Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / ff0ee0f02dfac596bbcdbe734605fa4f34f31a76 / . / core / installer / values-tmpl / headscale.cue
blob: fb146ed8cf2620de7b0197bba8366e03a7db6993 [file] [log] [blame]
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]1input: {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]2 network: #Network
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]3 subdomain: string
Giorgi Lekveishvili9d5e3f52024-03-13 15:02:50 +0400[diff] [blame]4 ipSubnet: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]5}
6
Giorgi Lekveishvili03d6f4b2024-03-08 13:05:21 +0400[diff] [blame]7name: "headscale"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]8namespace: "app-headscale"
Davit Tabidze9ca49262024-07-10 15:51:27 +0400[diff] [blame]9icon: "<svg xmlns='http://www.w3.org/2000/svg' width='50' height='50' viewBox='0 0 48 48'><circle cx='24' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='10' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='38' r='4.5' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='38' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='24' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='10' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/><circle cx='38' cy='24' r='2' fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round'/></svg>"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]10
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]11_domain: "\(input.subdomain).\(input.network.domain)"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]12_oauth2ClientSecretName: "oauth2-client"
13
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]14out: {
15 images: {
16 headscale: {
17 repository: "headscale"
18 name: "headscale"
19 tag: "0.22.3"
20 pullPolicy: "IfNotPresent"
21 }
22 api: {
23 repository: "giolekva"
24 name: "headscale-api"
25 tag: "latest"
26 pullPolicy: "Always"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]27 }
28 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]29
30 charts: {
31 oauth2Client: {
32 kind: "GitRepository"
33 address: "https://code.v1.dodo.cloud/helm-charts"
34 branch: "main"
35 path: "charts/oauth2-client"
36 }
37 headscale: {
38 kind: "GitRepository"
39 address: "https://code.v1.dodo.cloud/helm-charts"
40 branch: "main"
41 path: "charts/headscale"
42 }
43 }
44
45 helm: {
46 "oauth2-client": {
47 chart: charts.oauth2Client
48 // TODO(gio): remove once hydra maester is installed as part of dodo itself
49 dependsOn: [{
50 name: "auth"
51 namespace: "\(global.namespacePrefix)core-auth"
52 }]
53 values: {
54 name: "\(release.namespace)-headscale"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]55 secretName: _oauth2ClientSecretName
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]56 grantTypes: ["authorization_code"]
57 responseTypes: ["code"]
58 scope: "openid profile email"
59 redirectUris: ["https://\(_domain)/oidc/callback"]
60 hydraAdmin: "http://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
Giorgi Lekveishvili0c6b3242024-03-14 15:31:08 +0400[diff] [blame]61 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]62 }
63 headscale: {
64 chart: charts.headscale
65 dependsOn: [{
66 name: "auth"
67 namespace: "\(global.namespacePrefix)core-auth"
68 }]
69 values: {
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]70 image: {
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]71 repository: images.headscale.fullName
72 tag: images.headscale.tag
73 pullPolicy: images.headscale.pullPolicy
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]74 }
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]75 storage: size: "5Gi"
76 ingressClassName: input.network.ingressClass
77 certificateIssuer: input.network.certificateIssuer
78 domain: _domain
79 publicBaseDomain: input.network.domain
80 ipAddressPool: "\(global.id)-headscale"
81 oauth2: {
82 secretName: _oauth2ClientSecretName
83 issuer: "https://hydra.\(input.network.domain)"
84 }
85 api: {
86 port: 8585
87 ipSubnet: input.ipSubnet
gio2f9ed202024-10-06 17:47:00 +0400[diff] [blame]88 self: "http://headscale-api.\(release.namespace).svc.cluster"
89 fetchUsersAddr: "http://memberships-api.\(global.namespacePrefix)core-auth-memberships.svc.cluster.local/api/users"
gio7fbd4ad2024-08-27 10:06:39 +0400[diff] [blame]90 image: {
91 repository: images.api.fullName
92 tag: images.api.tag
93 pullPolicy: images.api.pullPolicy
94 }
95 }
96 ui: enabled: false
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]97 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]98 }
99 }
100}
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]101
102help: [{
103 title: "Install"
104 contents: """
105 You can install Tailscale client on any of your personal devices running: macOS, iOS, Windows, Lonux or Android. Installer packages can be found at: [https://tailscale.com/download](https://tailscale.com/download). After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account. See "Configure Login URL" section below for more details.
106 """
107 children: [{
108 title: "Widnows with MSI"
109 contents: "[https://tailscale.com/kb/1189/install-windows-msi](https://tailscale.com/kb/1189/install-windows-msi)"
110 }]
111}, {
112 title: "Configure Login URL"
113 contents: "After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account"
114 children: [{
115 title: "macOS"
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]116 contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]117 }, {
118 title: "iOS"
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]119 contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
gio09a3e5b2024-04-26 14:11:06 +0400[diff] [blame]120 }, {
121 title: "Windows"
122 contents: "[https://tailscale.com/kb/1318/windows-mdm](https://tailscale.com/kb/1318/windows-mdm)"
123 }, {
124 title: "Linux"
125 contents: "tailscale up --login-server https://\(_domain)"
126 }, {
127 title: "Android"
128 contents: """
129 After opening the app, the kebab menu icon (three dots) on the top bar on the right must be repeatedly opened and closed until the Change server option appears in the menu. This is where you can enter your headscale URL: https://\(_domain)
130
131 A screen recording of this process can be seen in the tailscale-android PR which implemented this functionality: [https://github.com/tailscale/tailscale-android/pull/55](https://github.com/tailscale/tailscale-android/pull/55)
132
133 After saving and restarting the app, selecting the regular Sign in option should open up the dodo: authentication page.
134 """
135 }, {
136 title: "Command Line"
137 contents: "tailscale up --login-server https://\(_domain)"
138 }]
139}]