---
# Headscale configuration
# addresses. ports and paths
server_url: "https://{{ headscale_hostname }}"
listen_addr: 0.0.0.0:443
metrics_listen_addr: 127.0.0.1:9090
grpc_listen_addr: 127.0.0.1:50443
grpc_allow_insecure: false
private_key_path: /var/lib/headscale/private.key
noise:
  private_key_path: /var/lib/headscale/noise_private.key
# IP ranges & dns
# IP ranges & dns
prefixes:
  v6: fd7a:115c:a1e0::/48
  v4: 10.13.100.0/24
dns:
  #override_local_dns: true
  nameservers:
    global:
    - 1.1.1.1
  magic_dns: true
  base_domain: {{ headscale_base_domain }}

# DERP
derp:
  server:
    enabled: true
    region_id: 999
    region_code: "aws-headscale-maecki"
    region_name: "aws-headscale-maecki"
    stun_listen_addr: "0.0.0.0:3478"
    private_key_path: /var/lib/headscale/derp_server_private.key
  paths: []
  auto_update_enabled: false
  update_frequency: 24h

# DB
database:
  type: sqlite3
  sqlite:
    path: /var/lib/headscale/db.sqlite

# TLS
acme_url: https://acme-v02.api.letsencrypt.org/directory
acme_email: ""
tls_letsencrypt_hostname: "{{ headscale_hostname }}"
tls_letsencrypt_cache_dir: /var/lib/headscale/cache
tls_letsencrypt_challenge_type: HTTP-01
tls_letsencrypt_listen: ":http"