Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / dcd9fefca814cd6cb997d2da9b00b4356589aee3 / . / core / installer / values-tmpl / headscale.cue
blob: fdbcb5a88185fdad67a5aff47b46f6cf25f69f20 [file] [log] [blame]
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]1input: {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]2 network: #Network
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]3 subdomain: string
Giorgi Lekveishvili9d5e3f52024-03-13 15:02:50 +0400[diff] [blame]4 ipSubnet: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]5}
6
Giorgi Lekveishvili03d6f4b2024-03-08 13:05:21 +0400[diff] [blame]7name: "headscale"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]8namespace: "app-headscale"
Davit Tabidze9ca49262024-07-10 15:51:27 +0400[diff] [blame]9icon: "<svg xmlns='http://www.w3.org/2000/svg' width='50' height='50' viewBox='0 0 48 48'><circle cx='24' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/></svg>"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]10
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]11_domain: "\(input.subdomain).\(input.network.domain)"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]12_oauth2ClientSecretName: "oauth2-client"
13
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]14out: {
15 images: {
16 headscale: {
17 repository: "headscale"
18 name: "headscale"
19 tag: "0.22.3"
20 pullPolicy: "IfNotPresent"
21 }
22 api: {
23 repository: "giolekva"
24 name: "headscale-api"
25 tag: "latest"
26 pullPolicy: "Always"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]27 }
28 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]29
30 charts: {
31 oauth2Client: {
32 kind: "GitRepository"
33 address: "https://code.v1.dodo.cloud/helm-charts"
34 branch: "main"
35 path: "charts/oauth2-client"
36 }
37 headscale: {
38 kind: "GitRepository"
39 address: "https://code.v1.dodo.cloud/helm-charts"
40 branch: "main"
41 path: "charts/headscale"
42 }
43 }
44
45 helm: {
46 "oauth2-client": {
47 chart: charts.oauth2Client
48 // TODO(gio): remove once hydra maester is installed as part of dodo itself
49 dependsOn: [{
50 name: "auth"
51 namespace: "\(global.namespacePrefix)core-auth"
52 }]
53 values: {
54 name: "\(release.namespace)-headscale"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]55 secretName: _oauth2ClientSecretName
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]56 grantTypes: ["authorization_code"]
57 responseTypes: ["code"]
58 scope: "openid profile email"
59 redirectUris: ["https://\(_domain)/oidc/callback"]
60 hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]61 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]62 }
63 headscale: {
64 chart: charts.headscale
65 dependsOn: [{
66 name: "auth"
67 namespace: "\(global.namespacePrefix)core-auth"
68 }]
69 values: {
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]70 image: {
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]71 repository: images.headscale.fullName
72 tag: images.headscale.tag
73 pullPolicy: images.headscale.pullPolicy
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]74 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]75 storage: size: "5Gi"
76 ingressClassName: input.network.ingressClass
77 certificateIssuer: input.network.certificateIssuer
78 domain: _domain
79 publicBaseDomain: input.network.domain
80 ipAddressPool: "\(global.id)-headscale"
81 oauth2: {
82 secretName: _oauth2ClientSecretName
83 issuer: "https://hydra.\(input.network.domain)"
84 }
85 api: {
86 port: 8585
87 ipSubnet: input.ipSubnet
88 self: "http://headscale-api.\(release.namespace).svc.cluster/sync-users"
89 image: {
90 repository: images.api.fullName
91 tag: images.api.tag
92 pullPolicy: images.api.pullPolicy
93 }
94 }
95 ui: enabled: false
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]96 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]97 }
98 }
99}
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]100
101help: [{
102 title: "Install"
103 contents: """
104 You can install Tailscale client on any of your personal devices running: macOS, iOS, Windows, Lonux or Android. Installer packages can be found at: [https://tailscale.com/download](https://tailscale.com/download). After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account. See "Configure Login URL" section below for more details.
105 """
106 children: [{
107 title: "Widnows with MSI"
108 contents: "[https://tailscale.com/kb/1189/install-windows-msi](https://tailscale.com/kb/1189/install-windows-msi)"
109 }]
110}, {
111 title: "Configure Login URL"
112 contents: "After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account"
113 children: [{
114 title: "macOS"
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]115 contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]116 }, {
117 title: "iOS"
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]118 contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]119 }, {
120 title: "Windows"
121 contents: "[https://tailscale.com/kb/1318/windows-mdm](https://tailscale.com/kb/1318/windows-mdm)"
122 }, {
123 title: "Linux"
124 contents: "tailscale up --login-server https://\(_domain)"
125 }, {
126 title: "Android"
127 contents: """
128 After opening the app, the kebab menu icon (three dots) on the top bar on the right must be repeatedly opened and closed until the Change server option appears in the menu. This is where you can enter your headscale URL: https://\(_domain)
129
130 A screen recording of this process can be seen in the tailscale-android PR which implemented this functionality: [https://github.com/tailscale/tailscale-android/pull/55](https://github.com/tailscale/tailscale-android/pull/55)
131
132 After saving and restarting the app, selecting the regular Sign in option should open up the dodo: authentication page.
133 """
134 }, {
135 title: "Command Line"
136 contents: "tailscale up --login-server https://\(_domain)"
137 }]
138}]