diff --git a/net-vpn/headscale/Manifest b/net-vpn/headscale/Manifest new file mode 100644 index 0000000..d4c2acd --- /dev/null +++ b/net-vpn/headscale/Manifest @@ -0,0 +1,2 @@ +DIST headscale-0.23.0-deps.tar.xz 288364084 BLAKE2B 8cbe3076a8068d5978d1f3f61e04b75f3ec138150cf87e88b48e9ef637aee284f36c16bb6725a1aba3c23d1b26daa4524bce77ba60a53b6385f5c434cc827281 SHA512 2b9a96cf622877ad8f38e1477a87a4acc080da1c62fe56890dbe48c1a46423d2fd8ecc5789256a9acb0e3539818d27fe4caf20c395c966657c505b639ffe3c87 +DIST headscale-0.23.0.tar.gz 626393 BLAKE2B 551e0fbb60974dfb91f65a7bb1dde79ca91d5895a682d3f86c959757719d35639e13bc7f9695a69b63aadc75bbb393521ad72fcf3dee01ede54f0711d8dfd88a SHA512 6ade2452f5cc4a4f1abe61d0501ef3053fa0e361b0dea0058dd3fa4ec56678e6da1c88ce3edc07fa82eb9cfea3d835039fa1f003c55c65614c93048cbefefc92 diff --git a/net-vpn/headscale/files/headscale.confd b/net-vpn/headscale/files/headscale.confd new file mode 100644 index 0000000..5bf65c6 --- /dev/null +++ b/net-vpn/headscale/files/headscale.confd @@ -0,0 +1,8 @@ +HEADSCALE_USER=headscale +HEADSCALE_GROUP=headscale + +# max number of open files (for floodfill) +rc_ulimit="-n 4096" + +# Options to headscale +HEADSCALE_OPTIONS="serve" diff --git a/net-vpn/headscale/files/headscale.initd b/net-vpn/headscale/files/headscale.initd new file mode 100644 index 0000000..9e89ac2 --- /dev/null +++ b/net-vpn/headscale/files/headscale.initd @@ -0,0 +1,35 @@ +#!/sbin/openrc-run +# Copyright 2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +description="Headscale Server daemon" +command="/usr/bin/headscale" +user="${HEADSCALE_USER}:${HEADSCALE_GROUP}" +directory="/var/lib/headscale" +output_log="/var/log/headscale.log" +error_log="/var/log/headscale.log" +private_key="/var/lib/headscale/private.key" + +start_stop_daemon_args="--user \"${user}\" ${HEADSCALE_OPTIONS} --background" + +depend() { + need net +} + +start_pre() { + if [ ! -s /etc/headscale/config.yaml ] ; then + eerror "Missing headscale configuration file" + eerror "Please check the documentation directory for an example" + return 1 + fi + + checkpath -d -m 700 -o "${user}" /run/headscale /var/lib/headscale + checkpath -f -m 600 -o "${user}" \ + /var/lib/headscale/db.sqlite \ + /var/log/headscale.log \ + /etc/headscale/config.yaml + + if [ -f ${private_key} ]; then + checkpath -f -m 600 -o "${user}" ${private_key} + fi +} diff --git a/net-vpn/headscale/files/headscale.service b/net-vpn/headscale/files/headscale.service new file mode 100644 index 0000000..fb27b40 --- /dev/null +++ b/net-vpn/headscale/files/headscale.service @@ -0,0 +1,24 @@ +[Unit] +Description=headscale controller +After=syslog.target +After=network.target + +[Service] +Type=simple +User=headscale +Group=headscale +ExecStart=/usr/bin/headscale serve +Restart=always +RestartSec=5 + +# Optional security enhancements +NoNewPrivileges=yes +PrivateTmp=yes +ProtectSystem=strict +ProtectHome=yes +ReadWritePaths=/var/lib/headscale /run/headscale +AmbientCapabilities=CAP_NET_BIND_SERVICE +RuntimeDirectory=headscale + +[Install] +WantedBy=multi-user.target diff --git a/net-vpn/headscale/headscale-0.23.0.ebuild b/net-vpn/headscale/headscale-0.23.0.ebuild new file mode 100644 index 0000000..6e58ec7 --- /dev/null +++ b/net-vpn/headscale/headscale-0.23.0.ebuild @@ -0,0 +1,69 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 +EGO_PN="github.com/joanfont/headscale" +COMMIT_ID="10a72e8d542af68c0c280f2a6ccc84849719b24c" + +inherit go-module systemd + +DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server" +HOMEPAGE="https://github.com/juanfont/headscale" +SRC_URI="https://github.com/juanfont/headscale/archive/v${PV}.tar.gz -> ${P}.tar.gz" +# Add the manually vendored tarball. +# 1) Create a tar archive optimized to reproduced by other users or devs. +# 2) Compress the archive using XZ limiting decompression memory for +# pretty constraint systems. +# Use something like: +# GOMODCACHE="${PWD}"/go-mod go mod download -modcacherw +# tar cf $P-deps.tar go-mod \ +# --mtime="1970-01-01" --sort=name --owner=portage --group=portage +# xz -k -9eT0 --memlimit-decompress=4096M $P-deps.tar +SRC_URI+=" https://files.holgersson.xyz/gentoo/distfiles/golang-pkg-deps/${P}-deps.tar.xz" + +LICENSE="BSD Apache-2.0 MIT" +SLOT="0" +KEYWORDS="~amd64 ~riscv" + +DEPEND=" + acct-group/headscale + acct-user/headscale +" +RDEPEND=" + ${DEPEND} + net-firewall/iptables +" + +src_compile() { + export -n GOCACHE XDG_CACHE_HOME + export CGO_ENABLED=0 + + # Flags -w, -s: Omit debugging information to reduce binary size, + # see https://golang.org/cmd/link/. + local mygobuildargs=( + -ldflags="-X ${EGO_PN}/config.GitCommit=${COMMIT_ID} -s -w" + -trimpath + -v -work -x + ) + + ego build "${mygobuildargs[@]}" -o "./bin/${PN}" "./cmd/${PN}" +} + +src_install() { + dobin bin/headscale + dodoc -r config-example.yaml derp-example.yaml + keepdir /etc/headscale /var/lib/headscale + systemd_dounit "${FILESDIR}"/headscale.service + newconfd "${FILESDIR}"/headscale.confd headscale + newinitd "${FILESDIR}"/headscale.initd headscale + fowners -R "${PN}":"${PN}" /etc/headscale /var/lib/headscale +} + +pkg_postinst() { + if [[ ! -f "${EROOT}"/etc/headscale/config.yaml ]]; then + elog "Please create ${EROOT}/etc/headscale/config.yaml before starting the service" + elog "An example is in ${EROOT}/usr/share/doc/${P}/config-example.yaml" + ewarn ">=headscale-0.19.0 has a DB structs breaking, please BACKUP your database before upgrading!" + ewarn "see also: https://github.com/juanfont/headscale/pull/1171 and https://github.com/juanfont/headscale/pull/1144" + fi +} diff --git a/net-vpn/headscale/metadata.xml b/net-vpn/headscale/metadata.xml new file mode 100644 index 0000000..b951b9e --- /dev/null +++ b/net-vpn/headscale/metadata.xml @@ -0,0 +1,11 @@ + + + + + nils.freydank@posteo.de + Nils Freydank + + + juanfont/headscale + +