apiVersion: v1
kind: ConfigMap
metadata:
  name: headscale-config
  namespace: networking
data:
  acl.json: |
    {
      "tagOwners": {
        "tag:personal": ["lucalise@"],
      },
      "acls": [
        {"action": "accept", "src": ["tag:personal"], "dst": ["tag:personal:*"]},
        {"action": "accept", "src": ["tag:personal"], "dst": ["autogroup:internet:*"]},
        {"action": "accept", "src": ["tag:personal"], "dst": ["192.168.15.0/27:*", "192.168.27.0/24:*", "192.168.20.0/26:*"]}
      ]
    }
  config.yaml: |
    server_url: https://mesh.lucalise.ca
    listen_addr: 0.0.0.0:8080
    metrics_listen_addr: 0.0.0.0:9090
    
    noise:
      private_key_path: /var/lib/headscale/noise_private.key
    
    prefixes:
      v4: 10.100.0.0/24
      v6: fd7a:115c:a1e0::/48
    
    database:
      type: sqlite3
      sqlite:
        path: /var/lib/headscale/db.sqlite
    policy:
      path: /etc/headscale/acl.json
    
    dns:
      override_local_dns: false
      base_domain: m.net

    derp:
      server:
        enabled: false
      urls:
        - https://controlplane.tailscale.com/derpmap/default
      auto_update_enabled: true
      update_frequency: 24h
    
    log:
      level: info