---
headscale:
  enabled: true
  mirror: "https://github.com/juanfont/headscale/releases/download"
  install_dir: "/usr/local/apps"
  release_dir: "/usr/local/apps/releases"
  config_path: "/etc/headscale"
  var_dir: "/var/lib/headscale"
  version: "0.25.1"
  os: linux
  arch: amd64
  user:
    name: headscale
    uid: 915
  group:
    name: headscale
    gid: 915
  config:
    server_url: http://127.0.0.1:8080
    listen_addr: 127.0.0.1:8080
    metrics_listen_addr: 127.0.0.1:9090
    grpc_listen_addr: 127.0.0.1:50443
    grpc_allow_insecure: false
    noise:
      private_key_path: /var/lib/headscale/noise_private.key
    prefixes:
      v4: 100.64.0.0/10
      v6: fd7a:115c:a1e0::/48
      allocation: sequential
    derp:
      server:
        enabled: false
        region_id: 999
        region_code: "headscale"
        region_name: "Headscale Embedded DERP"
        stun_listen_addr: "0.0.0.0:3478"
        private_key_path: /var/lib/headscale/derp_server_private.key
        automatically_add_embedded_derp_region: true
        ipv4: 1.2.3.4
        ipv6: 2001:db8::1
      urls:
        - https://controlplane.tailscale.com/derpmap/default
      paths: []
      auto_update_enabled: true
      update_frequency: 24h
    disable_check_updates: false
    ephemeral_node_inactivity_timeout: 30m
    database:
      type: sqlite
      debug: false
      gorm:
        prepare_stmt: true
        parameterized_queries: true
        skip_err_record_not_found: true
        slow_threshold: 1000
      sqlite:
        path: /var/lib/headscale/db.sqlite
        write_ahead_log: true
        wal_autocheckpoint: 1000
    acme_url: https://acme-v02.api.letsencrypt.org/directory
    acme_email: ""
    tls_letsencrypt_hostname: ""
    tls_letsencrypt_cache_dir: /var/lib/headscale/cache
    tls_letsencrypt_challenge_type: HTTP-01
    tls_letsencrypt_listen: ":http"
    tls_cert_path: ""
    tls_key_path: ""
    log:
      format: text
      level: info
    policy:
      mode: file
      path: ""
    dns:
      magic_dns: true
      base_domain: example.com
      nameservers:
        global:
          - 1.1.1.1
          - 1.0.0.1
          - 2606:4700:4700::1111
          - 2606:4700:4700::1001
        split:
          {}
      search_domains: []
      extra_records: []
    unix_socket: /var/run/headscale/headscale.sock
    unix_socket_permission: "0770"
    logtail:
      enabled: false
    randomize_client_port: false
  derp_config:
    regions: {}
      #900:
      #  regionid: 900
      #  regioncode: custom
      #  regionname: My Region
      #  nodes:
      #    - name: 900a
      #      regionid: 900
      #      hostname: myderp.mydomain.no
      #      ipv4: 123.123.123.123
      #      ipv6: "2604:a880:400:d1::828:b001"
      #      stunport: 0
      #      stunonly: false
      #      derpport: 0
  policy: {}