(part of headscale-stack)
Uses docker.sock to manage ACLs / reload the service gracefully.
Provides API consumed by headscale-management.
Server tries to find a single container running headscale/headscale image. If there's none or multiple of them, it will return an error.
If there's only one, it will use it to send SIGHUP to reload the service.
To authorize the requests, Authorization header must be provided with valid
API key.
E.g.: Authorization: Bearer <API_KEY>
Sends SIGHUP to the headscale service.
Warning: It simply sends the signal without guaranteeing that the service was reloaded successfully.
Set Content-Type to application/json
Body:
{
"config": "{\"acls\": ... }"
}As the ACLs are a huJSON, we cannot send it directly, and it has to be a text.
It makes a copy of current file, updates it and then sends SIGHUP to reload
the configuration. If this fails, it restores the previous file and returns an
error.
docker.sockmust be mounted at/var/run/docker.sockOR ENVUSE_SOCATmust be set, e.g.tcp://socat:2375- ACLs must be mounted at
/app/acls.jsonand be writeable - ENV
HEADSCALE_SERVER_URLmust be set to the URL of the headscale server
Optional:
- ENV
PORTcan be used to change the port the API listens on (default:6000)