counterweight/personal_infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add headspace

Browse source
This commit is contained in:
counterweight 2025-10-22 23:58:38 +02:00
parent bade56a1a8
commit 1ca6d3e13c
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
4 changed files with 366 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

41
02_vps_core_services_setup.md
View file

@ -222,3 +222,44 @@ Personal blog is a static website served directly by Caddy.
* Simply push changes to the `master` branch of your git repository.
* The cron job will automatically pull and deploy updates within an hour.
* For immediate updates, you can manually run: `/usr/local/bin/update-personal-blog.sh` on the server.
## Headscale
Headscale is a self-hosted Tailscale control server that allows you to create your own Tailscale network.
### Deploy
* Decide what subdomain you want to serve Headscale on and add it to `services/headscale/headscale_vars.yml` on the `headscale_subdomain`.
* Note that you will have to add a DNS entry to point to the VPS public IP.
* Run the deployment playbook: `ansible-playbook -i inventory.ini services/headscale/deploy_headscale_playbook.yml`.
### Configure
* **Network Security**: The network starts with a deny-all policy - no devices can communicate with each other until you explicitly configure ACL rules in `/etc/headscale/acl.json`.
* After deployment, you need to create a namespace and generate pre-auth keys for your devices.
* SSH into your VPS and run the following commands:
```bash
# Create a namespace
headscale user create counter-net
# Generate a pre-auth key for device registration
headscale preauthkeys create --user 1 # Assumes you've only created one user
```
* Copy the generated pre-auth key - you'll need it to register your devices.
### Connect devices
* Install Tailscale on your devices (mobile apps, desktop clients, etc.).
* Instead of using the default Tailscale login, use your headscale server:
* Server URL: `https://headscale.contrapeso.xyz` (or your configured domain)
* Use the pre-auth key you generated above
* Full command: `tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>`
* Your devices will now be part of your private Tailscale network.
### Management
* List connected devices: `headscale nodes list`
* View users: `headscale users list`
* Generate new pre-auth keys: `headscale preauthkeys create --user counter-net --reusable`
* Remove a device: `headscale nodes delete --identifier <node-id>`