2 files changed, 6 insertions, 3 deletions

diff --git a/playbooks/roles/outbound/templates/headscale/config/config.yaml b/playbooks/roles/outbound/templates/headscale/config/config.yaml
index 6bfbfb9..2586848 100644
--- a/playbooks/roles/outbound/templates/headscale/config/config.yaml
+++ b/playbooks/roles/outbound/templates/headscale/config/config.yaml
@@ -135,11 +135,11 @@ unix_socket_permission: "0770"
 
 oidc:
   only_start_if_oidc_is_available: false
-  issuer: "https://{{ idm_domain }}"
+  issuer: "https://{{ idm_domain }}/oauth2/openid/headscale"
   client_id: "headscale"
   client_secret: "{{ headscale_oidc_secret }}"
 
-  scope: ["openid", "profile", "email"]
+  scope: ["openid", "profile", "email", "groups"]
   pkce:
     # Enable or disable PKCE support (default: false)
     enabled: true
@@ -150,7 +150,8 @@ oidc:
 
   allowed_domains:
     - {{ domain }}
-  allowed_users: {{ headscale_allowed_users }}
+  allowed_groups:
+    - vpn@{{ idm_domain }}
   strip_email_domain: true
 
 # Logtail configuration
diff --git a/playbooks/roles/outbound/templates/headscale/docker-compose.yml b/playbooks/roles/outbound/templates/headscale/docker-compose.yml
index ee140fb..04b3d9f 100644
--- a/playbooks/roles/outbound/templates/headscale/docker-compose.yml
+++ b/playbooks/roles/outbound/templates/headscale/docker-compose.yml
@@ -12,6 +12,7 @@ services:
     networks:
       - proxy
     environment:
+      - DEPLOYMENT_TIME={{ now() }}
       - VIRTUAL_HOST={{ headscale_host }}
       - VIRTUAL_PORT={{ headscale_port }}
       - LETSENCRYPT_HOST={{ headscale_host }}
@@ -28,6 +29,7 @@ services:
     networks:
       - proxy
     environment:
+      - DEPLOYMENT_TIME={{ now() }}
       - VIRTUAL_HOST={{ headscale_host }}
       - VIRTUAL_PORT={{ headscale_port }}
       - LETSENCRYPT_HOST={{ headscale_host }}