# # ============================================================================= # GENERAL CONFIGURATION # ============================================================================= # APP_NAME = name of application for use in scripts # COMPOSE_FILE = default for no app_name in docker-compose file name, app if there is # BACKUP = if true, include this application in backup operations # HEALTHCHECK = if true, default docker health checks for that container will be enabled # BASIC_AUTH_PASS = password for the headscale-ui basic auth; auto-generated, fed to the compose via HEADSCALE_BASIC_AUTH_PASS_TAG # MONITORING = if true, export this app's metrics to Prometheus + Grafana (needs both apps installed) # CFG_HEADSCALE_APP_NAME=headscale CFG_HEADSCALE_BACKUP=true CFG_HEADSCALE_COMPOSE_FILE=default CFG_HEADSCALE_HEALTHCHECK=true CFG_HEADSCALE_BASIC_AUTH_PASS=RANDOMIZEDPASSWORD1 CFG_HEADSCALE_MONITORING=false # # ============================================================================= # METADATA # ============================================================================= # CATEGORY = application category for grouping # TITLE = display name for the application # DESCRIPTION = short description of the application # LONG_DESCRIPTION = detailed description of the application # URL = source repository or documentation URL # ACTIONS = available actions for this application # CFG_HEADSCALE_CATEGORY="networking" CFG_HEADSCALE_TITLE="Headscale" CFG_HEADSCALE_DESCRIPTION="WireGuard VPN Controller" CFG_HEADSCALE_LONG_DESCRIPTION="Headscale is an open source, self-hosted implementation of the Tailscale control server that works with the Tailscale client" CFG_HEADSCALE_URL="https://github.com/juanfont/headscale" CFG_HEADSCALE_ACTIONS="configure|install|restart|shutdown|uninstall" # # ============================================================================= # NETWORK CONFIGURATION # ============================================================================= # DOMAIN = number of domain from the general config, useful when using multiple domains # HOST_NAME = subdomain name e.g test is the name for test.website.com # WHITELIST = if true only allow whitelisted ips (see general config), if false allow all # CFG_HEADSCALE_DOMAIN=1 CFG_HEADSCALE_WHITELIST=false CFG_HEADSCALE_HOST_NAME=headscale CFG_HEADSCALE_NETWORK=default # # ============================================================================= # PORT CONFIGURATION # ============================================================================= # PORT_ = port configuration: app|name|external:internal|access|protocol|login|traefik|webui|description # - app: application name # - name: service identifier (webui, dns, ssh, etc.) # - external:internal: port mapping (external can be 'random' for auto-allocation) # - access: 'public' (internet accessible), 'private' (local network only), 'disabled' (not running) # - protocol: 'tcp' or 'udp' # - login: if true, this port requires basic-auth via Traefik (only meaningful when traefik=true) # - traefik: if true, Traefik handles this port (reverse proxy) # - webui: if true, this port serves the main web interface # - description: human-readable description of the service # CFG_HEADSCALE_PORT_1="headscale-service|api|random:8080|private|tcp|false|false|false|Headscale API Server|" CFG_HEADSCALE_PORT_2="headscale-webui-service|webui|random:5000|private|tcp|false|true|true|Web UI|"