From 12ae708f4ad1bf19b00c9f0cae9b9f290387c099 Mon Sep 17 00:00:00 2001
From: colin <colin@noreply@nixc.us>
Date: Tue, 23 Jan 2024 13:55:48 +0000
Subject: [PATCH] Update stack.production.yml

---
 stack.production.yml | 84 ++++++++++++++++++++++++++++++++------------
 1 file changed, 62 insertions(+), 22 deletions(-)

diff --git a/stack.production.yml b/stack.production.yml
index 49def20..9e518a8 100644
--- a/stack.production.yml
+++ b/stack.production.yml
@@ -13,25 +13,40 @@ services:
       placement:
         constraints:
           - node.hostname == macmini3
-      # labels:
-      #   us.nixc.autodeploy: "true"
-      #   traefik.enable: "true"
-      #   traefik.http.routers.production-headscale_headscale.rule: "Host(`headscale.nixc.us`)"
-      #   traefik.http.routers.production-headscale_headscale.entrypoints: "websecure"
-      #   traefik.http.routers.production-headscale_headscale.tls: "true"
-      #   traefik.http.routers.production-headscale_headscale.tls.certresolver: "letsencryptresolver"
-      #   traefik.http.routers.production-headscale_headscale.service: "production-headscale_headscale"
-      #   traefik.http.services.production-headscale_headscale.loadbalancer.server.port: "8080"
-      #   traefik.docker.network: "traefik"
+      labels:
+        us.nixc.autodeploy: "true"
+        traefik.enable: "true"
+        traefik.http.routers.production-headscale_headscale.rule: "Host(`headscale.nixc.us`)"
+        traefik.http.routers.production-headscale_headscale.entrypoints: "websecure"
+        traefik.http.routers.production-headscale_headscale.tls: "true"
+        traefik.http.routers.production-headscale_headscale.tls.certresolver: "letsencryptresolver"
+        traefik.http.routers.production-headscale_headscale.service: "production-headscale_headscale"
+        traefik.http.services.production-headscale_headscale.loadbalancer.server.port: "8080"
+        traefik.docker.network: "traefik"
       replicas: 1
       restart_policy:
         condition: on-failure
-  nginx:
-    image: git.nixc.us/colin/reverse:production
+  headscale-webui:
+    image: ghcr.io/ifargle/headscale-webui:latest
     environment:
-      - BACKEND_ADDRESS=headscale_headscale
-      - BACKEND_PORT=8080
-      - PROTOCOL=http
+      - TZ=America/Toronto
+      - COLOR=red                              # Use the base colors (ie, no darken-3, etc) - 
+      - HS_SERVER=https://headscale.nixc.us    # Reachable endpoint for your Headscale server
+      - DOMAIN_NAME=https://headscale.nixc.us  # The base domain name for this container.
+      - SCRIPT_NAME=/admin                     # This is your applications base path (wsgi requires the name "SCRIPT_NAME").  Remove if you are hosing at the root /
+      - KEY="lzaAI5nenkxAeR1OZdKSYCqHsBnRtFCg2+anEeEkIhw="             # Generate with "openssl rand -base64 32" - used to encrypt your key on disk.
+      - AUTH_TYPE=basic                         # AUTH_TYPE is either Basic or OIDC.  Empty for no authentication
+      - LOG_LEVEL=info                         # Log level.  "DEBUG", "ERROR", "WARNING", or "INFO".  Default "INFO"
+      # ENV for Basic Auth (Used only if AUTH_TYPE is "Basic").  Can be omitted if you aren't using Basic Auth
+      - BASIC_AUTH_USER=Barstool2830                   # Used for basic auth
+      - BASIC_AUTH_PASS=ZnipwhPdg4uNcnPc35LSKy3iE3rrTgYA2                   # Used for basic auth
+      # # ENV for OIDC (Used only if AUTH_TYPE is "OIDC").  Can be omitted if you aren't using OIDC
+      # - OIDC_AUTH_URL=https://auth.$DOMAIN/.well-known/openid-configuration # URL for your OIDC issuer's well-known endpoint
+      # - OIDC_CLIENT_ID=headscale-webui         # Your OIDC Issuer's Client ID for Headscale-WebUI
+      # - OIDC_CLIENT_SECRET=YourSecretHere      # Your OIDC Issuer's Secret Key for Headscale-WebUI
+    volumes:
+      - /mnt/tank/persist/nixc.us/headscale/production/data:/data                         # Headscale-WebUI's storage.  Make sure ./volume is readable by UID 1000 (chown 1000:1000 ./volume)
+      - /mnt/tank/persist/nixc.us/headscale/production/config:/etc/headscale/:ro # Headscale's config storage location.  Used to read your Headscale config.
     deploy:
       replicas: 1
       placement:
@@ -40,17 +55,42 @@ services:
       labels:
         us.nixc.autodeploy: "true"
         traefik.enable: "true"
-        traefik.http.routers.production-headscale_nginx.tls: "true"
-        traefik.http.services.production-headscale_nginx.loadbalancer.server.port: "80"
-        traefik.http.routers.production-headscale_nginx.rule: "Host(`headscale.nixc.us`)"
-        traefik.http.routers.production-headscale_nginx.entrypoints: "websecure"
-        traefik.http.routers.production-headscale_nginx.tls.certresolver: "letsencryptresolver"
-        traefik.http.routers.production-headscale_nginx.service: "production-headscale_nginx"
-        # traefik.http.routers.production-headscale_nginx.middlewares: "authelia_authelia@docker"
+        traefik.http.routers.production-headscale_webui.tls: "true"
+        traefik.http.services.production-headscale_webui.loadbalancer.server.port: "80"
+        traefik.http.routers.production-headscale_webui.rule: "Host(`headscale.nixc.us`) && PathPrefix(`/admin`)"
+        traefik.http.routers.production-headscale_webui.entrypoints: "websecure"
+        traefik.http.routers.production-headscale_webui.tls.certresolver: "letsencryptresolver"
+        traefik.http.routers.production-headscale_webui.service: "production-headscale_webui"
+        # traefik.http.routers.production-headscale_webui.middlewares: "authelia_authelia@docker"
         traefik.docker.network: "traefik"
     networks:
       - traefik
       - default
+  # nginx:
+  #   image: git.nixc.us/colin/reverse:production
+  #   environment:
+  #     - BACKEND_ADDRESS=headscale_headscale
+  #     - BACKEND_PORT=8080
+  #     - PROTOCOL=http
+  #   deploy:
+  #     replicas: 1
+  #     placement:
+  #       constraints:
+  #         - node.hostname == macmini14
+  #     labels:
+  #       us.nixc.autodeploy: "true"
+  #       traefik.enable: "true"
+  #       traefik.http.routers.production-headscale_nginx.tls: "true"
+  #       traefik.http.services.production-headscale_nginx.loadbalancer.server.port: "80"
+  #       traefik.http.routers.production-headscale_nginx.rule: "Host(`headscale.nixc.us`)"
+  #       traefik.http.routers.production-headscale_nginx.entrypoints: "websecure"
+  #       traefik.http.routers.production-headscale_nginx.tls.certresolver: "letsencryptresolver"
+  #       traefik.http.routers.production-headscale_nginx.service: "production-headscale_nginx"
+  #       # traefik.http.routers.production-headscale_nginx.middlewares: "authelia_authelia@docker"
+  #       traefik.docker.network: "traefik"
+  #   networks:
+  #     - traefik
+  #     - default
 # volumes:
 #   headscale:
 networks: