573785f2cc
Ship policy.hujson (mounted + installed on first deploy, edits preserved) and wire policy.mode=file / policy.path in config.yaml. Translate the Tailscale "grants" default into headscale's legacy "acls" format (self-access, tag:shared, Tailscale SSH), since headscale 0.28 doesn't support grants. Embed in deploy.sh and document `headscale policy check`.
39 lines
1.1 KiB
Bash
39 lines
1.1 KiB
Bash
#!/usr/bin/env bash
|
|
#
|
|
# build.sh -- (re)embed docker-compose.yml, Caddyfile, config.yaml,
|
|
# policy.hujson and .env.example into deploy.sh as a base64-encoded tar.gz
|
|
# payload after the __ARCHIVE_BELOW__ marker. Idempotent: strips first.
|
|
#
|
|
# Run after editing any of the loose files. The resulting deploy.sh is
|
|
# self-contained and can be scp'd to the target box on its own.
|
|
|
|
set -euo pipefail
|
|
|
|
DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
|
|
SCRIPT="$DIR/deploy.sh"
|
|
MARKER="__ARCHIVE_BELOW__"
|
|
|
|
[[ -f "$SCRIPT" ]] || { echo "deploy.sh not found at $SCRIPT" >&2; exit 1; }
|
|
for f in docker-compose.yml Caddyfile config.yaml policy.hujson .env.example; do
|
|
[[ -f "$DIR/$f" ]] || { echo "Missing $DIR/$f" >&2; exit 1; }
|
|
done
|
|
|
|
PAYLOAD=$(tar -czf - -C "$DIR" \
|
|
docker-compose.yml Caddyfile config.yaml policy.hujson .env.example | base64)
|
|
|
|
TMP=$(mktemp)
|
|
trap 'rm -f "$TMP"' EXIT
|
|
|
|
sed "/^${MARKER}\$/,\$d" "$SCRIPT" > "$TMP"
|
|
{
|
|
echo "$MARKER"
|
|
echo "$PAYLOAD"
|
|
} >> "$TMP"
|
|
|
|
mv "$TMP" "$SCRIPT"
|
|
chmod +x "$SCRIPT"
|
|
trap - EXIT
|
|
|
|
size=$(wc -c < "$SCRIPT")
|
|
echo "Built $SCRIPT (${size} bytes)"
|