首頁 探索 說明
註冊 登入
root
/
apps
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
分支: master
分支列表 標籤列表
apps
/
trains
/
community
/
headscale
/
1.0.5
/
templates
/
docker-compose.yaml

docker-compose.yaml 4.3 KB
永久連結 文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. {% set tpl = ix_lib.base.render.Render(values) %}
    2. 

  2. 

  3. {% set c1 = tpl.add_container(values.consts.headscale_container_name, "image") %}
    4. 

  4. {% set init = tpl.add_container(values.consts.init_container_name, "alpine_image") %}
    5. 

  5. {% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}
    6. 

  6. {% set perms_config = {"uid": values.run_as.user, "gid": values.run_as.group, "mode": "check"} %}
    7. 

  7. 

  8. {# FIXME: remove after https://github.com/juanfont/headscale/pull/2656 #}
    9. 

  9. {% do init.set_user(values.run_as.user, values.run_as.group) %}
    10. 

  10. {% do init.restart.set_policy("on-failure", 1) %}
    11. 

  11. {% do init.healthcheck.disable() %}
    12. 

  12. {% do init.deploy.resources.set_profile("low") %}
    13. 

  13. {% do init.remove_devices() %}
    14. 

  14. {# At least an empty config is required. #}
    15. 

  15. {% do init.set_entrypoint(["touch", "%s/config.yaml"|format(values.consts.config_path)]) %}
    16. 

  16. 

  17. {% do c1.set_user(values.run_as.user, values.run_as.group) %}
    18. 

  18. {# FIXME: Uncomment this after https://github.com/juanfont/headscale/pull/2659 #}
    19. 

  19. {# {% do c1.healthcheck.set_custom_test(["CMD", "/ko-app/headscale", "health"]) %} #}
    20. 

  20. {% do c1.healthcheck.disable() %}
    21. 

  21. {% do c1.set_command(["serve"]) %}
    22. 

  22. {% do c1.depends.add_dependency(values.consts.init_container_name, "service_completed_successfully") %}
    23. 

  23. 

  24. {% do c1.environment.add_env("HEADSCALE_LISTEN_ADDR", ":%d"|format(values.network.api_port.port_number)) %}
    25. 

  25. {% do c1.environment.add_env("HEADSCALE_DATABASE_TYPE", "sqlite") %}
    26. 

  26. {% do c1.environment.add_env("HEADSCALE_DATABASE_SQLITE_PATH", "%s/db.sqlite"|format(values.consts.lib_path)) %}
    27. 

  27. {# FIXME: remove after https://github.com/juanfont/headscale/pull/2658 #}
    28. 

  28. {% do c1.environment.add_env("HEADSCALE_NOISE", '{}') %}
    29. 

  29. {% do c1.environment.add_env("HEADSCALE_NOISE_PRIVATE_KEY_PATH", "%s/noise_private.key"|format(values.consts.lib_path)) %}
    30. 

  30. {% do c1.environment.add_env("HEADSCALE_UNIX_SOCKET", "%s/headscale.sock"|format(values.consts.run_path)) %}
    31. 

  31. {% do c1.environment.add_env("HEADSCALE_UNIX_SOCKET_PERMISSION", "0770") %}
    32. 

  32. {% do c1.environment.add_env("HEADSCALE_DERP_URLS", "https://controlplane.tailscale.com/derpmap/default") %}
    33. 

  33. {% do c1.environment.add_env("HEADSCALE_DERP_SERVER_PRIVATE_KEY_PATH", "%s/derp_server_private.key"|format(values.consts.lib_path)) %}
    34. 

  34. 

  35. {% do c1.environment.add_env("HEADSCALE_SERVER_URL", values.headscale.server_url) %}
    36. 

  36. {% do c1.environment.add_env("HEADSCALE_DNS_BASE_DOMAIN", values.headscale.dns.base_domain) %}
    37. 

  37. {% do c1.environment.add_env("HEADSCALE_DNS_NAMESERVERS_GLOBAL", values.headscale.dns.nameservers_global | join(" ")) %}
    38. 

  38. {# Those are not really configurable #}
    39. 

  39. {% do c1.environment.add_env("HEADSCALE_PREFIXES_V4", "100.64.0.0/10") %}
    40. 

  40. {% do c1.environment.add_env("HEADSCALE_PREFIXES_V6", "fd7a:115c:a1e0::/48") %}
    41. 

  41. 

  42. {% if values.network.certificate_id %}
    43. 

  43.   {% do c1.environment.add_env("HEADSCALE_SSL_KEY_PATH", values.consts.ssl_key_path) %}
    44. 

  44.   {% do c1.environment.add_env("HEADSCALE_SSL_CERT_PATH", values.consts.ssl_cert_path) %}
    45. 

  45. 

  46.   {% set cert = values.ix_certificates[values.network.certificate_id] %}
    47. 

  47.   {% do c1.configs.add("private", cert.privatekey, values.consts.ssl_key_path) %}
    48. 

  48.   {% do c1.configs.add("public", cert.certificate, values.consts.ssl_cert_path) %}
    49. 

  49. {% endif %}
    50. 

  50. 

  51. {% do c1.environment.add_user_envs(values.headscale.additional_envs) %}
    52. 

  52. 

  53. {% do c1.add_port(values.network.api_port) %}
    54. 

  54. 

  55. {% do c1.add_storage(values.consts.config_path, values.storage.config) %}
    56. 

  56. {% do init.add_storage(values.consts.config_path, values.storage.config) %}
    57. 

  57. {% do perm_container.add_or_skip_action("config", values.storage.config, perms_config) %}
    58. 

  58. 

  59. {% do c1.add_storage(values.consts.lib_path, values.storage.lib) %}
    60. 

  60. {% do perm_container.add_or_skip_action("lib", values.storage.lib, perms_config) %}
    61. 

  61. 

  62. {% do c1.add_storage(values.consts.run_path, values.storage.run) %}
    63. 

  63. {% do perm_container.add_or_skip_action("run", values.storage.run, perms_config) %}
    64. 

  64. 

  65. {% for store in values.storage.additional_storage %}
    66. 

  66.   {% do c1.add_storage(store.mount_path, store) %}
    67. 

  67.   {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
    68. 

  68. {% endfor %}
    69. 

  69. 

  70. {% if perm_container.has_actions() %}
    71. 

  71.   {% do perm_container.activate() %}
    72. 

  72.   {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
    73. 

  73.   {% do init.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
    74. 

  74. {% endif %}
    75. 

  75. 

  76. {{ tpl.render() | tojson }}
    77.