Headscale: Upgrade to 0.25.1
Update configuration template.
Change-Id: I3029e6eda0f5f049e28e9418ec1e596c78d25a57
diff --git a/charts/headscale/templates/config.yaml b/charts/headscale/templates/config.yaml
index 7c007ba..c060af0 100644
--- a/charts/headscale/templates/config.yaml
+++ b/charts/headscale/templates/config.yaml
@@ -78,9 +78,9 @@
# List of IP prefixes to allocate tailaddresses from.
# Each prefix consists of either an IPv4 or IPv6 address,
# and the associated prefix length, delimited by a slash.
- ip_prefixes:
+ prefixes:
# - fd7a:115c:a1e0::/48
- - 100.64.0.0/10
+ v4: 100.64.0.0/10
# DERP is a relay system that Tailscale uses when a direct
# connection cannot be established.
@@ -143,25 +143,18 @@
# In case of doubts, do not touch the default 10s.
node_update_check_interval: 10s
- # SQLite config
- db_type: sqlite3
-
- # For production:
- # db_path: /var/lib/headscale/db.sqlite
- db_path: /headscale/data/db.sqlite
-
- # # Postgres config
- # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
- # db_type: postgres
- # db_host: localhost
- # db_port: 5432
- # db_name: headscale
- # db_user: foo
- # db_pass: bar
-
- # If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need
- # in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
- # db_ssl: false
+ database:
+ type: sqlite
+ debug: false
+ gorm:
+ prepare_stmt: true
+ parameterized_queries: true
+ skip_err_record_not_found: true
+ slow_threshold: 1000
+ sqlite:
+ path: /headscale/data/db.sqlite
+ write_ahead_log: true
+ wal_autocheckpoint: 1000
### TLS configuration
#
@@ -206,7 +199,9 @@
# Path to a file containg ACL policies.
# ACLs can be defined as YAML or HUJSON.
# https://tailscale.com/kb/1018/acls/
- acl_policy_path: "/headscale/acls/config.hujson" # TODO(gio): mount path must be configurable
+ policy:
+ mode: file
+ path: "/headscale/acls/config.hujson" # TODO(gio): mount path must be configurable
## DNS
#
@@ -217,14 +212,13 @@
# - https://tailscale.com/kb/1081/magicdns/
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
#
- dns_config:
- # Whether to prefer using Headscale provided DNS or use local.
- override_local_dns: true
-
+ dns:
# List of DNS servers to expose to clients.
nameservers:
- - 8.8.8.8
- - 1.1.1.1
+ global:
+ - 8.8.8.8
+ - 1.1.1.1
+ split: {}
# NextDNS (see https://tailscale.com/kb/1218/nextdns/).
# "abc123" is example NextDNS ID, replace with yours.
@@ -249,7 +243,7 @@
# - 8.8.8.8
# Search domains to inject.
- domains: []
+ search_domains: []
# Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
# Only works if there is at least a nameserver defined.
@@ -259,7 +253,7 @@
# `base_domain` must be a FQDNs, without the trailing dot.
# The FQDN of the hosts will be
# `hostname.namespace.base_domain` (e.g., _myhost.mynamespace.example.com_).
- base_domain: {{ .Values.publicBaseDomain }}
+ base_domain: devices.p.{{ .Values.publicBaseDomain }}
# Unix socket used for the CLI to connect without authentication
# Note: for production you will want to set this to something like:
diff --git a/charts/headscale/values.yaml b/charts/headscale/values.yaml
index 0237ba5..c65a8df 100644
--- a/charts/headscale/values.yaml
+++ b/charts/headscale/values.yaml
@@ -1,6 +1,6 @@
image:
repository: headscale/headscale
- tag: 0.22.3
+ tag: 0.25.1
pullPolicy: IfNotPresent
storage:
size: 5Gi
diff --git a/core/installer/values-tmpl/headscale.cue b/core/installer/values-tmpl/headscale.cue
index fb146ed..c28926e 100644
--- a/core/installer/values-tmpl/headscale.cue
+++ b/core/installer/values-tmpl/headscale.cue
@@ -16,7 +16,7 @@
headscale: {
repository: "headscale"
name: "headscale"
- tag: "0.22.3"
+ tag: "0.25.1"
pullPolicy: "IfNotPresent"
}
api: {