################################################################################
# headscale - Orchistration server for tailnet clients
# https://blog.gurucomputing.com.au/Smart%20VPNS%20with%20Headscale/Setting%20up%20Headscale/
# --
# Tailscale for local exit node / home network
################################################################################
services:
    headscale:
        container_name: headscale
        image: headscale/headscale:latest
        restart: unless-stopped
        ports:
            - 4545:8080
            - 9090:9090
        volumes:
            - headscale_config_nfs:/etc/headscale
            - headscale_data_nfs:/var/lib/headscale
            - headscale_run_nfs:/var/run/headscale
        command: serve

    headscale-ui:
        container_name: headscale-ui
        image: ghcr.io/gurucomputing/headscale-ui:latest
        restart: unless-stopped
        ports:
            - 6262:8080

    # tailscale:
    #     container_name: tailscale
    #     image: tailscale/tailscale:latest
    #     hostname: tailscale # Replace with a descriptive name for your device
    #     volumes:
    #         - tailscale-data:/var/lib/tailscale # Persist Tailscale data
    #         - /dev/net/tun:/dev/net/tun # Required for Tailscale to function
    #     cap_add:
    #         - NET_ADMIN # Required for Tailscale to manage network interfaces
    #         - SYS_MODULE # Required for Tailscale to load kernel modules if needed
    #     environment:
    #         # Set to 'true' to enable subnet routing (allowing other devices on your home network to be accessible)
    #         # You will need to approve the subnet routes in the Tailscale admin console after starting.
    #         # Also enables this device as an exit node.
    #         # IMPORTANT: Replace https://your-headscale-url.com with the actual URL of your Headscale instance.
    #         - TS_EXTRA_ARGS=--advertise-routes=10.0.0.0/24 --accept-dns=true
    #           --login-server=https://headscale.wompmacho.com
    #         - TS_AUTHKEY=e9f24a0815451a5b164cc17715ff457bf6447095dbbe7db4 # OPTIONAL: Use an auth key for unattended authentication
    #         # - TS_USERSPACE=true # Uncomment if you encounter issues with kernel module loading
    #     network_mode: host # Use host network mode for direct network access
    #     restart: unless-stopped

volumes:
    headscale_config_nfs:
        name: headscale_config_nfs
        driver_opts:
            type: nfs
            o: addr=truenas,nolock,soft,rw
            device: :/mnt/store/vault/app/headscale/container-config
    headscale_data_nfs:
        name: headscale_data_nfs
        driver_opts:
            type: nfs
            o: addr=truenas,nolock,soft,rw
            device: :/mnt/store/vault/app/headscale/container-data
    headscale_run_nfs:
        name: headscale_run_nfs
        driver_opts:
            type: nfs
            o: addr=truenas,nolock,soft,rw
            device: :/mnt/store/vault/app/headscale/container-run

    # tailscale-data:
    #     name: tailscale-data
    #     driver_opts:
    #         type: nfs
    #         o: addr=truenas,nolock,soft,rw
    #         device: :/mnt/store/vault/app/tailscale