Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 56bcf2524a384c66ffe99d5172054c12e51c2ee1 / . / core / installer / values-tmpl / headscale.cue
blob: ec0638352b311746a825213dad609713ecdc9eea [file] [log] [blame]
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]1input: {
2 subdomain: string
Giorgi Lekveishvili9d5e3f52024-03-13 15:02:50 +0400[diff] [blame]3 ipSubnet: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]4}
5
Giorgi Lekveishvili03d6f4b2024-03-08 13:05:21 +0400[diff] [blame]6name: "headscale"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]7namespace: "app-headscale"
giod809aa72024-04-26 14:11:06 +0400[diff] [blame]8icon: "<svg xmlns='http://www.w3.org/2000/svg' width='50' height='50' viewBox='0 0 48 48'><circle cx='24' cy='24' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='10' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='10' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='10' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='38' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='38' r='4.5' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='2' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='24' r='2' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='2' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='2' fill='none' stroke='black' stroke-linecap='round' stroke-linejoin='round'/></svg>"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]9
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]10images: {
11 headscale: {
12 repository: "headscale"
13 name: "headscale"
14 tag: "0.22.3"
15 pullPolicy: "IfNotPresent"
16 }
17 api: {
18 repository: "giolekva"
19 name: "headscale-api"
20 tag: "latest"
21 pullPolicy: "Always"
22 }
23}
24
25charts: {
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]26 oauth2Client: {
giof8843412024-05-22 16:38:05 +0400[diff] [blame]27 kind: "GitRepository"
28 address: "https://github.com/giolekva/pcloud.git"
29 branch: "main"
30 path: "charts/oauth2-client"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]31 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]32 headscale: {
giof8843412024-05-22 16:38:05 +0400[diff] [blame]33 kind: "GitRepository"
34 address: "https://github.com/giolekva/pcloud.git"
35 branch: "main"
36 path: "charts/headscale"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]37 }
38}
39
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]40_domain: "\(input.subdomain).\(global.domain)"
41_oauth2ClientSecretName: "oauth2-client"
42
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]43helm: {
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]44 "oauth2-client": {
45 chart: charts.oauth2Client
46 // TODO(gio): remove once hydra maester is installed as part of dodo itself
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]47 dependsOn: [{
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]48 name: "auth"
49 namespace: "\(global.namespacePrefix)core-auth"
50 }]
51 values: {
52 name: "oauth2-client"
53 secretName: _oauth2ClientSecretName
54 grantTypes: ["authorization_code"]
55 responseTypes: ["code"]
56 scope: "openid profile email"
57 redirectUris: ["https://\(_domain)/oidc/callback"]
58 hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
59 }
60 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]61 headscale: {
62 chart: charts.headscale
Giorgi Lekveishvilia09fad72024-03-21 15:24:35 +0400[diff] [blame]63 dependsOn: [{
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]64 name: "auth"
65 namespace: "\(global.namespacePrefix)core-auth"
66 }]
67 values: {
68 image: {
69 repository: images.headscale.fullName
70 tag: images.headscale.tag
71 pullPolicy: images.headscale.pullPolicy
72 }
73 storage: size: "5Gi"
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]74 ingressClassName: ingressPublic
75 certificateIssuer: issuerPublic
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]76 domain: _domain
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]77 publicBaseDomain: global.domain
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]78 ipAddressPool: "\(global.id)-headscale"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]79 oauth2: {
80 secretName: _oauth2ClientSecretName
81 issuer: "https://hydra.\(global.domain)"
82 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]83 api: {
84 port: 8585
Giorgi Lekveishvili9d5e3f52024-03-13 15:02:50 +0400[diff] [blame]85 ipSubnet: input.ipSubnet
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]86 image: {
87 repository: images.api.fullName
88 tag: images.api.tag
89 pullPolicy: images.api.pullPolicy
90 }
91 }
92 ui: enabled: false
93 }
94 }
95}
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]96
97help: [{
98 title: "Install"
99 contents: """
100 You can install Tailscale client on any of your personal devices running: macOS, iOS, Windows, Lonux or Android. Installer packages can be found at: [https://tailscale.com/download](https://tailscale.com/download). After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account. See "Configure Login URL" section below for more details.
101 """
102 children: [{
103 title: "Widnows with MSI"
104 contents: "[https://tailscale.com/kb/1189/install-windows-msi](https://tailscale.com/kb/1189/install-windows-msi)"
105 }]
106}, {
107 title: "Configure Login URL"
108 contents: "After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account"
109 children: [{
110 title: "macOS"
gio1a20cbd2024-05-26 16:32:41 +0400[diff] [blame]111 contents: "[https://headscale.\(global.domain)/apple](https://headscale.\(global.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]112 }, {
113 title: "iOS"
gio1a20cbd2024-05-26 16:32:41 +0400[diff] [blame]114 contents: "[https://headscale.\(global.domain)/apple](https://headscale.\(global.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]115 }, {
116 title: "Windows"
117 contents: "[https://tailscale.com/kb/1318/windows-mdm](https://tailscale.com/kb/1318/windows-mdm)"
118 }, {
119 title: "Linux"
120 contents: "tailscale up --login-server https://\(_domain)"
121 }, {
122 title: "Android"
123 contents: """
124 After opening the app, the kebab menu icon (three dots) on the top bar on the right must be repeatedly opened and closed until the Change server option appears in the menu. This is where you can enter your headscale URL: https://\(_domain)
125
126 A screen recording of this process can be seen in the tailscale-android PR which implemented this functionality: [https://github.com/tailscale/tailscale-android/pull/55](https://github.com/tailscale/tailscale-android/pull/55)
127
128 After saving and restarting the app, selecting the regular Sign in option should open up the dodo: authentication page.
129 """
130 }, {
131 title: "Command Line"
132 contents: "tailscale up --login-server https://\(_domain)"
133 }]
134}]