modules/tozt/nginx/headscale.conf'; + } +} |