From c5939cae6ad9dc0cf78d455c07f310efc4cb8d18 Mon Sep 17 00:00:00 2001
From: Gerrit <Gerrit91@users.noreply.github.com>
Date: Mon, 30 Sep 2024 15:16:20 +0200
Subject: [PATCH] Headscale v0.23.0 (#326)

---
 control-plane/roles/headscale/README.md       |  6 ++---
 .../roles/headscale/defaults/main/main.yaml   |  5 ++--
 control-plane/roles/headscale/tasks/main.yaml |  1 -
 .../roles/headscale/templates/headscale.yaml  | 25 ++++++++++++-------
 4 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/control-plane/roles/headscale/README.md b/control-plane/roles/headscale/README.md
index ebce023ee..0095d4be8 100644
--- a/control-plane/roles/headscale/README.md
+++ b/control-plane/roles/headscale/README.md
@@ -11,14 +11,13 @@ If you want to rotate the API key, you need to delete the `headscale-api-key` se
 The role should take the same variables as the wrapped role, but prefixed with `headscale_db_` instead of `postgres_`.
 
 | Name                                           | Mandatory | Description                                                 |
-|------------------------------------------------|-----------|-------------------------------------------------------------|
+| ---------------------------------------------- | --------- | ----------------------------------------------------------- |
 | headscale_image_name                           | yes       | Image name of headscale                                     |
 | headscale_image_tag                            | yes       | Image version of headscale                                  |
 | headscale_db_image_name                        | yes       | Image name of headscale DB                                  |
 | headscale_db_image_tag                         | yes       | Image version of headscale DB                               |
 | headscale_db_backup_restore_sidecar_image_name | yes       | Image name of init container for headscale DB               |
 | headscale_db_backup_restore_sidecar_image_tag  | yes       | Image version of init container for headscale DB            |
-| headscale_private_key                          | yes       | Private key                                                 |
 | headscale_noise_private_key                    | yes       | Noise Protocol Private key for TS2021 compatibility         |
 | headscale_ingress_dns                          |           | Domain name                                                 |
 | headscale_namespace                            |           | The deployment's target namespace                           |
@@ -26,4 +25,5 @@ The role should take the same variables as the wrapped role, but prefixed with `
 | headscale_ingress_annotations                  |           | Annotations that will be attached to the ingress resource   |
 | headscale_resources                            |           | The kubernetes resources for the actual headscale container |
 | headscale_api_key_expiration                   |           | The time how long the generated api key will be valid       |
-| headscale_ip_prefixes                          |           | Slice of IP Prefixes where the tunnel endpoints are created |
+| headscale_ipv4_prefix                          |           | IPv4 prefix where the tunnel endpoints are created          |
+| headscale_ipv6_prefix                          |           | IPv6 prefix where the tunnel endpoints are created          |
diff --git a/control-plane/roles/headscale/defaults/main/main.yaml b/control-plane/roles/headscale/defaults/main/main.yaml
index 5d482efbe..148bab0ee 100644
--- a/control-plane/roles/headscale/defaults/main/main.yaml
+++ b/control-plane/roles/headscale/defaults/main/main.yaml
@@ -15,6 +15,5 @@ headscale_resources:
 
 headscale_api_key_expiration: 365d
 
-headscale_ip_prefixes:
-  - fd7a:115c:a1e0::/48
-  - 100.64.0.0/1
+headscale_ipv4_prefix: 100.64.0.0/1
+headscale_ipv6_prefix: fd7a:115c:a1e0::/48
diff --git a/control-plane/roles/headscale/tasks/main.yaml b/control-plane/roles/headscale/tasks/main.yaml
index 9f184f732..73dec3274 100644
--- a/control-plane/roles/headscale/tasks/main.yaml
+++ b/control-plane/roles/headscale/tasks/main.yaml
@@ -13,7 +13,6 @@
       - headscale_db_image_tag is defined
       - headscale_db_backup_restore_sidecar_image_name is defined
       - headscale_db_backup_restore_sidecar_image_tag is defined
-      - headscale_private_key is defined
       - headscale_noise_private_key is defined
       - headscale_ingress_dns is not none
 
diff --git a/control-plane/roles/headscale/templates/headscale.yaml b/control-plane/roles/headscale/templates/headscale.yaml
index 236abd506..e7a183bac 100644
--- a/control-plane/roles/headscale/templates/headscale.yaml
+++ b/control-plane/roles/headscale/templates/headscale.yaml
@@ -11,18 +11,27 @@ data:
     listen_addr: 0.0.0.0:8080
     grpc_allow_insecure: true
     ephemeral_node_inactivity_timeout: 30m
-    private_key_path: /vol/data/private.key
     noise:
       private_key_path: /vol/data/noise_private.key
     derp:
       urls:
         - https://controlplane.tailscale.com/derpmap/default
-    ip_prefixes: {{ headscale_ip_prefixes | to_json }}
 
-    db_type: postgres
-    db_host: headscale-db
-    db_name: {{ headscale_db_db }}
-    db_user: {{ headscale_db_user }}
+    database:
+      type: postgres
+      postgres:
+        host: headscale-db
+        port: 5432
+        name: {{ headscale_db_db }}
+        user: {{ headscale_db_user }}
+
+    prefixes:
+      v4: {{ headscale_ipv4_prefix }}
+      v6: {{ headscale_ipv6_prefix }}
+
+    dns:
+      magic_dns: false
+
 ---
 apiVersion: v1
 kind: Secret
@@ -94,9 +103,7 @@ spec:
         - containerPort: 50443
           name: grpc
         env:
-        - name: HEADSCALE_DB_PORT
-          value: "5432"
-        - name: HEADSCALE_DB_PASS
+        - name: HEADSCALE_DATABASE_POSTGRES_PASS
           valueFrom:
             secretKeyRef:
               key: password