From 08e92ca3b8ee6c38c3e19126378e51b46cf63b16 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Mon, 11 Aug 2025 18:39:55 -0700
Subject: Oauth proxy and monitoring init

---
 .../outbound/templates/headscale/config/config.yaml      |  6 ++----
 .../outbound/templates/headscale/docker-compose.yml      | 16 ++++++++++------
 2 files changed, 12 insertions(+), 10 deletions(-)

(limited to 'playbooks/roles/outbound/templates/headscale')

diff --git a/playbooks/roles/outbound/templates/headscale/config/config.yaml b/playbooks/roles/outbound/templates/headscale/config/config.yaml
index 54657b2..078058e 100644
--- a/playbooks/roles/outbound/templates/headscale/config/config.yaml
+++ b/playbooks/roles/outbound/templates/headscale/config/config.yaml
@@ -7,7 +7,7 @@ listen_addr: '{{ headscale_listen_addr }}'
 # to keep this endpoint private to your internal
 # network
 #
-metrics_listen_addr: 127.0.0.1:9090
+metrics_listen_addr: '{{ headscale_metrics_listen_addr }}'
 
 # The Noise section includes specific configuration for the
 # TS2021 Noise protocol
@@ -122,9 +122,7 @@ dns:
   base_domain: "{{ headscale_base_domain }}"
   search_domains: []
   nameservers:
-    global:
-      - {{ headscale_dns_for_connected_clients_1 }}
-      - {{ headscale_dns_for_connected_clients_2 }}
+    global: {{ headscale_dns_for_connected_clients | tojson }}
     split:
 {% for user, m in mesh.items() %}
 {% if "split_vpn_dns_to" in m %}
diff --git a/playbooks/roles/outbound/templates/headscale/docker-compose.yml b/playbooks/roles/outbound/templates/headscale/docker-compose.yml
index 515630c..463db70 100644
--- a/playbooks/roles/outbound/templates/headscale/docker-compose.yml
+++ b/playbooks/roles/outbound/templates/headscale/docker-compose.yml
@@ -12,16 +12,19 @@ services:
     networks:
       - proxy
     environment:
-      - DEPLOYMENT_TIME={{ deployment_time }}
-      - VIRTUAL_HOST={{ headscale_host }}
-      - VIRTUAL_PORT={{ headscale_port }}
-      - LETSENCRYPT_HOST={{ headscale_host }}
+      DEPLOYMENT_TIME: "{{ deployment_time }}"
+      VIRTUAL_HOST_MULTIPORTS: |-
+        {{ headscale_host }}:
+          "/":
+            port: {{ headscale_port }}
+          "/metrics":
+            port: {{ headscale_metrics_port }}
 {% if homelab_build %}
     healthcheck:
       disable: true
 {% else %}
     healthcheck:
-      test: ["CMD", "wget", "-qO", "-", "http://localhost:{{ headscale_port }}/health"] 
+      test: ["CMD", "wget", "-qO", "-", "http://localhost:{{ headscale_port }}/health"]
       interval: 10s
       timeout: 5s
       retries: 3
@@ -34,11 +37,12 @@ services:
     networks:
       - proxy
     environment:
+      - TZ={{ timezone }}
       - DEPLOYMENT_TIME={{ deployment_time }}
       - VIRTUAL_HOST={{ headscale_host }}
       - VIRTUAL_PORT={{ headscale_port }}
       - LETSENCRYPT_HOST={{ headscale_host }}
-      - VIRTUAL_PATH=/web/ 
+      - VIRTUAL_PATH=/web/
       - VIRTUAL_DEST=/web/
 
 networks:
-- 
cgit v1.2.3-70-g09d2