net-vpn/headscale: Import and bump to 0.23.0

This ebuild is based on net-vpn/headscale-0.22.3::gentoo.

Changes to the ebuild beside the bump itself:
- src_compile: Switch to ego
- src_compile: strip away debug informations (-s -w)
- src_compile: Disable cgo, link statically
- pkg_postinstall: change style from early-return to if-then-fi
- pkg_postinstall: drop custom compression from mentioned example file
- pkg_postinstall: update the old 0.19.x ewarn from 2022-Feb to a new 0.23.0 ewarn
- SRC_URI: change style from dict to appended string (shorter here)
- add archiving and compression instructions for future maintenance
  and for improved reproducability
- fix copyright line (first submission was in 2022,
  see commit 5aa57d09a9ad9c907b69afc2c9cc340663980c18)

Signed-off-by: Nils Freydank <nils.freydank@posteo.de>

net-vpn/headscale/Manifest

@@ -0,0 +1,2 @@
+DIST headscale-0.23.0-deps.tar.xz 288364084 BLAKE2B 8cbe3076a8068d5978d1f3f61e04b75f3ec138150cf87e88b48e9ef637aee284f36c16bb6725a1aba3c23d1b26daa4524bce77ba60a53b6385f5c434cc827281 SHA512 2b9a96cf622877ad8f38e1477a87a4acc080da1c62fe56890dbe48c1a46423d2fd8ecc5789256a9acb0e3539818d27fe4caf20c395c966657c505b639ffe3c87
+DIST headscale-0.23.0.tar.gz 626393 BLAKE2B 551e0fbb60974dfb91f65a7bb1dde79ca91d5895a682d3f86c959757719d35639e13bc7f9695a69b63aadc75bbb393521ad72fcf3dee01ede54f0711d8dfd88a SHA512 6ade2452f5cc4a4f1abe61d0501ef3053fa0e361b0dea0058dd3fa4ec56678e6da1c88ce3edc07fa82eb9cfea3d835039fa1f003c55c65614c93048cbefefc92

net-vpn/headscale/files/headscale.confd

@@ -0,0 +1,8 @@
+HEADSCALE_USER=headscale
+HEADSCALE_GROUP=headscale
+
+# max number of open files (for floodfill)
+rc_ulimit="-n 4096"
+
+# Options to headscale
+HEADSCALE_OPTIONS="serve"

net-vpn/headscale/files/headscale.initd

@@ -0,0 +1,35 @@
+#!/sbin/openrc-run
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Headscale Server daemon"
+command="/usr/bin/headscale"
+user="${HEADSCALE_USER}:${HEADSCALE_GROUP}"
+directory="/var/lib/headscale"
+output_log="/var/log/headscale.log"
+error_log="/var/log/headscale.log"
+private_key="/var/lib/headscale/private.key"
+
+start_stop_daemon_args="--user \"${user}\" ${HEADSCALE_OPTIONS} --background"
+
+depend() {
+	need net
+}
+
+start_pre() {
+	if [ ! -s /etc/headscale/config.yaml ] ; then
+		eerror "Missing headscale configuration file"
+		eerror "Please check the documentation directory for an example"
+		return 1
+	fi
+
+	checkpath -d -m 700 -o "${user}" /run/headscale /var/lib/headscale
+	checkpath -f -m 600 -o "${user}" \
+		/var/lib/headscale/db.sqlite \
+		/var/log/headscale.log \
+		/etc/headscale/config.yaml
+
+	if [ -f ${private_key} ]; then
+		checkpath -f -m 600 -o "${user}" ${private_key}
+	fi
+}

net-vpn/headscale/files/headscale.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=headscale controller
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User=headscale
+Group=headscale
+ExecStart=/usr/bin/headscale serve
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/headscale /run/headscale
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RuntimeDirectory=headscale
+
+[Install]
+WantedBy=multi-user.target

net-vpn/headscale/headscale-0.23.0.ebuild

@@ -0,0 +1,69 @@
+# Copyright 2022-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+EGO_PN="github.com/joanfont/headscale"
+COMMIT_ID="10a72e8d542af68c0c280f2a6ccc84849719b24c"
+
+inherit go-module systemd
+
+DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server"
+HOMEPAGE="https://github.com/juanfont/headscale"
+SRC_URI="https://github.com/juanfont/headscale/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+# Add the manually vendored tarball.
+# 1) Create a tar archive optimized to reproduced by other users or devs.
+# 2) Compress the archive using XZ limiting decompression memory for
+#    pretty constraint systems.
+# Use something like:
+# GOMODCACHE="${PWD}"/go-mod go mod download -modcacherw
+# tar cf $P-deps.tar go-mod \
+#       --mtime="1970-01-01" --sort=name --owner=portage --group=portage
+# xz -k -9eT0 --memlimit-decompress=4096M $P-deps.tar
+SRC_URI+=" https://files.holgersson.xyz/gentoo/distfiles/golang-pkg-deps/${P}-deps.tar.xz"
+
+LICENSE="BSD Apache-2.0 MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~riscv"
+
+DEPEND="
+	acct-group/headscale
+	acct-user/headscale
+"
+RDEPEND="
+	${DEPEND}
+	net-firewall/iptables
+"
+
+src_compile() {
+	export -n GOCACHE XDG_CACHE_HOME
+	export CGO_ENABLED=0
+
+	# Flags -w, -s: Omit debugging information to reduce binary size,
+	# see https://golang.org/cmd/link/.
+	local mygobuildargs=(
+		-ldflags="-X ${EGO_PN}/config.GitCommit=${COMMIT_ID} -s -w"
+		-trimpath
+		-v -work -x
+	)
+
+	ego build "${mygobuildargs[@]}" -o "./bin/${PN}" "./cmd/${PN}"
+}
+
+src_install() {
+	dobin bin/headscale
+	dodoc -r config-example.yaml derp-example.yaml
+	keepdir /etc/headscale /var/lib/headscale
+	systemd_dounit "${FILESDIR}"/headscale.service
+	newconfd "${FILESDIR}"/headscale.confd headscale
+	newinitd "${FILESDIR}"/headscale.initd headscale
+	fowners -R "${PN}":"${PN}" /etc/headscale /var/lib/headscale
+}
+
+pkg_postinst() {
+	if [[ ! -f "${EROOT}"/etc/headscale/config.yaml ]]; then
+		elog "Please create ${EROOT}/etc/headscale/config.yaml before starting the service"
+		elog "An example is in ${EROOT}/usr/share/doc/${P}/config-example.yaml"
+		ewarn ">=headscale-0.19.0 has a DB structs breaking, please BACKUP your database before upgrading!"
+		ewarn "see also: https://github.com/juanfont/headscale/pull/1171 and https://github.com/juanfont/headscale/pull/1144"
+	fi
+}

net-vpn/headscale/metadata.xml

@@ -0,0 +1,11 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>nils.freydank@posteo.de</email>
+		<name>Nils Freydank</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">juanfont/headscale</remote-id>
+	</upstream>
+</pkgmetadata>