[gentoo-commits] repo/gentoo:master commit in: net-vpn/headscale/files/, net-vpn/headscale/ - gentoo-commits

From:	Yixun Lan <dlan@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: net-vpn/headscale/files/, net-vpn/headscale/
Date:	Sun, 01 May 2022 23:04:41
Message-Id:	`1651446259.b80f01fb2f6b22b9f06e57b9ae0531ba65f0d38f.dlan@gentoo`

1

commit:     b80f01fb2f6b22b9f06e57b9ae0531ba65f0d38f

2

Author:     William Hubbs <williamh <AT> gentoo <DOT> org>

3

AuthorDate: Thu Apr 28 16:21:38 2022 +0000

4

Commit:     Yixun Lan <dlan <AT> gentoo <DOT> org>

5

CommitDate: Sun May  1 23:04:19 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b80f01fb

7

8

net-vpn/headscale: 0.15.0-r1 bump

9

10

- install documentation

11

- patch example config so we know if upstream changes the config file

12

- install example config in the documentation directory

13

- name the service the same as the binary

14

15

Closes: https://bugs.gentoo.org/842018

16

Author-by: William Hubbs <williamh <AT> gentoo.org>

17

Signed-off-by: Yixun Lan <dlan <AT> gentoo.org>

18

19

 net-vpn/headscale/files/config-socket.patch        |  13 ++

20

 net-vpn/headscale/files/config.yaml.example        | 221 ---------------------

21

 .../files/{headscale.conf => headscale.confd}      |   0

22

 .../files/{headscaled.initd => headscale.initd}    |   2 +-

23

 .../{headscaled.service => headscale.service}      |   0

24

 net-vpn/headscale/headscale-0.15.0-r1.ebuild       |  49 +++++

25

 net-vpn/headscale/headscale-0.15.0.ebuild          |  49 -----

26

 7 files changed, 63 insertions(+), 271 deletions(-)

27

28

diff --git a/net-vpn/headscale/files/config-socket.patch b/net-vpn/headscale/files/config-socket.patch

29

new file mode 100644

30

index 000000000000..4d6c90e3f0f5

31

--- /dev/null

32

+++ b/net-vpn/headscale/files/config-socket.patch

33

@@ -0,0 +1,13 @@

34

+diff --git a/config-example.yaml b/config-example.yaml

35

+index dee25cb..007d8ec 100644

36

+--- a/config-example.yaml

37

++++ b/config-example.yaml

38

+@@ -202,7 +202,7 @@ dns_config:

39

+ # Unix socket used for the CLI to connect without authentication

40

+ # Note: for local development, you probably want to change this to:

41

+ # unix_socket: ./headscale.sock

42

+-unix_socket: /var/run/headscale.sock

43

++unix_socket: /run/headscale.sock

44

+ unix_socket_permission: "0770"

45

+ #

46

+ # headscale supports experimental OpenID connect support,

47

48

diff --git a/net-vpn/headscale/files/config.yaml.example b/net-vpn/headscale/files/config.yaml.example

49

deleted file mode 100644

50

index 603b941dac9d..000000000000

51

--- a/net-vpn/headscale/files/config.yaml.example

52

+++ /dev/null

53

@@ -1,221 +0,0 @@

54

----

55

-# headscale will look for a configuration file named `config.yaml` (or `config.json`) in the following order:

56

-#

57

-# - `/etc/headscale`

58

-# - `~/.headscale`

59

-# - current working directory

60

-

61

-# The url clients will connect to.

62

-# Typically this will be a domain like:

63

-#

64

-# https://myheadscale.example.com:443

65

-#

66

-server_url: http://127.0.0.1:8080

67

-

68

-# Address to listen to / bind to on the server

69

-#

70

-listen_addr: 0.0.0.0:8080

71

-

72

-# Address to listen to /metrics, you may want

73

-# to keep this endpoint private to your internal

74

-# network

75

-#

76

-metrics_listen_addr: 127.0.0.1:9090

77

-

78

-# Address to listen for gRPC.

79

-# gRPC is used for controlling a headscale server

80

-# remotely with the CLI

81

-# Note: Remote access _only_ works if you have

82

-# valid certificates.

83

-grpc_listen_addr: 0.0.0.0:50443

84

-

85

-# Allow the gRPC admin interface to run in INSECURE

86

-# mode. This is not recommended as the traffic will

87

-# be unencrypted. Only enable if you know what you

88

-# are doing.

89

-grpc_allow_insecure: false

90

-

91

-# Private key used encrypt the traffic between headscale

92

-# and Tailscale clients.

93

-# The private key file which will be

94

-# autogenerated if it's missing

95

-private_key_path: /var/lib/headscale/private.key

96

-

97

-# List of IP prefixes to allocate tailaddresses from.

98

-# Each prefix consists of either an IPv4 or IPv6 address,

99

-# and the associated prefix length, delimited by a slash.

100

-ip_prefixes:

101

-  - fd7a:115c:a1e0::/48

102

-  - 100.64.0.0/10

103

-

104

-# DERP is a relay system that Tailscale uses when a direct

105

-# connection cannot be established.

106

-# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp

107

-#

108

-# headscale needs a list of DERP servers that can be presented

109

-# to the clients.

110

-derp:

111

-  server:

112

-    # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config

113

-    # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place

114

-    enabled: false

115

-

116

-    # Region ID to use for the embedded DERP server.

117

-    # The local DERP prevails if the region ID collides with other region ID coming from

118

-    # the regular DERP config.

119

-    region_id: 999

120

-

121

-    # Region code and name are displayed in the Tailscale UI to identify a DERP region

122

-    region_code: "headscale"

123

-    region_name: "Headscale Embedded DERP"

124

-

125

-    # Listens in UDP at the configured address for STUN connections to help on NAT traversal.

126

-    # When the embedded DERP server is enabled stun_listen_addr MUST be defined.

127

-    #

128

-    # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/

129

-    stun_listen_addr: "0.0.0.0:3478"

130

-

131

-  # List of externally available DERP maps encoded in JSON

132

-  urls:

133

-    - https://controlplane.tailscale.com/derpmap/default

134

-

135

-  # Locally available DERP map files encoded in YAML

136

-  #

137

-  # This option is mostly interesting for people hosting

138

-  # their own DERP servers:

139

-  # https://tailscale.com/kb/1118/custom-derp-servers/

140

-  #

141

-  # paths:

142

-  #   - /etc/headscale/derp-example.yaml

143

-  paths: []

144

-

145

-  # If enabled, a worker will be set up to periodically

146

-  # refresh the given sources and update the derpmap

147

-  # will be set up.

148

-  auto_update_enabled: true

149

-

150

-  # How often should we check for DERP updates?

151

-  update_frequency: 24h

152

-

153

-# Disables the automatic check for headscale updates on startup

154

-disable_check_updates: false

155

-

156

-# Time before an inactive ephemeral node is deleted?

157

-ephemeral_node_inactivity_timeout: 30m

158

-

159

-# SQLite config

160

-db_type: sqlite3

161

-db_path: /var/lib/headscale/db.sqlite

162

-

163

-# # Postgres config

164

-# db_type: postgres

165

-# db_host: localhost

166

-# db_port: 5432

167

-# db_name: headscale

168

-# db_user: foo

169

-# db_pass: bar

170

-

171

-### TLS configuration

172

-#

173

-## Let's encrypt / ACME

174

-#

175

-# headscale supports automatically requesting and setting up

176

-# TLS for a domain with Let's Encrypt.

177

-#

178

-# URL to ACME directory

179

-acme_url: https://acme-v02.api.letsencrypt.org/directory

180

-

181

-# Email to register with ACME provider

182

-acme_email: ""

183

-

184

-# Domain name to request a TLS certificate for:

185

-tls_letsencrypt_hostname: ""

186

-

187

-# Client (Tailscale/Browser) authentication mode (mTLS)

188

-# Acceptable values:

189

-# - disabled: client authentication disabled

190

-# - relaxed: client certificate is required but not verified

191

-# - enforced: client certificate is required and verified

192

-tls_client_auth_mode: relaxed

193

-

194

-# Path to store certificates and metadata needed by

195

-# letsencrypt

196

-tls_letsencrypt_cache_dir: /var/lib/headscale/cache

197

-

198

-# Type of ACME challenge to use, currently supported types:

199

-# HTTP-01 or TLS-ALPN-01

200

-# See [docs/tls.md](docs/tls.md) for more information

201

-tls_letsencrypt_challenge_type: HTTP-01

202

-# When HTTP-01 challenge is chosen, letsencrypt must set up a

203

-# verification endpoint, and it will be listning on:

204

-# :http = port 80

205

-tls_letsencrypt_listen: ":http"

206

-

207

-## Use already defined certificates:

208

-tls_cert_path: ""

209

-tls_key_path: ""

210

-

211

-log_level: info

212

-

213

-# Path to a file containg ACL policies.

214

-# ACLs can be defined as YAML or HUJSON.

215

-# https://tailscale.com/kb/1018/acls/

216

-acl_policy_path: ""

217

-

218

-## DNS

219

-#

220

-# headscale supports Tailscale's DNS configuration and MagicDNS.

221

-# Please have a look to their KB to better understand the concepts:

222

-#

223

-# - https://tailscale.com/kb/1054/dns/

224

-# - https://tailscale.com/kb/1081/magicdns/

225

-# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/

226

-#

227

-dns_config:

228

-  # List of DNS servers to expose to clients.

229

-  nameservers:

230

-    - 1.1.1.1

231

-

232

-  # Split DNS (see https://tailscale.com/kb/1054/dns/),

233

-  # list of search domains and the DNS to query for each one.

234

-  #

235

-  # restricted_nameservers:

236

-  #   foo.bar.com:

237

-  #     - 1.1.1.1

238

-  #   darp.headscale.net:

239

-  #     - 1.1.1.1

240

-  #     - 8.8.8.8

241

-

242

-  # Search domains to inject.

243

-  domains: []

244

-

245

-  # Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).

246

-  # Only works if there is at least a nameserver defined.

247

-  magic_dns: true

248

-

249

-  # Defines the base domain to create the hostnames for MagicDNS.

250

-  # `base_domain` must be a FQDNs, without the trailing dot.

251

-  # The FQDN of the hosts will be

252

-  # `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).

253

-  base_domain: example.com

254

-

255

-# Unix socket used for the CLI to connect without authentication

256

-# Note: for local development, you probably want to change this to:

257

-unix_socket: /run/headscale/headscale.sock

258

-unix_socket_permission: "0770"

259

-#

260

-# headscale supports experimental OpenID connect support,

261

-# it is still being tested and might have some bugs, please

262

-# help us test it.

263

-# OpenID Connect

264

-# oidc:

265

-#   issuer: "https://your-oidc.issuer.com/path"

266

-#   client_id: "your-oidc-client-id"

267

-#   client_secret: "your-oidc-client-secret"

268

-#

269

-#   If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.

270

-#   This will transform `first-name.last-name@×××××××.com` to the namespace `first-name.last-name`

271

-#   If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following

272

-#   namespace: `first-name.last-name.example.com`

273

-#

274

-#   strip_email_domain: true

275

276

diff --git a/net-vpn/headscale/files/headscale.conf b/net-vpn/headscale/files/headscale.confd

277

similarity index 100%

278

rename from net-vpn/headscale/files/headscale.conf

279

rename to net-vpn/headscale/files/headscale.confd

280

281

diff --git a/net-vpn/headscale/files/headscaled.initd b/net-vpn/headscale/files/headscale.initd

282

similarity index 91%

283

rename from net-vpn/headscale/files/headscaled.initd

284

rename to net-vpn/headscale/files/headscale.initd

285

index 5a12887f444b..5a98c0e6cb34 100644

286

--- a/net-vpn/headscale/files/headscaled.initd

287

+++ b/net-vpn/headscale/files/headscale.initd

288

@@ -18,7 +18,7 @@ depend() {

289

 start_pre() {

290

 	if [ ! -s /etc/headscale/config.yaml ] ; then

291

 		eerror "Missing headscale configuration file"

292

-		eerror "Please use /etc/headscale/config.yaml.example as example"

293

+		eerror "Please check the documentation directory for an example"

294

 		return 1

295

fi

296

297

298

diff --git a/net-vpn/headscale/files/headscaled.service b/net-vpn/headscale/files/headscale.service

299

similarity index 100%

300

rename from net-vpn/headscale/files/headscaled.service

301

rename to net-vpn/headscale/files/headscale.service

302

303

diff --git a/net-vpn/headscale/headscale-0.15.0-r1.ebuild b/net-vpn/headscale/headscale-0.15.0-r1.ebuild

304

new file mode 100644

305

index 000000000000..856fe17a4444

306

--- /dev/null

307

+++ b/net-vpn/headscale/headscale-0.15.0-r1.ebuild

308

@@ -0,0 +1,49 @@

309

+# Copyright 2022 Gentoo Authors

310

+# Distributed under the terms of the GNU General Public License v2

311

+

312

+EAPI=8

313

+

314

+inherit go-module systemd

315

+

316

+DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server"

317

+HOMEPAGE="https://github.com/juanfont/headscale"

318

+SRC_URI="https://github.com/juanfont/headscale/archive/v${PV}.tar.gz -> ${P}.tar.gz

319

+	https://dev.gentoo.org/~jsmolic/distfiles/net-vpn/headscale/${P}-deps.tar.xz

320

+"

321

+

322

+LICENSE="BSD Apache-2.0 MIT"

323

+SLOT="0"

324

+KEYWORDS="~amd64"

325

+

326

+DEPEND="

327

+	acct-group/headscale

328

+	acct-user/headscale

329

+"

330

+RDEPEND="

331

+	${DEPEND}

332

+	net-firewall/iptables

333

+"

334

+

335

+PATCHES=(

336

+	"${FILESDIR}"/config-socket.patch

337

+)

338

+

339

+src_compile() {

340

+	emake version=v${PV}

341

+}

342

+

343

+src_install() {

344

+	dobin headscale

345

+	dodoc -r docs/* config-example.yaml

346

+	keepdir /etc/headscale /var/lib/headscale

347

+	systemd_dounit "${FILESDIR}"/headscale.service

348

+	newconfd "${FILESDIR}"/headscale.confd headscale

349

+	newinitd "${FILESDIR}"/headscale.initd headscale

350

+	fowners -R ${PN}:${PN} /etc/headscale /var/lib/headscale

351

+}

352

+

353

+pkg_postinst() {

354

+	[[ -f "${EROOT}"/etc/headscale/config.yaml ]] && return

355

+	elog "Please create ${EROOT}/etc/headscale/config.yaml before starting the service"

356

+	elog "An example is in ${EROOT}/usr/share/doc/${PV}/config-example.yaml"

357

+}

358

359

diff --git a/net-vpn/headscale/headscale-0.15.0.ebuild b/net-vpn/headscale/headscale-0.15.0.ebuild

360

deleted file mode 100644

361

index 93a52a9f0cde..000000000000

362

--- a/net-vpn/headscale/headscale-0.15.0.ebuild

363

+++ /dev/null

364

@@ -1,49 +0,0 @@

365

-# Copyright 2022 Gentoo Authors

366

-# Distributed under the terms of the GNU General Public License v2

367

-

368

-EAPI=8

369

-

370

-inherit go-module systemd

371

-

372

-DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server"

373

-HOMEPAGE="https://github.com/juanfont/headscale"

374

-SRC_URI="

375

-	https://github.com/juanfont/headscale/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz

376

-	https://dev.gentoo.org/~jsmolic/distfiles/net-vpn/headscale/${P}-deps.tar.xz

377

-"

378

-

379

-LICENSE="BSD Apache-2.0 MIT"

380

-SLOT="0"

381

-KEYWORDS="~amd64"

382

-

383

-DEPEND="

384

-	acct-group/headscale

385

-	acct-user/headscale

386

-"

387

-RDEPEND="

388

-	${DEPEND}

389

-	net-firewall/iptables

390

-"

391

-

392

-src_install() {

393

-	keepdir /var/lib/headscale

394

-	keepdir /etc/headscale

395

-

396

-	dobin headscale

397

-

398

-	insinto /etc/headscale

399

-	doins "${FILESDIR}"/config.yaml.example

400

-

401

-	fowners -R ${PN}:${PN} /etc/headscale

402

-	fowners -R ${PN}:${PN} /var/lib/headscale

403

-

404

-	systemd_dounit "${FILESDIR}"/headscaled.service

405

-	newinitd "${FILESDIR}"/headscaled.initd headscaled

406

-	newconfd "${FILESDIR}"/headscale.conf headscaled

407

-}

408

-

409

-pkg_postinst() {

410

-	elog "You will need to set up your /etc/headscale/config.yaml file before starting the service"

411

-	elog "Please use /etc/headscale/config.yaml.example as example"

412

-	elog "More in the official documentation https://github.com/juanfont/headscale/tree/main/docs"

413

-}

1	commit: b80f01fb2f6b22b9f06e57b9ae0531ba65f0d38f
2	Author: William Hubbs <williamh <AT> gentoo <DOT> org>
3	AuthorDate: Thu Apr 28 16:21:38 2022 +0000
4	Commit: Yixun Lan <dlan <AT> gentoo <DOT> org>
5	CommitDate: Sun May 1 23:04:19 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b80f01fb
7
8	net-vpn/headscale: 0.15.0-r1 bump
9
10	- install documentation
11	- patch example config so we know if upstream changes the config file
12	- install example config in the documentation directory
13	- name the service the same as the binary
14
15	Closes: https://bugs.gentoo.org/842018
16	Author-by: William Hubbs <williamh <AT> gentoo.org>
17	Signed-off-by: Yixun Lan <dlan <AT> gentoo.org>
18
19	net-vpn/headscale/files/config-socket.patch \| 13 ++
20	net-vpn/headscale/files/config.yaml.example \| 221 ---------------------
21	.../files/{headscale.conf => headscale.confd} \| 0
22	.../files/{headscaled.initd => headscale.initd} \| 2 +-
23	.../{headscaled.service => headscale.service} \| 0
24	net-vpn/headscale/headscale-0.15.0-r1.ebuild \| 49 +++++
25	net-vpn/headscale/headscale-0.15.0.ebuild \| 49 -----
26	7 files changed, 63 insertions(+), 271 deletions(-)
27
28	diff --git a/net-vpn/headscale/files/config-socket.patch b/net-vpn/headscale/files/config-socket.patch
29	new file mode 100644
30	index 000000000000..4d6c90e3f0f5
31	--- /dev/null
32	+++ b/net-vpn/headscale/files/config-socket.patch
33	@@ -0,0 +1,13 @@
34	+diff --git a/config-example.yaml b/config-example.yaml
35	+index dee25cb..007d8ec 100644
36	+--- a/config-example.yaml
37	++++ b/config-example.yaml
38	+@@ -202,7 +202,7 @@ dns_config:
39	+ # Unix socket used for the CLI to connect without authentication
40	+ # Note: for local development, you probably want to change this to:
41	+ # unix_socket: ./headscale.sock
42	+-unix_socket: /var/run/headscale.sock
43	++unix_socket: /run/headscale.sock
44	+ unix_socket_permission: "0770"
45	+ #
46	+ # headscale supports experimental OpenID connect support,
47
48	diff --git a/net-vpn/headscale/files/config.yaml.example b/net-vpn/headscale/files/config.yaml.example
49	deleted file mode 100644
50	index 603b941dac9d..000000000000
51	--- a/net-vpn/headscale/files/config.yaml.example
52	+++ /dev/null
53	@@ -1,221 +0,0 @@
54	----
55	-# headscale will look for a configuration file named `config.yaml` (or `config.json`) in the following order:
56	-#
57	-# - `/etc/headscale`
58	-# - `~/.headscale`
59	-# - current working directory
60	-
61	-# The url clients will connect to.
62	-# Typically this will be a domain like:
63	-#
64	-# https://myheadscale.example.com:443
65	-#
66	-server_url: http://127.0.0.1:8080
67	-
68	-# Address to listen to / bind to on the server
69	-#
70	-listen_addr: 0.0.0.0:8080
71	-
72	-# Address to listen to /metrics, you may want
73	-# to keep this endpoint private to your internal
74	-# network
75	-#
76	-metrics_listen_addr: 127.0.0.1:9090
77	-
78	-# Address to listen for gRPC.
79	-# gRPC is used for controlling a headscale server
80	-# remotely with the CLI
81	-# Note: Remote access _only_ works if you have
82	-# valid certificates.
83	-grpc_listen_addr: 0.0.0.0:50443
84	-
85	-# Allow the gRPC admin interface to run in INSECURE
86	-# mode. This is not recommended as the traffic will
87	-# be unencrypted. Only enable if you know what you
88	-# are doing.
89	-grpc_allow_insecure: false
90	-
91	-# Private key used encrypt the traffic between headscale
92	-# and Tailscale clients.
93	-# The private key file which will be
94	-# autogenerated if it's missing
95	-private_key_path: /var/lib/headscale/private.key
96	-
97	-# List of IP prefixes to allocate tailaddresses from.
98	-# Each prefix consists of either an IPv4 or IPv6 address,
99	-# and the associated prefix length, delimited by a slash.
100	-ip_prefixes:
101	- - fd7a:115c:a1e0::/48
102	- - 100.64.0.0/10
103	-
104	-# DERP is a relay system that Tailscale uses when a direct
105	-# connection cannot be established.
106	-# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp
107	-#
108	-# headscale needs a list of DERP servers that can be presented
109	-# to the clients.
110	-derp:
111	- server:
112	- # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
113	- # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
114	- enabled: false
115	-
116	- # Region ID to use for the embedded DERP server.
117	- # The local DERP prevails if the region ID collides with other region ID coming from
118	- # the regular DERP config.
119	- region_id: 999
120	-
121	- # Region code and name are displayed in the Tailscale UI to identify a DERP region
122	- region_code: "headscale"
123	- region_name: "Headscale Embedded DERP"
124	-
125	- # Listens in UDP at the configured address for STUN connections to help on NAT traversal.
126	- # When the embedded DERP server is enabled stun_listen_addr MUST be defined.
127	- #
128	- # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
129	- stun_listen_addr: "0.0.0.0:3478"
130	-
131	- # List of externally available DERP maps encoded in JSON
132	- urls:
133	- - https://controlplane.tailscale.com/derpmap/default
134	-
135	- # Locally available DERP map files encoded in YAML
136	- #
137	- # This option is mostly interesting for people hosting
138	- # their own DERP servers:
139	- # https://tailscale.com/kb/1118/custom-derp-servers/
140	- #
141	- # paths:
142	- # - /etc/headscale/derp-example.yaml
143	- paths: []
144	-
145	- # If enabled, a worker will be set up to periodically
146	- # refresh the given sources and update the derpmap
147	- # will be set up.
148	- auto_update_enabled: true
149	-
150	- # How often should we check for DERP updates?
151	- update_frequency: 24h
152	-
153	-# Disables the automatic check for headscale updates on startup
154	-disable_check_updates: false
155	-
156	-# Time before an inactive ephemeral node is deleted?
157	-ephemeral_node_inactivity_timeout: 30m
158	-
159	-# SQLite config
160	-db_type: sqlite3
161	-db_path: /var/lib/headscale/db.sqlite
162	-
163	-# # Postgres config
164	-# db_type: postgres
165	-# db_host: localhost
166	-# db_port: 5432
167	-# db_name: headscale
168	-# db_user: foo
169	-# db_pass: bar
170	-
171	-### TLS configuration
172	-#
173	-## Let's encrypt / ACME
174	-#
175	-# headscale supports automatically requesting and setting up
176	-# TLS for a domain with Let's Encrypt.
177	-#
178	-# URL to ACME directory
179	-acme_url: https://acme-v02.api.letsencrypt.org/directory
180	-
181	-# Email to register with ACME provider
182	-acme_email: ""
183	-
184	-# Domain name to request a TLS certificate for:
185	-tls_letsencrypt_hostname: ""
186	-
187	-# Client (Tailscale/Browser) authentication mode (mTLS)
188	-# Acceptable values:
189	-# - disabled: client authentication disabled
190	-# - relaxed: client certificate is required but not verified
191	-# - enforced: client certificate is required and verified
192	-tls_client_auth_mode: relaxed
193	-
194	-# Path to store certificates and metadata needed by
195	-# letsencrypt
196	-tls_letsencrypt_cache_dir: /var/lib/headscale/cache
197	-
198	-# Type of ACME challenge to use, currently supported types:
199	-# HTTP-01 or TLS-ALPN-01
200	-# See [docs/tls.md](docs/tls.md) for more information
201	-tls_letsencrypt_challenge_type: HTTP-01
202	-# When HTTP-01 challenge is chosen, letsencrypt must set up a
203	-# verification endpoint, and it will be listning on:
204	-# :http = port 80
205	-tls_letsencrypt_listen: ":http"
206	-
207	-## Use already defined certificates:
208	-tls_cert_path: ""
209	-tls_key_path: ""
210	-
211	-log_level: info
212	-
213	-# Path to a file containg ACL policies.
214	-# ACLs can be defined as YAML or HUJSON.
215	-# https://tailscale.com/kb/1018/acls/
216	-acl_policy_path: ""
217	-
218	-## DNS
219	-#
220	-# headscale supports Tailscale's DNS configuration and MagicDNS.
221	-# Please have a look to their KB to better understand the concepts:
222	-#
223	-# - https://tailscale.com/kb/1054/dns/
224	-# - https://tailscale.com/kb/1081/magicdns/
225	-# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
226	-#
227	-dns_config:
228	- # List of DNS servers to expose to clients.
229	- nameservers:
230	- - 1.1.1.1
231	-
232	- # Split DNS (see https://tailscale.com/kb/1054/dns/),
233	- # list of search domains and the DNS to query for each one.
234	- #
235	- # restricted_nameservers:
236	- # foo.bar.com:
237	- # - 1.1.1.1
238	- # darp.headscale.net:
239	- # - 1.1.1.1
240	- # - 8.8.8.8
241	-
242	- # Search domains to inject.
243	- domains: []
244	-
245	- # Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
246	- # Only works if there is at least a nameserver defined.
247	- magic_dns: true
248	-
249	- # Defines the base domain to create the hostnames for MagicDNS.
250	- # `base_domain` must be a FQDNs, without the trailing dot.
251	- # The FQDN of the hosts will be
252	- # `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
253	- base_domain: example.com
254	-
255	-# Unix socket used for the CLI to connect without authentication
256	-# Note: for local development, you probably want to change this to:
257	-unix_socket: /run/headscale/headscale.sock
258	-unix_socket_permission: "0770"
259	-#
260	-# headscale supports experimental OpenID connect support,
261	-# it is still being tested and might have some bugs, please
262	-# help us test it.
263	-# OpenID Connect
264	-# oidc:
265	-# issuer: "https://your-oidc.issuer.com/path"
266	-# client_id: "your-oidc-client-id"
267	-# client_secret: "your-oidc-client-secret"
268	-#
269	-# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
270	-# This will transform `first-name.last-name@×××××××.com` to the namespace `first-name.last-name`
271	-# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
272	-# namespace: `first-name.last-name.example.com`
273	-#
274	-# strip_email_domain: true
275
276	diff --git a/net-vpn/headscale/files/headscale.conf b/net-vpn/headscale/files/headscale.confd
277	similarity index 100%
278	rename from net-vpn/headscale/files/headscale.conf
279	rename to net-vpn/headscale/files/headscale.confd
280
281	diff --git a/net-vpn/headscale/files/headscaled.initd b/net-vpn/headscale/files/headscale.initd
282	similarity index 91%
283	rename from net-vpn/headscale/files/headscaled.initd
284	rename to net-vpn/headscale/files/headscale.initd
285	index 5a12887f444b..5a98c0e6cb34 100644
286	--- a/net-vpn/headscale/files/headscaled.initd
287	+++ b/net-vpn/headscale/files/headscale.initd
288	@@ -18,7 +18,7 @@ depend() {
289	start_pre() {
290	if [ ! -s /etc/headscale/config.yaml ] ; then
291	eerror "Missing headscale configuration file"
292	- eerror "Please use /etc/headscale/config.yaml.example as example"
293	+ eerror "Please check the documentation directory for an example"
294	return 1
295	fi
296
297
298	diff --git a/net-vpn/headscale/files/headscaled.service b/net-vpn/headscale/files/headscale.service
299	similarity index 100%
300	rename from net-vpn/headscale/files/headscaled.service
301	rename to net-vpn/headscale/files/headscale.service
302
303	diff --git a/net-vpn/headscale/headscale-0.15.0-r1.ebuild b/net-vpn/headscale/headscale-0.15.0-r1.ebuild
304	new file mode 100644
305	index 000000000000..856fe17a4444
306	--- /dev/null
307	+++ b/net-vpn/headscale/headscale-0.15.0-r1.ebuild
308	@@ -0,0 +1,49 @@
309	+# Copyright 2022 Gentoo Authors
310	+# Distributed under the terms of the GNU General Public License v2
311	+
312	+EAPI=8
313	+
314	+inherit go-module systemd
315	+
316	+DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server"
317	+HOMEPAGE="https://github.com/juanfont/headscale"
318	+SRC_URI="https://github.com/juanfont/headscale/archive/v${PV}.tar.gz -> ${P}.tar.gz
319	+ https://dev.gentoo.org/~jsmolic/distfiles/net-vpn/headscale/${P}-deps.tar.xz
320	+"
321	+
322	+LICENSE="BSD Apache-2.0 MIT"
323	+SLOT="0"
324	+KEYWORDS="~amd64"
325	+
326	+DEPEND="
327	+ acct-group/headscale
328	+ acct-user/headscale
329	+"
330	+RDEPEND="
331	+ ${DEPEND}
332	+ net-firewall/iptables
333	+"
334	+
335	+PATCHES=(
336	+ "${FILESDIR}"/config-socket.patch
337	+)
338	+
339	+src_compile() {
340	+ emake version=v${PV}
341	+}
342	+
343	+src_install() {
344	+ dobin headscale
345	+ dodoc -r docs/* config-example.yaml
346	+ keepdir /etc/headscale /var/lib/headscale
347	+ systemd_dounit "${FILESDIR}"/headscale.service
348	+ newconfd "${FILESDIR}"/headscale.confd headscale
349	+ newinitd "${FILESDIR}"/headscale.initd headscale
350	+ fowners -R ${PN}:${PN} /etc/headscale /var/lib/headscale
351	+}
352	+
353	+pkg_postinst() {
354	+ [[ -f "${EROOT}"/etc/headscale/config.yaml ]] && return
355	+ elog "Please create ${EROOT}/etc/headscale/config.yaml before starting the service"
356	+ elog "An example is in ${EROOT}/usr/share/doc/${PV}/config-example.yaml"
357	+}
358
359	diff --git a/net-vpn/headscale/headscale-0.15.0.ebuild b/net-vpn/headscale/headscale-0.15.0.ebuild
360	deleted file mode 100644
361	index 93a52a9f0cde..000000000000
362	--- a/net-vpn/headscale/headscale-0.15.0.ebuild
363	+++ /dev/null
364	@@ -1,49 +0,0 @@
365	-# Copyright 2022 Gentoo Authors
366	-# Distributed under the terms of the GNU General Public License v2
367	-
368	-EAPI=8
369	-
370	-inherit go-module systemd
371	-
372	-DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server"
373	-HOMEPAGE="https://github.com/juanfont/headscale"
374	-SRC_URI="
375	- https://github.com/juanfont/headscale/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz
376	- https://dev.gentoo.org/~jsmolic/distfiles/net-vpn/headscale/${P}-deps.tar.xz
377	-"
378	-
379	-LICENSE="BSD Apache-2.0 MIT"
380	-SLOT="0"
381	-KEYWORDS="~amd64"
382	-
383	-DEPEND="
384	- acct-group/headscale
385	- acct-user/headscale
386	-"
387	-RDEPEND="
388	- ${DEPEND}
389	- net-firewall/iptables
390	-"
391	-
392	-src_install() {
393	- keepdir /var/lib/headscale
394	- keepdir /etc/headscale
395	-
396	- dobin headscale
397	-
398	- insinto /etc/headscale
399	- doins "${FILESDIR}"/config.yaml.example
400	-
401	- fowners -R ${PN}:${PN} /etc/headscale
402	- fowners -R ${PN}:${PN} /var/lib/headscale
403	-
404	- systemd_dounit "${FILESDIR}"/headscaled.service
405	- newinitd "${FILESDIR}"/headscaled.initd headscaled
406	- newconfd "${FILESDIR}"/headscale.conf headscaled
407	-}
408	-
409	-pkg_postinst() {
410	- elog "You will need to set up your /etc/headscale/config.yaml file before starting the service"
411	- elog "Please use /etc/headscale/config.yaml.example as example"
412	- elog "More in the official documentation https://github.com/juanfont/headscale/tree/main/docs"
413	-}

Gentoo Archives: gentoo-commits