initial headscale foo & dns updates

author: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-01-02 15:42:42 -0500
committer: Elizabeth Hunt <elizabeth.hunt@simponic.xyz> 2024-01-02 15:42:42 -0500
commit: c6a770bd1a6cab43ec4282043bf4f5d6e175c19c (patch)
tree: a478467aeeb1d3ab47c07cdbacaa7f0a58f1f584 /roles/vpn/templates/headscale.service.j2
parent: 1f9f2b7608d3915d2f8a3a556db19c27040d3a4d (diff)
download: oldinfra-c6a770bd1a6cab43ec4282043bf4f5d6e175c19c.tar.gz
oldinfra-c6a770bd1a6cab43ec4282043bf4f5d6e175c19c.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/vpn/templates/headscale.service.j2 b/roles/vpn/templates/headscale.service.j2
new file mode 100644
index 0000000..46267f0
--- /dev/null
+++ b/roles/vpn/templates/headscale.service.j2
@@ -0,0 +1,26 @@
+[Unit]
+Description=headscale coordination server
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+Environment=GIN_MODE=release
+User={{ headscale_user_name }}
+Group={{ headscale_user_group }}
+ExecStart={{ headscale_binary_path }} serve
+ExecReload=kill -HUP $MAINPID
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths={{ headscale_var_data_dir }} {{ headscale_pid_dir }}
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RuntimeDirectory={{ headscale_user_name }}
+
+[Install]
+WantedBy=multi-user.target
author	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-01-02 15:42:42 -0500
committer	Elizabeth Hunt <elizabeth.hunt@simponic.xyz>	2024-01-02 15:42:42 -0500
commit	c6a770bd1a6cab43ec4282043bf4f5d6e175c19c (patch)
tree	a478467aeeb1d3ab47c07cdbacaa7f0a58f1f584 /roles/vpn/templates/headscale.service.j2
parent	1f9f2b7608d3915d2f8a3a556db19c27040d3a4d (diff)
download	oldinfra-c6a770bd1a6cab43ec4282043bf4f5d6e175c19c.tar.gz oldinfra-c6a770bd1a6cab43ec4282043bf4f5d6e175c19c.zip