Files
57_Wolve 1ca79938cd feat(headscale): add headplane web UI at /admin
Integrate headplane (ghcr.io/tale/headplane) into the headscale stack, served
by Caddy at /admin. API-only (no Docker socket); deploy.sh mints a headscale
API key on first run, generates headplane.yaml, and wires optional OIDC login
via pocket-id (second client, /admin/oidc/callback). Adds HEADPLANE_* env,
compose service, Caddy routing; rebuild embedded archive.
2026-06-12 16:15:34 -05:00

44 lines
2.2 KiB
Bash

# Copy to .env and fill in. docker compose picks .env up automatically.
# ─── Public hostnames ───────────────────────────────────────────────────────
# Bare hostname (no scheme) where headscale will be reached. Tailscale
# clients connect here over HTTPS.
HEADSCALE_DOMAIN=hs.example.com
# Email for Let's Encrypt registration / expiry notifications.
ACME_EMAIL=admin@example.com
# Magic-DNS suffix for nodes inside the tailnet. Example: with
# TAILNET_DOMAIN=tail.example.com, a host called "laptop" will resolve to
# laptop.tail.example.com. MUST be different from HEADSCALE_DOMAIN.
TAILNET_DOMAIN=tail.example.com
# ─── OIDC (pocket-id) ───────────────────────────────────────────────────────
# Hostname (no scheme) of your pocket-id deployment, used as the OIDC
# issuer. Must match the issuer URL pocket-id advertises at
# /.well-known/openid-configuration.
POCKETID_DOMAIN=auth.example.com
# Register a new OIDC client in pocket-id's admin UI with redirect URI:
# https://${HEADSCALE_DOMAIN}/oidc/callback
# Then paste the credentials here.
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
# ─── Headplane (web UI at /admin) ───────────────────────────────────────────
# Generated on first deploy; leave blank.
HEADPLANE_COOKIE_SECRET=
# Auto-created from headscale on first deploy (the UI's API access); leave blank.
HEADPLANE_HS_API_KEY=
# Optional: OIDC login for headplane via pocket-id. Register a SECOND OIDC
# client in pocket-id with redirect URI:
# https://${HEADSCALE_DOMAIN}/admin/oidc/callback
# Leave both blank to use headplane's API-key login instead.
HEADPLANE_OIDC_CLIENT_ID=
HEADPLANE_OIDC_CLIENT_SECRET=
# ─── Image tags ─────────────────────────────────────────────────────────────
HEADSCALE_TAG=0.28.0
HEADPLANE_TAG=latest
CADDY_TAG=2-alpine