viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

perf: optimize Headscale for connectivity and latency

Browse source 
- Remove viktorbarzin.me from split DNS (same IPs as public DNS,
  was adding unnecessary tunnel overhead for every DNS query)
- Narrow reverse DNS split scope from 10.0.0.0/8 → 10.0.20.0/24
  and 10.0.10.0/24 only; 192.168.0.0/16 → 192.168.1.0/24 only
- Add extra_records for key internal services (technitium, k8s-master)
  for instant MagicDNS resolution without tunnel roundtrip
- Replace full Tailscale DERP map (29 regions) with curated set:
  home + 8 European + 5 global fallback DERPs (14 total)
- Add custom derp.yaml to ConfigMap, sourced from Vault

Port 80 DERP dropped — Traefik's global HTTP→HTTPS redirect
prevents non-TLS DERP upgrades on the web entrypoint.
This commit is contained in:
Viktor Barzin 2026-03-28 15:44:13 +02:00
parent 29fe56aa68
commit f4ff654a69
2 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
stacks/headscale/main.tf
View file

@ -16,6 +16,7 @@ module "headscale" {
nfs_server = var.nfs_server nfs_server = var.nfs_server
headscale_config = data.vault_kv_secret_v2.secrets.data["headscale_config"] headscale_config = data.vault_kv_secret_v2.secrets.data["headscale_config"]
headscale_acl = data.vault_kv_secret_v2.secrets.data["headscale_acl"] headscale_acl = data.vault_kv_secret_v2.secrets.data["headscale_acl"]
headscale_derp_map = data.vault_kv_secret_v2.secrets.data["headscale_derp_map"]
homepage_token = try(local.homepage_credentials["headscale"]["api_key"], "") homepage_token = try(local.homepage_credentials["headscale"]["api_key"], "")
tier = local.tiers.core tier = local.tiers.core
ui_cookie_secret = data.vault_kv_secret_v2.secrets.data["headscale_ui_cookie_secret"] ui_cookie_secret = data.vault_kv_secret_v2.secrets.data["headscale_ui_cookie_secret"]

8
stacks/headscale/modules/headscale/main.tf
View file

@ -17,6 +17,9 @@ variable "ui_api_key" {
type = string type = string
sensitive = true sensitive = true
} }
variable "headscale_derp_map" {
type = string
}
resource "kubernetes_namespace" "headscale" { resource "kubernetes_namespace" "headscale" {
metadata { metadata {
@ -151,6 +154,10 @@ resource "kubernetes_deployment" "headscale" {
key = "acl.yaml" key = "acl.yaml"
path = "acl.yaml" path = "acl.yaml"
} }
items {
key = "derp.yaml"
path = "derp.yaml"
}
} }
} }
@ -370,6 +377,7 @@ resource "kubernetes_config_map" "headscale-config" {
data = { data = {
"config.yaml" = var.headscale_config "config.yaml" = var.headscale_config
"acl.yaml" = var.headscale_acl "acl.yaml" = var.headscale_acl
"derp.yaml" = var.headscale_derp_map
} }
} }