perf: optimize Headscale for connectivity and latency

- Remove viktorbarzin.me from split DNS (same IPs as public DNS, was adding unnecessary tunnel overhead for every DNS query) - Narrow reverse DNS split scope from 10.0.0.0/8 → 10.0.20.0/24 and 10.0.10.0/24 only; 192.168.0.0/16 → 192.168.1.0/24 only - Add extra_records for key internal services (technitium, k8s-master) for instant MagicDNS resolution without tunnel roundtrip - Replace full Tailscale DERP map (29 regions) with curated set: home + 8 European + 5 global fallback DERPs (14 total) - Add custom derp.yaml to ConfigMap, sourced from Vault Port 80 DERP dropped — Traefik's global HTTP→HTTPS redirect prevents non-TLS DERP upgrades on the web entrypoint.
2026-03-28 15:44:13 +02:00 · 2026-03-28 15:44:13 +02:00 · f4ff654a69
commit f4ff654a69
parent 29fe56aa68
2 changed files with 9 additions and 0 deletions
--- a/stacks/headscale/main.tf
+++ b/stacks/headscale/main.tf
@ -16,6 +16,7 @@ module "headscale" {
  nfs_server             = var.nfs_server
  headscale_config       = data.vault_kv_secret_v2.secrets.data["headscale_config"]
  headscale_acl          = data.vault_kv_secret_v2.secrets.data["headscale_acl"]
+  headscale_derp_map     = data.vault_kv_secret_v2.secrets.data["headscale_derp_map"]
  homepage_token         = try(local.homepage_credentials["headscale"]["api_key"], "")
  tier                   = local.tiers.core
  ui_cookie_secret       = data.vault_kv_secret_v2.secrets.data["headscale_ui_cookie_secret"]
--- a/stacks/headscale/modules/headscale/main.tf
+++ b/stacks/headscale/modules/headscale/main.tf
@ -17,6 +17,9 @@ variable "ui_api_key" {
  type      = string
  sensitive = true
 }
+variable "headscale_derp_map" {
+  type = string
+}

 resource "kubernetes_namespace" "headscale" {
  metadata {
@ -151,6 +154,10 @@ resource "kubernetes_deployment" "headscale" {
              key  = "acl.yaml"
              path = "acl.yaml"
            }
+            items {
+              key  = "derp.yaml"
+              path = "derp.yaml"
+            }
          }
        }

@ -370,6 +377,7 @@ resource "kubernetes_config_map" "headscale-config" {
  data = {
    "config.yaml" = var.headscale_config
    "acl.yaml"    = var.headscale_acl
+    "derp.yaml"   = var.headscale_derp_map
  }
 }