-
Notifications
You must be signed in to change notification settings - Fork 11
Expand file tree
/
Copy pathheadscale.conf
More file actions
194 lines (175 loc) · 6.1 KB
/
headscale.conf
File metadata and controls
194 lines (175 loc) · 6.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
# Headscale + Headplane Configuration for kejilion/apps
# Official: https://github.com/juanfont/headscale
# UI: https://github.com/tale/headplane
# Self-hosted Tailscale control server with Web management UI (auto-configured)
# --- 基础信息 / Basic Information ---
local app_id="headscale"
local app_name="Headscale"
local app_text="自托管 Tailscale 控制服务器 + Web管理面板,基于 WireGuard 的 Mesh VPN 组网"
local app_url="https://github.com/juanfont/headscale"
local docker_name="headscale"
local docker_port="${docker_port:-8080}"
local app_size="1"
# --- 核心逻辑 / Core Logic ---
docker_app_install() {
local app_dir="/home/docker/headscale"
local ui_port=$((docker_port + 1))
mkdir -p "${app_dir}/config" "${app_dir}/lib" "${app_dir}/headplane-data"
cd "${app_dir}" || return 1
# 获取服务器公网 IP
local server_ip
server_ip=$(curl -s4 ip.sb 2>/dev/null || curl -s4 ifconfig.me 2>/dev/null || echo "127.0.0.1")
# 生成 cookie_secret (32字符)
local cookie_secret
cookie_secret=$(openssl rand -base64 24 2>/dev/null || head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
# 尝试下载官方配置模板,失败则内联生成最小配置
curl -sL --max-time 10 -o config/config.yaml "${gh_proxy}https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml" 2>/dev/null
if [ ! -s config/config.yaml ]; then
curl -sL --max-time 10 -o config/config.yaml "https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml" 2>/dev/null
fi
if [ ! -s config/config.yaml ]; then
cat > config/config.yaml <<CFGEOF
server_url: http://${server_ip}:${docker_port}
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 0.0.0.0:50443
grpc_allow_insecure: false
noise:
private_key_path: /var/lib/headscale/noise_private.key
prefixes:
v4: 100.64.0.0/10
v6: fd7a:115c:a1e0::/48
allocation: sequential
derp:
server:
enabled: true
region_id: 999
region_code: "headscale"
region_name: "Headscale Embedded DERP"
stun_listen_addr: "0.0.0.0:3478"
urls:
- https://controlplane.tailscale.com/derpmap/default
auto_update_enabled: true
update_frequency: 24h
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
database:
type: sqlite
sqlite:
path: /var/lib/headscale/db.sqlite
log:
level: info
CFGEOF
else
sed -i "s|server_url: http://127.0.0.1:8080|server_url: http://${server_ip}:${docker_port}|g" config/config.yaml
sed -i "s|listen_addr: 127.0.0.1:8080|listen_addr: 0.0.0.0:8080|g" config/config.yaml
sed -i "s|metrics_listen_addr: 127.0.0.1:9090|metrics_listen_addr: 0.0.0.0:9090|g" config/config.yaml
sed -i "s|grpc_listen_addr: 127.0.0.1:50443|grpc_listen_addr: 0.0.0.0:50443|g" config/config.yaml
fi
# 生成 docker-compose.yml(Headscale + Headplane 双容器)
cat > docker-compose.yml <<YML
services:
headscale:
image: headscale/headscale:latest
container_name: headscale
restart: unless-stopped
ports:
- "${docker_port}:8080"
- "3478:3478/udp"
- "9090:9090"
volumes:
- ${app_dir}/config:/etc/headscale:ro
- ${app_dir}/lib:/var/lib/headscale
read_only: true
tmpfs:
- /var/run/headscale
command: serve
healthcheck:
test: ["CMD", "headscale", "health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 15s
headplane:
image: ghcr.io/tale/headplane:latest
container_name: headplane
restart: unless-stopped
ports:
- "${ui_port}:3000"
volumes:
- ${app_dir}/headplane-config.yaml:/etc/headplane/config.yaml:ro
- ${app_dir}/headplane-data:/var/lib/headplane
- ${app_dir}/config/config.yaml:/etc/headscale/config.yaml:ro
depends_on:
headscale:
condition: service_healthy
YML
# 先启动 headscale
docker compose up -d headscale
echo ""
echo "等待 Headscale 启动..."
sleep 10
# 生成 API Key
local api_key
api_key=$(docker exec headscale headscale apikeys create 2>/dev/null | grep -v "^$" | tail -1)
# 生成 Headplane 配置文件(自动配对 headscale)
cat > headplane-config.yaml <<HPEOF
server:
host: "0.0.0.0"
port: 3000
base_url: "http://${server_ip}:${ui_port}"
cookie_secret: "${cookie_secret}"
cookie_secure: false
cookie_max_age: 604800
data_path: "/var/lib/headplane"
headscale:
url: "http://headscale:8080"
public_url: "http://${server_ip}:${docker_port}"
config_path: "/etc/headscale/config.yaml"
api_key: "${api_key}"
HPEOF
# 启动 headplane
docker compose up -d headplane
sleep 5
echo ""
echo "========================================"
echo " Headscale + Headplane 安装完成"
echo "========================================"
echo ""
echo " Web 管理面板: http://${server_ip}:${ui_port}/admin"
echo " Headscale API: http://${server_ip}:${docker_port}"
echo ""
echo " 登录 API Key(已自动配对,请保存):"
echo " ${api_key}"
echo ""
echo " 打开面板后输入上方 API Key 即可登录"
echo " 服务端已自动配对,无需手动填写 URL"
echo ""
echo " 配置文件: ${app_dir}/config/config.yaml"
echo " 数据目录: ${app_dir}/lib"
echo "========================================"
echo ""
echo " 客户端连接 (在其他机器上):"
echo " 1. 安装 Tailscale 客户端"
echo " 2. tailscale up --login-server=http://${server_ip}:${docker_port}"
echo " 3. 在 Web 面板中管理节点"
echo ""
echo " 提示: 生产环境建议配置域名 + HTTPS 反代"
echo "========================================"
echo ""
check_docker_app_ip
}
docker_app_update() {
cd /home/docker/headscale || return 1
docker compose pull
docker compose up -d
echo "更新完成 / Update Complete"
}
docker_app_uninstall() {
cd /home/docker/headscale || return 1
docker compose down --rmi all
rm -rf /home/docker/headscale
echo "卸载完成 / Uninstall Complete"
}
# --- 注册 (必须包含) / Registration (Mandatory) ---
docker_app_plus