a

headscale/server/daemonset.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: headscale
+spec:
+  template:
+    metadata:
+      labels:
+        app: headscale
+    spec:
+      hostNetwork: true
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: headscale
+        - name: certs
+          secret:
+            secretName: wetofu-me-certs
+        - name: config
+          configMap:
+            name: headscale
+      containers:
+        - name: headscale
+          image: ghcr.io/juanfont/headscale
+          args:
+            - serve
+          volumeMounts:
+            - name: data
+              mountPath: /var/lib/headscale
+            - name: certs
+              mountPath: /certs
+            - name: config
+              mountPath: /etc/headscale
+  selector:
+    matchLabels:
+      app: headscale

headscale/server/ingress.yaml

@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: headscale
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: 'true'
+spec:
+  tls:
+    - hosts:
+        - '*.wetofu.me'
+      secretName: wetofu-me-certs
+  rules:
+    - host: hs.wetofu.me
+      http:
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: headscale
+                port:
+                  number: 8080

headscale/server/kustomization.yaml

@@ -0,0 +1,13 @@
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization.json
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - daemonset.yaml
+  - pvc.yaml
+  - service.yaml
+  - ingress.yaml
+configMapGenerator:
+  - name: headscale
+    files:
+      - config/config.yaml

headscale/server/pvc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: headscale
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1G

headscale/server/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: headscale
+spec:
+  ipFamilyPolicy: PreferDualStack
+  ipFamilies:
+    - IPv4
+    - IPv6
+  ports:
+    - name: http
+      port: 8080
+      targetPort: 8081
+  selector:
+    app: headscale