mirror of
https://github.com/YunoHost-Apps/headscale_ynh.git
synced 2024-09-03 19:25:53 +02:00
Documentation
This commit is contained in:
parent
6ceafb68a1
commit
4062082445
4 changed files with 65 additions and 26 deletions
9
doc/ADMIN.md
Normal file
9
doc/ADMIN.md
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
You are encouraged to tweak Headscale's configuration in `__INSTALL_DIR__/config.yaml`.
|
||||||
|
Feel free to experiment and report your use cases in YunoHost's forum and chatrooms!
|
||||||
|
|
||||||
|
Some technical notes:
|
||||||
|
- [Internal DERP server](https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp) is not enabled
|
||||||
|
- The server is allowed to use the [DERP servers operated by Tailscale](https://controlplane.tailscale.com/derpmap/default)
|
||||||
|
- The database used to store user and nodes information is SQLite. It should be fine for YunoHost's current small-scale self-hosting mindset.
|
||||||
|
- Headscale will push DNS servers to its clients. The configuration includes FDN's open resolvers. ([French Data Network](https://www.fdn.fr/actions/dns/), associative ISP)
|
||||||
|
|
|
@ -1,9 +1,50 @@
|
||||||
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
|
An open source, self-hosted implementation of the Tailscale control server.
|
||||||
|
|
||||||
|
### What is Tailscale
|
||||||
|
|
||||||
|
Tailscale is [a modern VPN](https://tailscale.com/) built on top of
|
||||||
|
[Wireguard](https://www.wireguard.com/).
|
||||||
|
It [works like an overlay network](https://tailscale.com/blog/how-tailscale-works/)
|
||||||
|
between the computers of your networks - using
|
||||||
|
[NAT traversal](https://tailscale.com/blog/how-nat-traversal-works/).
|
||||||
|
|
||||||
|
Everything in Tailscale is Open Source, except the GUI clients for proprietary OS
|
||||||
|
(Windows and macOS/iOS), and the control server.
|
||||||
|
|
||||||
|
The control server works as an exchange point of Wireguard public keys for the
|
||||||
|
nodes in the Tailscale network. It assigns the IP addresses of the clients,
|
||||||
|
creates the boundaries between each user, enables sharing machines between users,
|
||||||
|
and exposes the advertised routes of your nodes.
|
||||||
|
|
||||||
|
A [Tailscale network (tailnet)](https://tailscale.com/kb/1136/tailnet/) is private
|
||||||
|
network which Tailscale assigns to a user in terms of private users or an
|
||||||
|
organisation.
|
||||||
|
|
||||||
|
### Design goal
|
||||||
|
|
||||||
|
Headscale aims to implement a self-hosted, open source alternative to the Tailscale
|
||||||
|
control server.
|
||||||
|
Headscale's goal is to provide self-hosters and hobbyists with an open-source
|
||||||
|
server they can use for their projects and labs.
|
||||||
|
It implements a narrow scope, a single Tailnet, suitable for a personal use, or a small
|
||||||
|
open-source organisation.
|
||||||
|
|
||||||
### Features
|
### Features
|
||||||
|
|
||||||
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
|
|
||||||
- Laboris nisi ut aliquip ex ea commodo consequat ;
|
- Full "base" support of Tailscale's features
|
||||||
- Duis aute irure dolor in reprehenderit in voluptate ;
|
- Configurable DNS
|
||||||
- Velit esse cillum dolore eu fugiat nulla pariatur ;
|
- [Split DNS](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console)
|
||||||
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
|
- Node registration
|
||||||
|
- Single-Sign-On (via Open ID Connect)
|
||||||
|
- Pre authenticated key
|
||||||
|
- Taildrop (File Sharing)
|
||||||
|
- [Access control lists](https://tailscale.com/kb/1018/acls/)
|
||||||
|
- [MagicDNS](https://tailscale.com/kb/1081/magicdns)
|
||||||
|
- Support for multiple IP ranges in the tailnet
|
||||||
|
- Dual stack (IPv4 and IPv6)
|
||||||
|
- Routing advertising (including exit nodes)
|
||||||
|
- Ephemeral nodes
|
||||||
|
- Embedded [DERP server](https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp)
|
||||||
|
|
||||||
|
*from Headscale's README. See Links section below.*
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
* Any known limitations, constrains or stuff not working, such as (but not limited to):
|
|
||||||
* requiring a full dedicated domain ?
|
|
||||||
* architectures not supported ?
|
|
||||||
* not-working single-sign on or LDAP integration ?
|
|
||||||
* the app requires an important amount of RAM / disk / .. to install or to work properly
|
|
||||||
* etc...
|
|
||||||
|
|
||||||
* Other infos that people should be aware of, such as:
|
|
||||||
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
|
|
||||||
* how to configure / administrate the application if it ain't obvious
|
|
||||||
* upgrade process / specificities / things to be aware of ?
|
|
||||||
* security considerations ?
|
|
|
@ -10,21 +10,22 @@ maintainers = ["tituspijean"]
|
||||||
|
|
||||||
[upstream]
|
[upstream]
|
||||||
license = "BSD-3-Clause"
|
license = "BSD-3-Clause"
|
||||||
admindoc = "https://github.com/juanfont/headscale/tree/main/docs"
|
admindoc = "https://headscale.net/"
|
||||||
userdoc = "https://tailscale.com/kb/"
|
userdoc = "https://tailscale.com/kb/"
|
||||||
code = "https://github.com/juanfont/headscale"
|
code = "https://github.com/juanfont/headscale"
|
||||||
website = "https://tailscale.com/"
|
website = "https://headscale.net/"
|
||||||
cpe = "cpe:2.3:a:tailscale:tailscale"
|
cpe = "cpe:2.3:a:tailscale:tailscale"
|
||||||
|
fund = "https://ko-fi.com/headscale
|
||||||
|
|
||||||
[integration]
|
[integration]
|
||||||
yunohost = ">= 11.0.0"
|
yunohost = ">= 11.0.0"
|
||||||
architectures = "all"
|
architectures = "all"
|
||||||
multi_instance = false
|
multi_instance = false
|
||||||
ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials.
|
ldap = "true"
|
||||||
sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal.
|
sso = "false"
|
||||||
disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ...
|
disk = "50M"
|
||||||
ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
|
ram.build = "50M"
|
||||||
ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
|
ram.runtime = "50M"
|
||||||
|
|
||||||
[install]
|
[install]
|
||||||
[install.domain]
|
[install.domain]
|
||||||
|
@ -43,7 +44,7 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
|
||||||
[install.base_domain]
|
[install.base_domain]
|
||||||
type = "domain"
|
type = "domain"
|
||||||
ask.en = "Choose the base domain for Headscale's MagicDNS feature"
|
ask.en = "Choose the base domain for Headscale's MagicDNS feature"
|
||||||
help.en = "MagiDNS will allow you to access your hosts with a domain like `myhost.mynamespace.basedomain.tld`"
|
help.en = "MagiDNS will allow you to access your hosts with a domain like `myhost.username.basedomain.tld`"
|
||||||
|
|
||||||
[resources]
|
[resources]
|
||||||
[resources.sources.main]
|
[resources.sources.main]
|
||||||
|
|
Loading…
Reference in a new issue