steffen/cryodev
1
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

add .gitignore, fix headscale CLI to use numeric user IDs

Browse source 
- Add .gitignore for nix build result symlinks
- Fix all headscale CLI commands: --user now requires numeric ID,
  not username (changed in newer headscale versions)
- Add 'headscale users list' step to docs where preauth keys are created
This commit is contained in:
steffen 2026-03-14 12:28:47 +01:00
parent 4c560abffd
commit dbf98e2f22
6 changed files with 36 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/services/headplane.md
View file

@ -25,9 +25,10 @@ nix-shell -p openssl --run 'openssl rand -hex 16'
```bash
# First, create a dedicated user
sudo headscale users create headplane-agent
# Then create a reusable pre-auth key
sudo headscale preauthkeys create --expiration 99y --reusable --user headplane-agent
# Find the user ID
sudo headscale users list
# Then create a reusable pre-auth key (use the ID of headplane-agent)
sudo headscale preauthkeys create --expiration 99y --reusable --user <ID>
```
### Add to Secrets
@ -101,7 +102,7 @@ sudo journalctl -u headplane -f
Verify the agent pre-auth key is valid:
```bash
sudo headscale preauthkeys list --user headplane-agent
sudo headscale preauthkeys list --user <ID>
```
If expired, create a new one and update the secrets file.

2
docs/services/sops.md
View file

@ -153,7 +153,7 @@ netdata:
| Mailserver password | `nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'` |
| Random hex token | `nix-shell -p openssl --run 'openssl rand -hex 16'` |
| UUID | `uuidgen` |
| Tailscale preauth | `sudo headscale preauthkeys create --expiration 99y --reusable --user default` |
| Tailscale preauth | `sudo headscale preauthkeys create --expiration 99y --reusable --user <ID>` |
## Updating Keys

7
docs/services/tailscale.md
View file

@ -14,7 +14,10 @@ Tailscale clients connect to the self-hosted Headscale server to join the mesh V
On the Headscale server (cryodev-main):
```bash
sudo headscale preauthkeys create --expiration 99y --reusable --user default
# User-ID ermitteln
sudo headscale users list
# Preauth-Key erstellen (User-ID von "default" einsetzen)
sudo headscale preauthkeys create --expiration 99y --reusable --user <ID>
```
### Add to Secrets
@ -111,7 +114,7 @@ Check the auth key is valid:
```bash
# On Headscale server
sudo headscale preauthkeys list --user default
sudo headscale preauthkeys list --user <ID>
```
Verify the login server URL is correct in the client configuration.