Headscale/install.sh

#!/bin/bash
set -e

# ===============================================================
#  Headscale Self-Hosted Installation Script
#  Compatible with Traefik (network: traefik_default)
# ===============================================================

# --- Configuration ---
DOMAIN="headscale.rozic-dev.com"
EMAIL="your@email.com"     # For Let's Encrypt via Traefik
NETWORK="traefik_default"
INSTALL_DIR="/home/Dejan/Docker/Headscale"

# --- Create folders ---
echo "📁 Creating folder structure..."
mkdir -p "${INSTALL_DIR}/config" "${INSTALL_DIR}/data"
cd "${INSTALL_DIR}"

# --- Create config.yaml ---
echo "📝 Creating Headscale config file..."
cat > "${INSTALL_DIR}/config/config.yaml" <<EOF
server_url: https://${DOMAIN}
listen_addr: 0.0.0.0:8080
prefixes:
  v4: 100.64.0.0/10
  v6: fd7a:115c:a1e0::/48
derp:
  server:
    enabled: true
    region_id: 999
    region_code: slovenia
    region_name: "Headscale Slovenia"
  urls:
    - https://controlplane.tailscale.com/derpmap/default
dns_config:
  nameservers:
    - 1.1.1.1
    - 8.8.8.8
log_level: info
ip_prefixes:
  v4: 100.64.0.0/10
  v6: fd7a:115c:a1e0::/48
EOF

# --- Create docker-compose.yml ---
echo "🐳 Creating docker-compose.yml..."
cat > "${INSTALL_DIR}/docker-compose.yml" <<'EOF'
version: "3.8"

x-default: &default
  restart: unless-stopped
  networks:
    - traefik
  logging:
    driver: json-file
    options:
      max-size: 50m
      max-file: "2"

services:
  headscale:
    <<: *default
    image: headscale/headscale:latest
    container_name: headscale
    command: serve
    environment:
      - HEADSCALE_LOG_LEVEL=info
      - HEADSCALE_SERVER_URL=https://headscale.rozic-dev.com
      - HEADSCALE_LISTEN_ADDR=0.0.0.0:8080
      - HEADSCALE_DB_TYPE=sqlite3
      - HEADSCALE_DB_PATH=/var/lib/headscale/db.sqlite
      - HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT=30m
    volumes:
      - ./data:/var/lib/headscale
      - ./config:/etc/headscale
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.headscale.rule=Host(`headscale.rozic-dev.com`)"
      - "traefik.http.routers.headscale.entrypoints=websecure"
      - "traefik.http.routers.headscale.tls.certresolver=letsencrypt"
      - "traefik.http.services.headscale.loadbalancer.server.port=8080"

networks:
  traefik:
    external: true
    name: traefik_default
EOF

# --- Start container ---
echo "🚀 Starting Headscale container..."
docker compose up -d

# --- Wait for container startup ---
sleep 5

# --- Create user and auth key ---
echo "👤 Creating default Headscale user..."
docker exec -it headscale headscale users create dejan || true

echo "🔑 Creating reusable pre-auth key..."
docker exec -it headscale headscale preauthkeys create --user dejan --reusable --ephemeral=false

echo
echo "✅ Headscale is now running!"
echo "🌍 URL: https://${DOMAIN}"
echo "💡 To connect a client:"
echo "    tailscale up --login-server https://${DOMAIN} --authkey <KEY>"
echo
EOF

---

## 🧠 Usage

1. Copy this file to your server, e.g.:

```bash
nano install.sh
first commit 2025-11-24 16:58:23 +00:00			`#!/bin/bash`
			`set -e`

			`# ===============================================================`
			`# Headscale Self-Hosted Installation Script`
			`# Compatible with Traefik (network: traefik_default)`
			`# ===============================================================`

			`# --- Configuration ---`
			`DOMAIN="headscale.rozic-dev.com"`
			`EMAIL="your@email.com" # For Let's Encrypt via Traefik`
			`NETWORK="traefik_default"`
			`INSTALL_DIR="/home/Dejan/Docker/Headscale"`

			`# --- Create folders ---`
			`echo "📁 Creating folder structure..."`
			`mkdir -p "${INSTALL_DIR}/config" "${INSTALL_DIR}/data"`
			`cd "${INSTALL_DIR}"`

			`# --- Create config.yaml ---`
			`echo "📝 Creating Headscale config file..."`
			`cat > "${INSTALL_DIR}/config/config.yaml" <<EOF`
			`server_url: https://${DOMAIN}`
			`listen_addr: 0.0.0.0:8080`
			`prefixes:`
			`v4: 100.64.0.0/10`
			`v6: fd7a:115c:a1e0::/48`
			`derp:`
			`server:`
			`enabled: true`
			`region_id: 999`
			`region_code: slovenia`
			`region_name: "Headscale Slovenia"`
			`urls:`
			`- https://controlplane.tailscale.com/derpmap/default`
			`dns_config:`
			`nameservers:`
			`- 1.1.1.1`
			`- 8.8.8.8`
			`log_level: info`
			`ip_prefixes:`
			`v4: 100.64.0.0/10`
			`v6: fd7a:115c:a1e0::/48`
			`EOF`

			`# --- Create docker-compose.yml ---`
			`echo "🐳 Creating docker-compose.yml..."`
			`cat > "${INSTALL_DIR}/docker-compose.yml" <<'EOF'`
			`version: "3.8"`

			`x-default: &default`
			`restart: unless-stopped`
			`networks:`
			`- traefik`
			`logging:`
			`driver: json-file`
			`options:`
			`max-size: 50m`
			`max-file: "2"`

			`services:`
			`headscale:`
			`<<: *default`
			`image: headscale/headscale:latest`
			`container_name: headscale`
			`command: serve`
			`environment:`
			`- HEADSCALE_LOG_LEVEL=info`
			`- HEADSCALE_SERVER_URL=https://headscale.rozic-dev.com`
			`- HEADSCALE_LISTEN_ADDR=0.0.0.0:8080`
			`- HEADSCALE_DB_TYPE=sqlite3`
			`- HEADSCALE_DB_PATH=/var/lib/headscale/db.sqlite`
			`- HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT=30m`
			`volumes:`
			`- ./data:/var/lib/headscale`
			`- ./config:/etc/headscale`
			`labels:`
			`- "traefik.enable=true"`
			- "traefik.http.routers.headscale.rule=Host(`headscale.rozic-dev.com`)"
			`- "traefik.http.routers.headscale.entrypoints=websecure"`
			`- "traefik.http.routers.headscale.tls.certresolver=letsencrypt"`
			`- "traefik.http.services.headscale.loadbalancer.server.port=8080"`

			`networks:`
			`traefik:`
			`external: true`
			`name: traefik_default`
			`EOF`

			`# --- Start container ---`
			`echo "🚀 Starting Headscale container..."`
			`docker compose up -d`

			`# --- Wait for container startup ---`
			`sleep 5`

			`# --- Create user and auth key ---`
			`echo "👤 Creating default Headscale user..."`
			`docker exec -it headscale headscale users create dejan \|\| true`

			`echo "🔑 Creating reusable pre-auth key..."`
			`docker exec -it headscale headscale preauthkeys create --user dejan --reusable --ephemeral=false`

			`echo`
			`echo "✅ Headscale is now running!"`
			`echo "🌍 URL: https://${DOMAIN}"`
			`echo "💡 To connect a client:"`
			`echo " tailscale up --login-server https://${DOMAIN} --authkey <KEY>"`
			`echo`
			`EOF`

			`---`

			`## 🧠 Usage`

			`1. Copy this file to your server, e.g.:`

			```bash
			`nano install.sh`