From c6a770bd1a6cab43ec4282043bf4f5d6e175c19c Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Tue, 2 Jan 2024 15:42:42 -0500
Subject: initial headscale foo & dns updates

---
 roles/vpn/templates/headscale.service.j2 | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 roles/vpn/templates/headscale.service.j2

(limited to 'roles/vpn/templates/headscale.service.j2')

diff --git a/roles/vpn/templates/headscale.service.j2 b/roles/vpn/templates/headscale.service.j2
new file mode 100644
index 0000000..46267f0
--- /dev/null
+++ b/roles/vpn/templates/headscale.service.j2
@@ -0,0 +1,26 @@
+[Unit]
+Description=headscale coordination server
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+Environment=GIN_MODE=release
+User={{ headscale_user_name }}
+Group={{ headscale_user_group }}
+ExecStart={{ headscale_binary_path }} serve
+ExecReload=kill -HUP $MAINPID
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths={{ headscale_var_data_dir }} {{ headscale_pid_dir }}
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RuntimeDirectory={{ headscale_user_name }}
+
+[Install]
+WantedBy=multi-user.target
-- 
cgit v1.2.3-70-g09d2