1 |
commit: b80f01fb2f6b22b9f06e57b9ae0531ba65f0d38f |
2 |
Author: William Hubbs <williamh <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Apr 28 16:21:38 2022 +0000 |
4 |
Commit: Yixun Lan <dlan <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun May 1 23:04:19 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b80f01fb |
7 |
|
8 |
net-vpn/headscale: 0.15.0-r1 bump |
9 |
|
10 |
- install documentation |
11 |
- patch example config so we know if upstream changes the config file |
12 |
- install example config in the documentation directory |
13 |
- name the service the same as the binary |
14 |
|
15 |
Closes: https://bugs.gentoo.org/842018 |
16 |
Author-by: William Hubbs <williamh <AT> gentoo.org> |
17 |
Signed-off-by: Yixun Lan <dlan <AT> gentoo.org> |
18 |
|
19 |
net-vpn/headscale/files/config-socket.patch | 13 ++ |
20 |
net-vpn/headscale/files/config.yaml.example | 221 --------------------- |
21 |
.../files/{headscale.conf => headscale.confd} | 0 |
22 |
.../files/{headscaled.initd => headscale.initd} | 2 +- |
23 |
.../{headscaled.service => headscale.service} | 0 |
24 |
net-vpn/headscale/headscale-0.15.0-r1.ebuild | 49 +++++ |
25 |
net-vpn/headscale/headscale-0.15.0.ebuild | 49 ----- |
26 |
7 files changed, 63 insertions(+), 271 deletions(-) |
27 |
|
28 |
diff --git a/net-vpn/headscale/files/config-socket.patch b/net-vpn/headscale/files/config-socket.patch |
29 |
new file mode 100644 |
30 |
index 000000000000..4d6c90e3f0f5 |
31 |
--- /dev/null |
32 |
+++ b/net-vpn/headscale/files/config-socket.patch |
33 |
@@ -0,0 +1,13 @@ |
34 |
+diff --git a/config-example.yaml b/config-example.yaml |
35 |
+index dee25cb..007d8ec 100644 |
36 |
+--- a/config-example.yaml |
37 |
++++ b/config-example.yaml |
38 |
+@@ -202,7 +202,7 @@ dns_config: |
39 |
+ # Unix socket used for the CLI to connect without authentication |
40 |
+ # Note: for local development, you probably want to change this to: |
41 |
+ # unix_socket: ./headscale.sock |
42 |
+-unix_socket: /var/run/headscale.sock |
43 |
++unix_socket: /run/headscale.sock |
44 |
+ unix_socket_permission: "0770" |
45 |
+ # |
46 |
+ # headscale supports experimental OpenID connect support, |
47 |
|
48 |
diff --git a/net-vpn/headscale/files/config.yaml.example b/net-vpn/headscale/files/config.yaml.example |
49 |
deleted file mode 100644 |
50 |
index 603b941dac9d..000000000000 |
51 |
--- a/net-vpn/headscale/files/config.yaml.example |
52 |
+++ /dev/null |
53 |
@@ -1,221 +0,0 @@ |
54 |
---- |
55 |
-# headscale will look for a configuration file named `config.yaml` (or `config.json`) in the following order: |
56 |
-# |
57 |
-# - `/etc/headscale` |
58 |
-# - `~/.headscale` |
59 |
-# - current working directory |
60 |
- |
61 |
-# The url clients will connect to. |
62 |
-# Typically this will be a domain like: |
63 |
-# |
64 |
-# https://myheadscale.example.com:443 |
65 |
-# |
66 |
-server_url: http://127.0.0.1:8080 |
67 |
- |
68 |
-# Address to listen to / bind to on the server |
69 |
-# |
70 |
-listen_addr: 0.0.0.0:8080 |
71 |
- |
72 |
-# Address to listen to /metrics, you may want |
73 |
-# to keep this endpoint private to your internal |
74 |
-# network |
75 |
-# |
76 |
-metrics_listen_addr: 127.0.0.1:9090 |
77 |
- |
78 |
-# Address to listen for gRPC. |
79 |
-# gRPC is used for controlling a headscale server |
80 |
-# remotely with the CLI |
81 |
-# Note: Remote access _only_ works if you have |
82 |
-# valid certificates. |
83 |
-grpc_listen_addr: 0.0.0.0:50443 |
84 |
- |
85 |
-# Allow the gRPC admin interface to run in INSECURE |
86 |
-# mode. This is not recommended as the traffic will |
87 |
-# be unencrypted. Only enable if you know what you |
88 |
-# are doing. |
89 |
-grpc_allow_insecure: false |
90 |
- |
91 |
-# Private key used encrypt the traffic between headscale |
92 |
-# and Tailscale clients. |
93 |
-# The private key file which will be |
94 |
-# autogenerated if it's missing |
95 |
-private_key_path: /var/lib/headscale/private.key |
96 |
- |
97 |
-# List of IP prefixes to allocate tailaddresses from. |
98 |
-# Each prefix consists of either an IPv4 or IPv6 address, |
99 |
-# and the associated prefix length, delimited by a slash. |
100 |
-ip_prefixes: |
101 |
- - fd7a:115c:a1e0::/48 |
102 |
- - 100.64.0.0/10 |
103 |
- |
104 |
-# DERP is a relay system that Tailscale uses when a direct |
105 |
-# connection cannot be established. |
106 |
-# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp |
107 |
-# |
108 |
-# headscale needs a list of DERP servers that can be presented |
109 |
-# to the clients. |
110 |
-derp: |
111 |
- server: |
112 |
- # If enabled, runs the embedded DERP server and merges it into the rest of the DERP config |
113 |
- # The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place |
114 |
- enabled: false |
115 |
- |
116 |
- # Region ID to use for the embedded DERP server. |
117 |
- # The local DERP prevails if the region ID collides with other region ID coming from |
118 |
- # the regular DERP config. |
119 |
- region_id: 999 |
120 |
- |
121 |
- # Region code and name are displayed in the Tailscale UI to identify a DERP region |
122 |
- region_code: "headscale" |
123 |
- region_name: "Headscale Embedded DERP" |
124 |
- |
125 |
- # Listens in UDP at the configured address for STUN connections to help on NAT traversal. |
126 |
- # When the embedded DERP server is enabled stun_listen_addr MUST be defined. |
127 |
- # |
128 |
- # For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/ |
129 |
- stun_listen_addr: "0.0.0.0:3478" |
130 |
- |
131 |
- # List of externally available DERP maps encoded in JSON |
132 |
- urls: |
133 |
- - https://controlplane.tailscale.com/derpmap/default |
134 |
- |
135 |
- # Locally available DERP map files encoded in YAML |
136 |
- # |
137 |
- # This option is mostly interesting for people hosting |
138 |
- # their own DERP servers: |
139 |
- # https://tailscale.com/kb/1118/custom-derp-servers/ |
140 |
- # |
141 |
- # paths: |
142 |
- # - /etc/headscale/derp-example.yaml |
143 |
- paths: [] |
144 |
- |
145 |
- # If enabled, a worker will be set up to periodically |
146 |
- # refresh the given sources and update the derpmap |
147 |
- # will be set up. |
148 |
- auto_update_enabled: true |
149 |
- |
150 |
- # How often should we check for DERP updates? |
151 |
- update_frequency: 24h |
152 |
- |
153 |
-# Disables the automatic check for headscale updates on startup |
154 |
-disable_check_updates: false |
155 |
- |
156 |
-# Time before an inactive ephemeral node is deleted? |
157 |
-ephemeral_node_inactivity_timeout: 30m |
158 |
- |
159 |
-# SQLite config |
160 |
-db_type: sqlite3 |
161 |
-db_path: /var/lib/headscale/db.sqlite |
162 |
- |
163 |
-# # Postgres config |
164 |
-# db_type: postgres |
165 |
-# db_host: localhost |
166 |
-# db_port: 5432 |
167 |
-# db_name: headscale |
168 |
-# db_user: foo |
169 |
-# db_pass: bar |
170 |
- |
171 |
-### TLS configuration |
172 |
-# |
173 |
-## Let's encrypt / ACME |
174 |
-# |
175 |
-# headscale supports automatically requesting and setting up |
176 |
-# TLS for a domain with Let's Encrypt. |
177 |
-# |
178 |
-# URL to ACME directory |
179 |
-acme_url: https://acme-v02.api.letsencrypt.org/directory |
180 |
- |
181 |
-# Email to register with ACME provider |
182 |
-acme_email: "" |
183 |
- |
184 |
-# Domain name to request a TLS certificate for: |
185 |
-tls_letsencrypt_hostname: "" |
186 |
- |
187 |
-# Client (Tailscale/Browser) authentication mode (mTLS) |
188 |
-# Acceptable values: |
189 |
-# - disabled: client authentication disabled |
190 |
-# - relaxed: client certificate is required but not verified |
191 |
-# - enforced: client certificate is required and verified |
192 |
-tls_client_auth_mode: relaxed |
193 |
- |
194 |
-# Path to store certificates and metadata needed by |
195 |
-# letsencrypt |
196 |
-tls_letsencrypt_cache_dir: /var/lib/headscale/cache |
197 |
- |
198 |
-# Type of ACME challenge to use, currently supported types: |
199 |
-# HTTP-01 or TLS-ALPN-01 |
200 |
-# See [docs/tls.md](docs/tls.md) for more information |
201 |
-tls_letsencrypt_challenge_type: HTTP-01 |
202 |
-# When HTTP-01 challenge is chosen, letsencrypt must set up a |
203 |
-# verification endpoint, and it will be listning on: |
204 |
-# :http = port 80 |
205 |
-tls_letsencrypt_listen: ":http" |
206 |
- |
207 |
-## Use already defined certificates: |
208 |
-tls_cert_path: "" |
209 |
-tls_key_path: "" |
210 |
- |
211 |
-log_level: info |
212 |
- |
213 |
-# Path to a file containg ACL policies. |
214 |
-# ACLs can be defined as YAML or HUJSON. |
215 |
-# https://tailscale.com/kb/1018/acls/ |
216 |
-acl_policy_path: "" |
217 |
- |
218 |
-## DNS |
219 |
-# |
220 |
-# headscale supports Tailscale's DNS configuration and MagicDNS. |
221 |
-# Please have a look to their KB to better understand the concepts: |
222 |
-# |
223 |
-# - https://tailscale.com/kb/1054/dns/ |
224 |
-# - https://tailscale.com/kb/1081/magicdns/ |
225 |
-# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/ |
226 |
-# |
227 |
-dns_config: |
228 |
- # List of DNS servers to expose to clients. |
229 |
- nameservers: |
230 |
- - 1.1.1.1 |
231 |
- |
232 |
- # Split DNS (see https://tailscale.com/kb/1054/dns/), |
233 |
- # list of search domains and the DNS to query for each one. |
234 |
- # |
235 |
- # restricted_nameservers: |
236 |
- # foo.bar.com: |
237 |
- # - 1.1.1.1 |
238 |
- # darp.headscale.net: |
239 |
- # - 1.1.1.1 |
240 |
- # - 8.8.8.8 |
241 |
- |
242 |
- # Search domains to inject. |
243 |
- domains: [] |
244 |
- |
245 |
- # Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/). |
246 |
- # Only works if there is at least a nameserver defined. |
247 |
- magic_dns: true |
248 |
- |
249 |
- # Defines the base domain to create the hostnames for MagicDNS. |
250 |
- # `base_domain` must be a FQDNs, without the trailing dot. |
251 |
- # The FQDN of the hosts will be |
252 |
- # `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_). |
253 |
- base_domain: example.com |
254 |
- |
255 |
-# Unix socket used for the CLI to connect without authentication |
256 |
-# Note: for local development, you probably want to change this to: |
257 |
-unix_socket: /run/headscale/headscale.sock |
258 |
-unix_socket_permission: "0770" |
259 |
-# |
260 |
-# headscale supports experimental OpenID connect support, |
261 |
-# it is still being tested and might have some bugs, please |
262 |
-# help us test it. |
263 |
-# OpenID Connect |
264 |
-# oidc: |
265 |
-# issuer: "https://your-oidc.issuer.com/path" |
266 |
-# client_id: "your-oidc-client-id" |
267 |
-# client_secret: "your-oidc-client-secret" |
268 |
-# |
269 |
-# If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed. |
270 |
-# This will transform `first-name.last-name@×××××××.com` to the namespace `first-name.last-name` |
271 |
-# If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following |
272 |
-# namespace: `first-name.last-name.example.com` |
273 |
-# |
274 |
-# strip_email_domain: true |
275 |
|
276 |
diff --git a/net-vpn/headscale/files/headscale.conf b/net-vpn/headscale/files/headscale.confd |
277 |
similarity index 100% |
278 |
rename from net-vpn/headscale/files/headscale.conf |
279 |
rename to net-vpn/headscale/files/headscale.confd |
280 |
|
281 |
diff --git a/net-vpn/headscale/files/headscaled.initd b/net-vpn/headscale/files/headscale.initd |
282 |
similarity index 91% |
283 |
rename from net-vpn/headscale/files/headscaled.initd |
284 |
rename to net-vpn/headscale/files/headscale.initd |
285 |
index 5a12887f444b..5a98c0e6cb34 100644 |
286 |
--- a/net-vpn/headscale/files/headscaled.initd |
287 |
+++ b/net-vpn/headscale/files/headscale.initd |
288 |
@@ -18,7 +18,7 @@ depend() { |
289 |
start_pre() { |
290 |
if [ ! -s /etc/headscale/config.yaml ] ; then |
291 |
eerror "Missing headscale configuration file" |
292 |
- eerror "Please use /etc/headscale/config.yaml.example as example" |
293 |
+ eerror "Please check the documentation directory for an example" |
294 |
return 1 |
295 |
fi |
296 |
|
297 |
|
298 |
diff --git a/net-vpn/headscale/files/headscaled.service b/net-vpn/headscale/files/headscale.service |
299 |
similarity index 100% |
300 |
rename from net-vpn/headscale/files/headscaled.service |
301 |
rename to net-vpn/headscale/files/headscale.service |
302 |
|
303 |
diff --git a/net-vpn/headscale/headscale-0.15.0-r1.ebuild b/net-vpn/headscale/headscale-0.15.0-r1.ebuild |
304 |
new file mode 100644 |
305 |
index 000000000000..856fe17a4444 |
306 |
--- /dev/null |
307 |
+++ b/net-vpn/headscale/headscale-0.15.0-r1.ebuild |
308 |
@@ -0,0 +1,49 @@ |
309 |
+# Copyright 2022 Gentoo Authors |
310 |
+# Distributed under the terms of the GNU General Public License v2 |
311 |
+ |
312 |
+EAPI=8 |
313 |
+ |
314 |
+inherit go-module systemd |
315 |
+ |
316 |
+DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server" |
317 |
+HOMEPAGE="https://github.com/juanfont/headscale" |
318 |
+SRC_URI="https://github.com/juanfont/headscale/archive/v${PV}.tar.gz -> ${P}.tar.gz |
319 |
+ https://dev.gentoo.org/~jsmolic/distfiles/net-vpn/headscale/${P}-deps.tar.xz |
320 |
+" |
321 |
+ |
322 |
+LICENSE="BSD Apache-2.0 MIT" |
323 |
+SLOT="0" |
324 |
+KEYWORDS="~amd64" |
325 |
+ |
326 |
+DEPEND=" |
327 |
+ acct-group/headscale |
328 |
+ acct-user/headscale |
329 |
+" |
330 |
+RDEPEND=" |
331 |
+ ${DEPEND} |
332 |
+ net-firewall/iptables |
333 |
+" |
334 |
+ |
335 |
+PATCHES=( |
336 |
+ "${FILESDIR}"/config-socket.patch |
337 |
+) |
338 |
+ |
339 |
+src_compile() { |
340 |
+ emake version=v${PV} |
341 |
+} |
342 |
+ |
343 |
+src_install() { |
344 |
+ dobin headscale |
345 |
+ dodoc -r docs/* config-example.yaml |
346 |
+ keepdir /etc/headscale /var/lib/headscale |
347 |
+ systemd_dounit "${FILESDIR}"/headscale.service |
348 |
+ newconfd "${FILESDIR}"/headscale.confd headscale |
349 |
+ newinitd "${FILESDIR}"/headscale.initd headscale |
350 |
+ fowners -R ${PN}:${PN} /etc/headscale /var/lib/headscale |
351 |
+} |
352 |
+ |
353 |
+pkg_postinst() { |
354 |
+ [[ -f "${EROOT}"/etc/headscale/config.yaml ]] && return |
355 |
+ elog "Please create ${EROOT}/etc/headscale/config.yaml before starting the service" |
356 |
+ elog "An example is in ${EROOT}/usr/share/doc/${PV}/config-example.yaml" |
357 |
+} |
358 |
|
359 |
diff --git a/net-vpn/headscale/headscale-0.15.0.ebuild b/net-vpn/headscale/headscale-0.15.0.ebuild |
360 |
deleted file mode 100644 |
361 |
index 93a52a9f0cde..000000000000 |
362 |
--- a/net-vpn/headscale/headscale-0.15.0.ebuild |
363 |
+++ /dev/null |
364 |
@@ -1,49 +0,0 @@ |
365 |
-# Copyright 2022 Gentoo Authors |
366 |
-# Distributed under the terms of the GNU General Public License v2 |
367 |
- |
368 |
-EAPI=8 |
369 |
- |
370 |
-inherit go-module systemd |
371 |
- |
372 |
-DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server" |
373 |
-HOMEPAGE="https://github.com/juanfont/headscale" |
374 |
-SRC_URI=" |
375 |
- https://github.com/juanfont/headscale/archive/refs/tags/v${PV}.tar.gz -> ${P}.tar.gz |
376 |
- https://dev.gentoo.org/~jsmolic/distfiles/net-vpn/headscale/${P}-deps.tar.xz |
377 |
-" |
378 |
- |
379 |
-LICENSE="BSD Apache-2.0 MIT" |
380 |
-SLOT="0" |
381 |
-KEYWORDS="~amd64" |
382 |
- |
383 |
-DEPEND=" |
384 |
- acct-group/headscale |
385 |
- acct-user/headscale |
386 |
-" |
387 |
-RDEPEND=" |
388 |
- ${DEPEND} |
389 |
- net-firewall/iptables |
390 |
-" |
391 |
- |
392 |
-src_install() { |
393 |
- keepdir /var/lib/headscale |
394 |
- keepdir /etc/headscale |
395 |
- |
396 |
- dobin headscale |
397 |
- |
398 |
- insinto /etc/headscale |
399 |
- doins "${FILESDIR}"/config.yaml.example |
400 |
- |
401 |
- fowners -R ${PN}:${PN} /etc/headscale |
402 |
- fowners -R ${PN}:${PN} /var/lib/headscale |
403 |
- |
404 |
- systemd_dounit "${FILESDIR}"/headscaled.service |
405 |
- newinitd "${FILESDIR}"/headscaled.initd headscaled |
406 |
- newconfd "${FILESDIR}"/headscale.conf headscaled |
407 |
-} |
408 |
- |
409 |
-pkg_postinst() { |
410 |
- elog "You will need to set up your /etc/headscale/config.yaml file before starting the service" |
411 |
- elog "Please use /etc/headscale/config.yaml.example as example" |
412 |
- elog "More in the official documentation https://github.com/juanfont/headscale/tree/main/docs" |
413 |
-} |