mirror of
https://github.com/juanfont/headscale.git
synced 2024-12-17 21:47:32 +00:00
da48cf64b3
This commit adds a default OpenID Connect expiry to 180d to align with Tailscale SaaS (previously infinite or based on token expiry). In addition, it adds an option use the expiry time from the Token sent by the OpenID provider. This will typically cause really short expiry and you should only turn on this option if you know what you are desiring. This fixes #1176. Co-authored-by: Even Holthe <even.holthe@bekk.no> Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>
57 lines
1.2 KiB
YAML
57 lines
1.2 KiB
YAML
acl_policy_path: ""
|
|
cli:
|
|
insecure: false
|
|
timeout: 5s
|
|
db_path: /tmp/integration_test_db.sqlite3
|
|
db_ssl: false
|
|
db_type: sqlite3
|
|
derp:
|
|
auto_update_enabled: false
|
|
server:
|
|
enabled: false
|
|
stun:
|
|
enabled: true
|
|
update_frequency: 1m
|
|
urls:
|
|
- https://controlplane.tailscale.com/derpmap/default
|
|
dns_config:
|
|
override_local_dns: true
|
|
base_domain: headscale.net
|
|
domains: []
|
|
magic_dns: true
|
|
nameservers:
|
|
- 127.0.0.11
|
|
- 1.1.1.1
|
|
ephemeral_node_inactivity_timeout: 30m
|
|
node_update_check_interval: 10s
|
|
grpc_allow_insecure: false
|
|
grpc_listen_addr: :50443
|
|
ip_prefixes:
|
|
- fd7a:115c:a1e0::/48
|
|
- 100.64.0.0/10
|
|
listen_addr: 0.0.0.0:8080
|
|
log:
|
|
format: text
|
|
level: disabled
|
|
logtail:
|
|
enabled: false
|
|
metrics_listen_addr: 127.0.0.1:9090
|
|
oidc:
|
|
expiry: 180d
|
|
only_start_if_oidc_is_available: true
|
|
scope:
|
|
- openid
|
|
- profile
|
|
- email
|
|
strip_email_domain: true
|
|
use_expiry_from_token: false
|
|
private_key_path: private.key
|
|
noise:
|
|
private_key_path: noise_private.key
|
|
server_url: http://headscale:8080
|
|
tls_letsencrypt_cache_dir: /var/www/.cache
|
|
tls_letsencrypt_challenge_type: HTTP-01
|
|
unix_socket: /var/run/headscale.sock
|
|
unix_socket_permission: "0o770"
|
|
randomize_client_port: false
|