58 lines
2.1 KiB
Text
58 lines
2.1 KiB
Text
Index: config-example.yaml
|
|
--- config-example.yaml.orig
|
|
+++ config-example.yaml
|
|
@@ -44,7 +44,7 @@ grpc_allow_insecure: false
|
|
# and Tailscale clients.
|
|
# The private key file will be autogenerated if it's missing.
|
|
#
|
|
-private_key_path: /var/lib/headscale/private.key
|
|
+private_key_path: ${SYSCONFDIR}/headscale/private.key
|
|
|
|
# The Noise section includes specific configuration for the
|
|
# TS2021 Noise protocol
|
|
@@ -53,7 +53,7 @@ noise:
|
|
# traffic between headscale and Tailscale clients when
|
|
# using the new Noise-based protocol. It must be different
|
|
# from the legacy private key.
|
|
- private_key_path: /var/lib/headscale/noise_private.key
|
|
+ private_key_path: ${SYSCONFDIR}/headscale/noise_private.key
|
|
|
|
# List of IP prefixes to allocate tailaddresses from.
|
|
# Each prefix consists of either an IPv4 or IPv6 address,
|
|
@@ -106,7 +106,8 @@ derp:
|
|
#
|
|
# paths:
|
|
# - /etc/headscale/derp-example.yaml
|
|
- paths: []
|
|
+ paths:
|
|
+ - ${SYSCONFDIR}/headscale/derp.yaml
|
|
|
|
# If enabled, a worker will be set up to periodically
|
|
# refresh the given sources and update the derpmap
|
|
@@ -132,7 +133,7 @@ node_update_check_interval: 10s
|
|
db_type: sqlite3
|
|
|
|
# For production:
|
|
-db_path: /var/lib/headscale/db.sqlite
|
|
+db_path: ${LOCALSTATEDIR}/db/headscale/db.sqlite
|
|
|
|
# # Postgres config
|
|
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
|
@@ -166,7 +167,7 @@ tls_letsencrypt_hostname: ""
|
|
# Path to store certificates and metadata needed by
|
|
# letsencrypt
|
|
# For production:
|
|
-tls_letsencrypt_cache_dir: /var/lib/headscale/cache
|
|
+tls_letsencrypt_cache_dir: ${LOCALSTATEDIR}/db/headscale/cache
|
|
|
|
# Type of ACME challenge to use, currently supported types:
|
|
# HTTP-01 or TLS-ALPN-01
|
|
@@ -256,7 +257,7 @@ dns_config:
|
|
|
|
# Unix socket used for the CLI to connect without authentication
|
|
# Note: for production you will want to set this to something like:
|
|
-unix_socket: /var/run/headscale/headscale.sock
|
|
+unix_socket: ${LOCALSTATEDIR}/run/headscale.sock
|
|
unix_socket_permission: "0770"
|
|
#
|
|
# headscale supports experimental OpenID connect support,
|