#!/bin/bash
set -e

# ===============================================================
#  Headscale Self-Hosted Installation Script
#  Compatible with Traefik (network: traefik_default)
# ===============================================================

# --- Configuration ---
DOMAIN="headscale.rozic-dev.com"
EMAIL="your@email.com"     # For Let's Encrypt via Traefik
NETWORK="traefik_default"
INSTALL_DIR="/home/Dejan/Docker/Headscale"

# --- Create folders ---
echo "📁 Creating folder structure..."
mkdir -p "${INSTALL_DIR}/config" "${INSTALL_DIR}/data"
cd "${INSTALL_DIR}"

# --- Create config.yaml ---
echo "📝 Creating Headscale config file..."
cat > "${INSTALL_DIR}/config/config.yaml" <<EOF
server_url: https://${DOMAIN}
listen_addr: 0.0.0.0:8080
prefixes:
  v4: 100.64.0.0/10
  v6: fd7a:115c:a1e0::/48
derp:
  server:
    enabled: true
    region_id: 999
    region_code: slovenia
    region_name: "Headscale Slovenia"
  urls:
    - https://controlplane.tailscale.com/derpmap/default
dns_config:
  nameservers:
    - 1.1.1.1
    - 8.8.8.8
log_level: info
ip_prefixes:
  v4: 100.64.0.0/10
  v6: fd7a:115c:a1e0::/48
EOF

# --- Create docker-compose.yml ---
echo "🐳 Creating docker-compose.yml..."
cat > "${INSTALL_DIR}/docker-compose.yml" <<'EOF'
version: "3.8"

x-default: &default
  restart: unless-stopped
  networks:
    - traefik
  logging:
    driver: json-file
    options:
      max-size: 50m
      max-file: "2"

services:
  headscale:
    <<: *default
    image: headscale/headscale:latest
    container_name: headscale
    command: serve
    environment:
      - HEADSCALE_LOG_LEVEL=info
      - HEADSCALE_SERVER_URL=https://headscale.rozic-dev.com
      - HEADSCALE_LISTEN_ADDR=0.0.0.0:8080
      - HEADSCALE_DB_TYPE=sqlite3
      - HEADSCALE_DB_PATH=/var/lib/headscale/db.sqlite
      - HEADSCALE_EPHEMERAL_NODE_INACTIVITY_TIMEOUT=30m
    volumes:
      - ./data:/var/lib/headscale
      - ./config:/etc/headscale
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.headscale.rule=Host(`headscale.rozic-dev.com`)"
      - "traefik.http.routers.headscale.entrypoints=websecure"
      - "traefik.http.routers.headscale.tls.certresolver=letsencrypt"
      - "traefik.http.services.headscale.loadbalancer.server.port=8080"

networks:
  traefik:
    external: true
    name: traefik_default
EOF

# --- Start container ---
echo "🚀 Starting Headscale container..."
docker compose up -d

# --- Wait for container startup ---
sleep 5

# --- Create user and auth key ---
echo "👤 Creating default Headscale user..."
docker exec -it headscale headscale users create dejan || true

echo "🔑 Creating reusable pre-auth key..."
docker exec -it headscale headscale preauthkeys create --user dejan --reusable --ephemeral=false

echo
echo "✅ Headscale is now running!"
echo "🌍 URL: https://${DOMAIN}"
echo "💡 To connect a client:"
echo "    tailscale up --login-server https://${DOMAIN} --authkey <KEY>"
echo
EOF

---

## 🧠 Usage

1. Copy this file to your server, e.g.:

```bash
nano install.sh