Add support for service reload and sync service file (#2102)
* Add support for service reload and sync service file * Copy the systemd.service file to the manual linux docs and adjust the path to the headscale binary to match with the previous documentation blocks. Unfortunately, there seems to be no easy way to include a file in mkdocs. * Remove a redundant "deprecation" block. The beginning of the documentation already states that. * Add `ExecReload` to the systemd.service file. Fixes: #2016 * Its called systemd * Fix link to systemd homepage
This commit is contained in:
parent
e43d6a0361
commit
35bfe7ced0
4 changed files with 11 additions and 38 deletions
|
@ -9,6 +9,7 @@ Type=simple
|
||||||
User=headscale
|
User=headscale
|
||||||
Group=headscale
|
Group=headscale
|
||||||
ExecStart=/usr/bin/headscale serve
|
ExecStart=/usr/bin/headscale serve
|
||||||
|
ExecReload=/usr/bin/kill -HUP $MAINPID
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=5
|
RestartSec=5
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
## Goal
|
## Goal
|
||||||
|
|
||||||
This documentation has the goal of showing a user how-to set up and run `headscale` on Linux.
|
This documentation has the goal of showing a user how-to set up and run `headscale` on Linux.
|
||||||
In additional to the "get up and running section", there is an optional [SystemD section](#running-headscale-in-the-background-with-systemd)
|
In additional to the "get up and running section", there is an optional [systemd section](#running-headscale-in-the-background-with-systemd)
|
||||||
describing how to make `headscale` run properly in a server environment.
|
describing how to make `headscale` run properly in a server environment.
|
||||||
|
|
||||||
## Configure and run `headscale`
|
## Configure and run `headscale`
|
||||||
|
@ -66,7 +66,7 @@ describing how to make `headscale` run properly in a server environment.
|
||||||
To continue the tutorial, open a new terminal and let it run in the background.
|
To continue the tutorial, open a new terminal and let it run in the background.
|
||||||
Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux) or [screen](https://www.gnu.org/software/screen/).
|
Alternatively use terminal emulators like [tmux](https://github.com/tmux/tmux) or [screen](https://www.gnu.org/software/screen/).
|
||||||
|
|
||||||
To run `headscale` in the background, please follow the steps in the [SystemD section](#running-headscale-in-the-background-with-systemd) before continuing.
|
To run `headscale` in the background, please follow the steps in the [systemd section](#running-headscale-in-the-background-with-systemd) before continuing.
|
||||||
|
|
||||||
1. Verify `headscale` is running:
|
1. Verify `headscale` is running:
|
||||||
Verify `headscale` is available:
|
Verify `headscale` is available:
|
||||||
|
@ -109,42 +109,14 @@ This will return a pre-authenticated key that can be used to connect a node to `
|
||||||
tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
|
tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Running `headscale` in the background with SystemD
|
## Running `headscale` in the background with systemd
|
||||||
|
|
||||||
:warning: **Deprecated**: This part is very outdated and you should use the [pre-packaged Headscale for this](./running-headscale-linux.md)
|
This section demonstrates how to run `headscale` as a service in the background with [systemd](https://systemd.io/).
|
||||||
|
|
||||||
This section demonstrates how to run `headscale` as a service in the background with [SystemD](https://www.freedesktop.org/wiki/Software/systemd/).
|
|
||||||
This should work on most modern Linux distributions.
|
This should work on most modern Linux distributions.
|
||||||
|
|
||||||
1. Create a SystemD service configuration at `/etc/systemd/system/headscale.service` containing:
|
1. Copy [headscale's systemd service file](./packaging/headscale.systemd.service) to
|
||||||
|
`/etc/systemd/system/headscale.service` and adjust it to suit your local setup. The following parameters likely need
|
||||||
```systemd
|
to be modified: `ExecStart`, `WorkingDirectory`, `ReadWritePaths`.
|
||||||
[Unit]
|
|
||||||
Description=headscale controller
|
|
||||||
After=syslog.target
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=simple
|
|
||||||
User=headscale
|
|
||||||
Group=headscale
|
|
||||||
ExecStart=/usr/local/bin/headscale serve
|
|
||||||
Restart=always
|
|
||||||
RestartSec=5
|
|
||||||
|
|
||||||
# Optional security enhancements
|
|
||||||
NoNewPrivileges=yes
|
|
||||||
PrivateTmp=yes
|
|
||||||
ProtectSystem=strict
|
|
||||||
ProtectHome=yes
|
|
||||||
WorkingDirectory=/var/lib/headscale
|
|
||||||
ReadWritePaths=/var/lib/headscale /var/run/headscale
|
|
||||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
||||||
RuntimeDirectory=headscale
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
```
|
|
||||||
|
|
||||||
Note that when running as the headscale user ensure that, either you add your current user to the headscale group:
|
Note that when running as the headscale user ensure that, either you add your current user to the headscale group:
|
||||||
|
|
||||||
|
@ -164,7 +136,7 @@ This should work on most modern Linux distributions.
|
||||||
unix_socket: /var/run/headscale/headscale.sock
|
unix_socket: /var/run/headscale/headscale.sock
|
||||||
```
|
```
|
||||||
|
|
||||||
1. Reload SystemD to load the new configuration file:
|
1. Reload systemd to load the new configuration file:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
Get Headscale up and running.
|
Get Headscale up and running.
|
||||||
|
|
||||||
This includes running Headscale with SystemD.
|
This includes running Headscale with systemd.
|
||||||
|
|
||||||
## Migrating from manual install
|
## Migrating from manual install
|
||||||
|
|
||||||
|
|
|
@ -86,7 +86,7 @@ func TestResolveMagicDNS(t *testing.T) {
|
||||||
// All the containers are based on Alpine, meaning Tailscale
|
// All the containers are based on Alpine, meaning Tailscale
|
||||||
// will overwrite the resolv.conf file.
|
// will overwrite the resolv.conf file.
|
||||||
// On other platform, Tailscale will integrate with a dns manager
|
// On other platform, Tailscale will integrate with a dns manager
|
||||||
// if available (like Systemd-Resolved).
|
// if available (like systemd-resolved).
|
||||||
func TestValidateResolvConf(t *testing.T) {
|
func TestValidateResolvConf(t *testing.T) {
|
||||||
IntegrationSkip(t)
|
IntegrationSkip(t)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue