headscale/config-example.yaml
Kristoffer Dalby f9e6722635 Rewrite main documentation
This commit starts restructuring the documentation and updating it to be
compliant with 0.12.x+ releases.

The main change is that the documentation has been rewritten for the
ground up, and hopefully simplified.

The documentation has been split into an official documentation for
running headscale as a binary under Linux with SystemD and a "community"
provided documentation for Docker.

This should make the two documents a lot easier to read and follow than
the mishmash document we had.
2022-01-02 19:11:36 +01:00

88 lines
2.2 KiB
YAML

---
# The url clients will connect to.
# Typically this will be a domain.
server_url: http://127.0.0.1:8080
# Address to listen to / bind to on the server
listen_addr: 0.0.0.0:8080
# Private key file which will be
# autogenerated if it's missing
private_key_path: /var/lib/headscale/private.key
derp:
# List of externally available DERP maps encoded in JSON
urls:
- https://controlplane.tailscale.com/derpmap/default
# Locally available DERP map files encoded in YAML
# paths:
# - /etc/headscale/derp-example.yaml
# If enabled, a worker will be set up to periodically
# refresh the given sources and update the derpmap
# will be set up.
auto_update_enabled: true
# How often should we check for updates?
update_frequency: 24h
# Disables the automatic check for updates on startup
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
# SQLite config
db_type: sqlite3
db_path: /var/lib/headscale/db.sqlite
# # Postgres config
# db_type: postgres
# db_host: localhost
# db_port: 5432
# db_name: headscale
# db_user: foo
# db_pass: bar
acme_url: https://acme-v02.api.letsencrypt.org/directory
acme_email: ""
tls_letsencrypt_hostname: ""
tls_letsencrypt_listen: ":http"
tls_letsencrypt_cache_dir: /var/lib/headscale/cache
tls_letsencrypt_challenge_type: HTTP-01
tls_cert_path: ""
tls_key_path: ""
log_level: info
# Path to a file containg ACL policies.
acl_policy_path: ""
dns_config:
# Upstream DNS servers
nameservers:
- 1.1.1.1
domains: []
magic_dns: true
base_domain: example.com
# Unix socket used for the CLI to connect without authentication
# Note: for local development, you probably want to change this to:
# unix_socket: ./headscale.sock
unix_socket: /var/run/headscale.sock
# headscale supports experimental OpenID connect support,
# it is still being tested and might have some bugs, please
# help us test it.
# OpenID Connect
# oidc:
# issuer: "https://your-oidc.issuer.com/path"
# client_id: "your-oidc-client-id"
# client_secret: "your-oidc-client-secret"
#
# # Domain map is used to map incomming users (by their email) to
# # a namespace. The key can be a string, or regex.
# domain_map:
# ".*": default-namespace