From 9790831afb23334a1f2c76faa79bf9db81b56867 Mon Sep 17 00:00:00 2001 From: Kristoffer Dalby Date: Wed, 16 Nov 2022 14:50:59 +0100 Subject: [PATCH] Make config example "local dev first" Signed-off-by: Kristoffer Dalby --- config-example.yaml | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/config-example.yaml b/config-example.yaml index 0f17fb8..96a267b 100644 --- a/config-example.yaml +++ b/config-example.yaml @@ -38,7 +38,10 @@ grpc_allow_insecure: false # Private key used to encrypt the traffic between headscale # and Tailscale clients. # The private key file will be autogenerated if it's missing. -private_key_path: /var/lib/headscale/private.key +# +# For production: +# /var/lib/headscale/private.key +private_key_path: ./private.key # The Noise section includes specific configuration for the # TS2021 Noise protocol @@ -47,7 +50,10 @@ noise: # traffic between headscale and Tailscale clients when # using the new Noise-based protocol. It must be different # from the legacy private key. - private_key_path: /var/lib/headscale/noise_private.key + # + # For production: + # private_key_path: /var/lib/headscale/noise_private.key + private_key_path: ./noise_private.key # List of IP prefixes to allocate tailaddresses from. # Each prefix consists of either an IPv4 or IPv6 address, @@ -119,7 +125,10 @@ node_update_check_interval: 10s # SQLite config db_type: sqlite3 -db_path: /var/lib/headscale/db.sqlite + +# For production: +# db_path: /var/lib/headscale/db.sqlite +db_path: ./db.sqlite # # Postgres config # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. @@ -156,7 +165,9 @@ tls_client_auth_mode: relaxed # Path to store certificates and metadata needed by # letsencrypt -tls_letsencrypt_cache_dir: /var/lib/headscale/cache +# For production: +# tls_letsencrypt_cache_dir: /var/lib/headscale/cache +tls_letsencrypt_cache_dir: ./cache # Type of ACME challenge to use, currently supported types: # HTTP-01 or TLS-ALPN-01 @@ -222,9 +233,9 @@ dns_config: base_domain: example.com # Unix socket used for the CLI to connect without authentication -# Note: for local development, you probably want to change this to: -# unix_socket: ./headscale.sock -unix_socket: /var/run/headscale.sock +# Note: for production you will want to set this to something like: +# unix_socket: /var/run/headscale.sock +unix_socket: ./headscale.sock unix_socket_permission: "0770" # # headscale supports experimental OpenID connect support,