41 lines
1.7 KiB
YAML
41 lines
1.7 KiB
YAML
# Headplane Configuration - Reference Copy
|
|
# ==========================================
|
|
# Live file location on Calypso: /volume1/docker/headscale/headplane/config.yaml
|
|
# This file is NOT auto-deployed - must be manually placed on Calypso.
|
|
#
|
|
# To deploy/update config on Calypso:
|
|
# scp -P 62000 headplane-config.yaml Vish@100.103.48.78:/volume1/docker/headscale/headplane/config.yaml
|
|
# docker restart headplane
|
|
#
|
|
# Secrets are redacted here - see Authentik provider pk=16 (app slug=headplane) for OIDC creds.
|
|
# Headscale API key managed via: docker exec headscale headscale apikeys list
|
|
|
|
headscale:
|
|
# Internal Docker network URL - headplane and headscale share headscale-net
|
|
url: http://headscale:8080
|
|
# Path to headscale config inside the container (shared volume mount)
|
|
config_path: /etc/headscale/config.yaml
|
|
|
|
server:
|
|
host: 0.0.0.0
|
|
port: 3000
|
|
# Public URL used for OIDC redirect URIs - must include :8443, no /admin suffix
|
|
base_url: https://headscale.vish.gg:8443
|
|
# Must be EXACTLY 32 characters: openssl rand -base64 24 | tr -d '=\n'
|
|
cookie_secret: "REDACTED_SEE_CALYPSO" # pragma: allowlist secret
|
|
|
|
oidc:
|
|
# Authentik OIDC provider pk=16, app slug=headplane
|
|
issuer: https://sso.vish.gg/application/o/headplane/
|
|
client_id: "REDACTED_CLIENT_ID" # pragma: allowlist secret
|
|
client_secret: "REDACTED_CLIENT_SECRET" # pragma: allowlist secret
|
|
# Headscale API key used by Headplane during the OIDC auth flow
|
|
# Generate: docker exec headscale headscale apikeys create --expiration 999d
|
|
headscale_api_key: "REDACTED_API_KEY" # pragma: allowlist secret
|
|
|
|
integration:
|
|
docker:
|
|
# Enables Settings and DNS UI by allowing Headplane to restart headscale
|
|
# after config changes via the read-only Docker socket mount
|
|
enabled: true
|