120 lines
3 KiB
Bash
120 lines
3 KiB
Bash
|
#!/bin/bash
|
||
|
|
set -e
|
||
|
|
|
||
|
|
# ===============================================================
|
||
|
|
# Headscale Self-Hosted Installation Script
|
||
|
|
# Compatible with Traefik (network: traefik_default)
|
||
|
|
# ===============================================================
|
||
|
|
|
||
|
|
# --- Configuration ---
|
||
|
|
DOMAIN="headscale.rozic-dev.com"
|
||
|
|
EMAIL="your@email.com" # For Let's Encrypt via Traefik
|
||
|
|
NETWORK="traefik_default"
|
||
|
|
INSTALL_DIR="/home/Dejan/Docker/Headscale"
|
||
|
|
|
||
|
|
# --- Create folders ---
|
||
|
|
echo "📁 Creating folder structure..."
|
||
|
|
mkdir -p "${INSTALL_DIR}/config" "${INSTALL_DIR}/data"
|
||
|
|
cd "${INSTALL_DIR}"
|
||
|
|
|
||
|
|
# --- Create config.yaml ---
|
||
|
|
echo "📝 Creating Headscale config file..."
|
||
|
|
cat > "${INSTALL_DIR}/config/config.yaml" <<EOF
|
||
|
|
server_url: https://${DOMAIN}
|
||
|
|
listen_addr: 0.0.0.0:8080
|
||
|
|
prefixes:
|
||
|
|
v4: 100.64.0.0/10
|
||
|
|
v6: fd7a:115c:a1e0::/48
|
||
|
|
derp:
|
||
|
|
server:
|
||
|
|
enabled: true
|
||
|
|
region_id: 999
|
||
|
|
region_code: slovenia
|
||
|
|
region_name: "Headscale Slovenia"
|
||
|
|
urls:
|
||
|
|
- https://controlplane.tailscale.com/derpmap/default
|
||
|
|
dns_config:
|
||
|
|
nameservers:
|
||
|
|
- 1.1.1.1
|
||
|
|
- 8.8.8.8
|
||
|
|
log_level: info
|
||
|
|
ip_prefixes:
|
||
|
|
v4: 100.64.0.0/10
|
||
|
|
v6: fd7a:115c:a1e0::/48
|
||
|
|
EOF
|
||
|
|
|
||
|
|
# --- Create docker-compose.yml ---
|
||
|
|
echo "🐳 Creating docker-compose.yml..."
|
||
|
|
cat > "${INSTALL_DIR}/docker-compose.yml" <<'EOF'
|
||
|
|
version: "3.8"
|
||
|
|
|
||
|
|
x-default: &default
|
||
|
|
restart: unless-stopped
|
||
|
|
networks:
|
||
|
|
- traefik
|
||
|
|
logging:
|
||
|
|
driver: json-file
|
||
|
|
options:
|
||
|
|
max-size: 50m
|
||
|
|
max-file: "2"
|
||
|
|
|
||
|
|
services:
|
||
|
|
headscale:
|
||
|
|
<<: *default
|
||
|
|
image: headscale/headscale:latest
|
||
|
|
container_name: headscale
|
||
|
|
command: serve
|
||
|
|
environment:
|
||
|
|
- HEADSCALE_LOG_LEVEL=info
|
||
|
|
- HEADSCALE_SERVER_URL=https://headscale.rozic-dev.com
|
||
|
|
- HEADSCALE_LISTEN_ADDR=0.0.0.0:8080
|
||
|
|
- HEADSCALE_DB_TYPE=sqlite3
|
||
|
|
- HEADSCALE_DB_PATH=/var/lib/headscale/db.sqlite
|
||
|
|
- HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT=30m
|
||
|
|
volumes:
|
||
|
|
- ./data:/var/lib/headscale
|
||
|
|
- ./config:/etc/headscale
|
||
|
|
labels:
|
||
|
|
- "traefik.enable=true"
|
||
|
|
- "traefik.http.routers.headscale.rule=Host(`headscale.rozic-dev.com`)"
|
||
|
|
- "traefik.http.routers.headscale.entrypoints=websecure"
|
||
|
|
- "traefik.http.routers.headscale.tls.certresolver=letsencrypt"
|
||
|
|
- "traefik.http.services.headscale.loadbalancer.server.port=8080"
|
||
|
|
|
||
|
|
networks:
|
||
|
|
traefik:
|
||
|
|
external: true
|
||
|
|
name: traefik_default
|
||
|
|
EOF
|
||
|
|
|
||
|
|
# --- Start container ---
|
||
|
|
echo "🚀 Starting Headscale container..."
|
||
|
|
docker compose up -d
|
||
|
|
|
||
|
|
# --- Wait for container startup ---
|
||
|
|
sleep 5
|
||
|
|
|
||
|
|
# --- Create user and auth key ---
|
||
|
|
echo "👤 Creating default Headscale user..."
|
||
|
|
docker exec -it headscale headscale users create dejan || true
|
||
|
|
|
||
|
|
echo "🔑 Creating reusable pre-auth key..."
|
||
|
|
docker exec -it headscale headscale preauthkeys create --user dejan --reusable --ephemeral=false
|
||
|
|
|
||
|
|
echo
|
||
|
|
echo "✅ Headscale is now running!"
|
||
|
|
echo "🌍 URL: https://${DOMAIN}"
|
||
|
|
echo "💡 To connect a client:"
|
||
|
|
echo " tailscale up --login-server https://${DOMAIN} --authkey <KEY>"
|
||
|
|
echo
|
||
|
|
EOF
|
||
|
|
|
||
|
|
---
|
||
|
|
|
||
|
|
## 🧠 Usage
|
||
|
|
|
||
|
|
1. Copy this file to your server, e.g.:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
nano install.sh
|