diff options
| author | Joe Holden | 2022-11-11 14:20:37 +0100 |
|---|---|---|
| committer | Joe Holden | 2022-11-11 14:20:37 +0100 |
| commit | c548c9b7a984744fe1d32f301b06d573c31b37db (patch) | |
| tree | 96bef801f54808ba51a3068f8f51677cc406c94b | |
| parent | e106709b7b170367b55e562b95eb09f42ed7d0b8 (diff) | |
| download | aur-c548c9b7a984744fe1d32f301b06d573c31b37db.tar.gz | |
upgrade 0.16.4 (from PyroDevil, thanks!)
| -rw-r--r-- | .SRCINFO | 14 | ||||
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | PKGBUILD | 26 | ||||
| -rw-r--r-- | headscale.service | 52 | ||||
| -rw-r--r-- | headscale.sysusers | 1 | ||||
| -rw-r--r-- | headscale.tmpfiles | 2 |
6 files changed, 80 insertions, 16 deletions
@@ -1,19 +1,23 @@ pkgbase = headscale pkgdesc = An open source, self-hosted implementation of the Tailscale coordination server. - pkgver = 0.15.0 + pkgver = 0.16.4 pkgrel = 1 url = https://github.com/juanfont/headscale arch = any license = BSD makedepends = go - depends = tailscale optdepends = wireguard-tools: CLI tools for generating keys optdepends = postgresql: alternative database provider conflicts = headscale-git backup = etc/headscale/config.yaml - source = headscale-0.15.0.tar.gz::https://github.com/juanfont/headscale/archive/refs/tags/v0.15.0.tar.gz + backup = etc/headscale/derp.yaml + source = headscale-0.16.4.tar.gz::https://github.com/juanfont/headscale/archive/refs/tags/v0.16.4.tar.gz source = headscale.service - sha256sums = 4cfa732453c1270b8b5d1ded1687b517a5822fa5afb1595267d434e570702d04 - sha256sums = 000457ad0cfaca8513c0f1be5b0a04beb673576e019c7184e5fb3a78e57738ab + source = headscale.sysusers + source = headscale.tmpfiles + sha256sums = 0395478f9dde68aa8ca23be8df6ff636d47166981d0995e4e31a8c7db12df8e8 + sha256sums = SKIP + sha256sums = SKIP + sha256sums = SKIP pkgname = headscale diff --git a/.gitignore b/.gitignore index 832a2faf833b..b882116f824b 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ /src /headscale /*.pkg.tar.* +/*.gz @@ -1,35 +1,49 @@ pkgname=headscale -pkgver=0.15.0 +pkgver=0.16.4 pkgrel=1 pkgdesc="An open source, self-hosted implementation of the Tailscale coordination server." arch=('any') url="https://github.com/juanfont/headscale" license=('BSD') -depends=('tailscale') +depends=() makedepends=('go') optdepends=( 'wireguard-tools: CLI tools for generating keys' 'postgresql: alternative database provider' ) conflicts=("${pkgname}-git") -backup=("etc/${pkgname}/config.yaml") +backup=("etc/${pkgname}/config.yaml" "etc/${pkgname}/derp.yaml") source=( "${pkgname}-${pkgver}.tar.gz::https://github.com/juanfont/headscale/archive/refs/tags/v${pkgver}.tar.gz" 'headscale.service' + 'headscale.sysusers' + 'headscale.tmpfiles' ) -sha256sums=('4cfa732453c1270b8b5d1ded1687b517a5822fa5afb1595267d434e570702d04' - '000457ad0cfaca8513c0f1be5b0a04beb673576e019c7184e5fb3a78e57738ab') +sha256sums=('0395478f9dde68aa8ca23be8df6ff636d47166981d0995e4e31a8c7db12df8e8' + '3cae7a3bfbb70bfda8dc4323d27cdcde0d841d1b3335c0f10525907eb3f6e650' + '059353f4843dec6eb447c567fac890ef63cc9c8acea18840fcfc3f4a76d596db' + '8a22d7193ceeac0be32725cf8108f963be3a21855e6099de964f810094d0adc7') build() { cd "${srcdir}/${pkgname}-${pkgver}" - go build -v -o headscale -ldflags "-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=${pkgver}" ./cmd/headscale + make + sed -i 's-/var/run/headscale\.sock-/var/run/headscale/headscale\.sock-' config-example.yaml } package() { cd "$srcdir/${pkgname}-${pkgver}" install -D -m755 "${pkgname}" "${pkgdir}/usr/bin/${pkgname}" + install -D -m644 "config-example.yaml" "${pkgdir}/etc/${pkgname}/config.yaml" + install -D -m644 "config-example.yaml" "${pkgdir}/usr/share/${pkgname}/config-example.yaml" + + install -D -m644 "derp-example.yaml" "${pkgdir}/etc/${pkgname}/derp.yaml" + install -D -m644 "derp-example.yaml" "${pkgdir}/usr/share/${pkgname}/derp-example.yaml" + + install -D -m644 "${srcdir}/${pkgname}.sysusers" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf" + install -D -m644 "${srcdir}/${pkgname}.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf" + install -D -m644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" install -D -m644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" diff --git a/headscale.service b/headscale.service index 8645af4c8b60..ab2cfa15ba91 100644 --- a/headscale.service +++ b/headscale.service @@ -1,14 +1,56 @@ [Unit] -Description=Headscale server +Description=Headscale controller After=network.target [Service] Type=simple -RemainAfterExit=yes -Environment=GIN_MODE=release ExecStart=/usr/bin/headscale serve -ExecReload=/bin/kill -HUP $MAINPID -Restart=on-failure +WorkingDirectory=/var/lib/headscale +ConfigurationDirectory=headscale +RuntimeDirectory=headscale +User=headscale +Group=headscale + +DynamicUser=yes +Restart=always +RestartSec=5 + +CapabilityBoundingSet=CAP_NET_BIND_SERVICE +AmbientCapabilities=CAP_NET_BIND_SERVICE + +# If headscale is run at ports >1024, you should apply these options via a +# drop-in file +#CapabilityBoundingSet= +#AmbientCapabilities= +#PrivateUsers=yes + +NoNewPrivileges=yes + +LimitNOFILE=1048576 +UMask=0077 + +ProtectSystem=strict +ProtectHome=yes +ReadWritePaths=/var/lib/headscale /var/run/headscale +PrivateTmp=yes +PrivateDevices=yes +ProtectHostname=yes +ProtectClock=yes +ProtectKernelTunables=yes +ProtectKernelModules=yes +ProtectKernelLogs=yes +ProtectControlGroups=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +LockPersonality=yes +MemoryDenyWriteExecute=yes +RestrictRealtime=yes +RestrictSUIDSGID=yes +RemoveIPC=yes + +SystemCallFilter=@system-service +SystemCallFilter=~@privileged @resources +SystemCallArchitectures=native [Install] WantedBy=multi-user.target diff --git a/headscale.sysusers b/headscale.sysusers new file mode 100644 index 000000000000..a9238cceba1c --- /dev/null +++ b/headscale.sysusers @@ -0,0 +1 @@ +u headscale - "Headscale user" diff --git a/headscale.tmpfiles b/headscale.tmpfiles new file mode 100644 index 000000000000..7c49e08fa752 --- /dev/null +++ b/headscale.tmpfiles @@ -0,0 +1,2 @@ +d /var/lib/headscale 0750 headscale headscale +h /var/lib/headscale - - - - +C |