Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 69ff759f4e5bafc74f80cb2b72e4e417ec2edbbb / . / core / installer / values-tmpl / headscale.cue
blob: 9bb23957551d46b03cd7306cd48dd490560fa83b [file] [log] [blame]
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]1input: {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]2 network: #Network
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]3 subdomain: string
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]4 ipSubnet: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]5}
6
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]7name: "headscale"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]8namespace: "app-headscale"
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]9icon: "<svg xmlns='http://www.w3.org/2000/svg' width='50' height='50' viewBox='0 0 48 48'><circle cx='24' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/></svg>"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]10
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]11_domain: "\(input.subdomain).\(input.network.domain)"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]12_oauth2ClientSecretName: "oauth2-client"
13
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]14out: {
15 images: {
16 headscale: {
17 repository: "headscale"
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]18 name: "headscale"
19 tag: "0.25.1"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]20 pullPolicy: "IfNotPresent"
21 }
22 api: {
23 repository: "giolekva"
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]24 name: "headscale-api"
25 tag: "latest"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]26 pullPolicy: "Always"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]27 }
28 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]29
30 charts: {
31 oauth2Client: {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]32 kind: "GitRepository"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]33 address: "https://code.v1.dodo.cloud/helm-charts"
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]34 branch: "main"
35 path: "charts/oauth2-client"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]36 }
37 headscale: {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]38 kind: "GitRepository"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]39 address: "https://code.v1.dodo.cloud/helm-charts"
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]40 branch: "main"
41 path: "charts/headscale"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]42 }
43 }
44
45 helm: {
46 "oauth2-client": {
47 chart: charts.oauth2Client
48 // TODO(gio): remove once hydra maester is installed as part of dodo itself
49 dependsOn: [{
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]50 name: "auth"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]51 namespace: "\(global.namespacePrefix)core-auth"
52 }]
53 values: {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]54 name: "\(release.namespace)-headscale"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]55 secretName: _oauth2ClientSecretName
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]56 grantTypes: ["authorization_code"]
57 responseTypes: ["code"]
58 scope: "openid profile email"
59 redirectUris: ["https://\(_domain)/oidc/callback"]
60 hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]61 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]62 }
63 headscale: {
64 chart: charts.headscale
65 dependsOn: [{
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]66 name: "auth"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]67 namespace: "\(global.namespacePrefix)core-auth"
68 }]
69 values: {
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]70 image: {
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]71 repository: images.headscale.fullName
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]72 tag: images.headscale.tag
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]73 pullPolicy: images.headscale.pullPolicy
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]74 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]75 storage: size: "5Gi"
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]76 ingressClassName: input.network.ingressClass
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]77 certificateIssuer: input.network.certificateIssuer
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]78 domain: _domain
79 publicBaseDomain: input.network.domain
80 ipAddressPool: "\(global.id)-headscale"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]81 oauth2: {
82 secretName: _oauth2ClientSecretName
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]83 issuer: "https://hydra.\(input.network.domain)"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]84 }
85 api: {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]86 port: 8585
87 ipSubnet: input.ipSubnet
88 self: "http://headscale-api.\(release.namespace).svc.cluster"
gio2f9ed202024-10-06 17:47:00 +0400[diff] [blame]89 fetchUsersAddr: "http://memberships-api.\(global.namespacePrefix)core-auth-memberships.svc.cluster.local/api/users"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]90 image: {
91 repository: images.api.fullName
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]92 tag: images.api.tag
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]93 pullPolicy: images.api.pullPolicy
94 }
95 }
96 ui: enabled: false
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]97 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]98 }
99 }
100}
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]101
102help: [{
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]103 title: "Install"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]104 contents: """
105 You can install Tailscale client on any of your personal devices running: macOS, iOS, Windows, Lonux or Android. Installer packages can be found at: [https://tailscale.com/download](https://tailscale.com/download). After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account. See "Configure Login URL" section below for more details.
106 """
107 children: [{
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]108 title: "Widnows with MSI"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]109 contents: "[https://tailscale.com/kb/1189/install-windows-msi](https://tailscale.com/kb/1189/install-windows-msi)"
110 }]
111}, {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]112 title: "Configure Login URL"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]113 contents: "After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account"
114 children: [{
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]115 title: "macOS"
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]116 contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]117 }, {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]118 title: "iOS"
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]119 contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]120 }, {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]121 title: "Windows"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]122 contents: "[https://tailscale.com/kb/1318/windows-mdm](https://tailscale.com/kb/1318/windows-mdm)"
123 }, {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]124 title: "Linux"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]125 contents: "tailscale up --login-server https://\(_domain)"
126 }, {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]127 title: "Android"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]128 contents: """
129 After opening the app, the kebab menu icon (three dots) on the top bar on the right must be repeatedly opened and closed until the Change server option appears in the menu. This is where you can enter your headscale URL: https://\(_domain)
130
131 A screen recording of this process can be seen in the tailscale-android PR which implemented this functionality: [https://github.com/tailscale/tailscale-android/pull/55](https://github.com/tailscale/tailscale-android/pull/55)
132
133 After saving and restarting the app, selecting the regular Sign in option should open up the dodo: authentication page.
134 """
135 }, {
gio9bd87ca2025-04-20 08:05:34 +0400[diff] [blame]136 title: "Command Line"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]137 contents: "tailscale up --login-server https://\(_domain)"
138 }]
139}]