headscale-bin: Add -bin ebuild

Based on the gentoo headscale one, but using the official amd64
binary, as a lame workaround for the "improved" 0.17+ NIX buildsystem.

Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>

net-vpn/headscale-bin/files/config-socket.patch

@@ -0,0 +1,13 @@
+diff --git a/config-example.yaml b/config-example.yaml
+index d3d155e..a070c22 100644
+--- a/config-example.yaml
++++ b/config-example.yaml
+@@ -208,7 +208,7 @@ dns_config:
+ # Unix socket used for the CLI to connect without authentication
+ # Note: for local development, you probably want to change this to:
+ # unix_socket: /var/run/headscale.sock
+-unix_socket: ./headscale.sock
++unix_socket: /run/headscale/headscale.sock
+ unix_socket_permission: "0770"
+ #
+ # headscale supports experimental OpenID connect support,

net-vpn/headscale-bin/files/headscale.confd

@@ -0,0 +1,8 @@
+HEADSCALE_USER=headscale
+HEADSCALE_GROUP=headscale
+
+# max number of open files (for floodfill)
+rc_ulimit="-n 4096"
+
+# Options to headscale
+HEADSCALE_OPTIONS="serve"

net-vpn/headscale-bin/files/headscale.initd

@@ -0,0 +1,35 @@
+#!/sbin/openrc-run
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Headscale Server daemon"
+command="/usr/bin/headscale"
+user="${HEADSCALE_USER}:${HEADSCALE_GROUP}"
+directory="/var/lib/headscale"
+output_log="/var/log/headscale.log"
+error_log="/var/log/headscale.log"
+private_key="/var/lib/headscale/private.key"
+
+start_stop_daemon_args="--user \"${user}\" ${HEADSCALE_OPTIONS} --background"
+
+depend() {
+	need net
+}
+
+start_pre() {
+	if [ ! -s /etc/headscale/config.yaml ] ; then
+		eerror "Missing headscale configuration file"
+		eerror "Please check the documentation directory for an example"
+		return 1
+	fi
+
+	checkpath -d -m 700 -o "${user}" /run/headscale /var/lib/headscale
+	checkpath -f -m 600 -o "${user}" \
+		/var/lib/headscale/db.sqlite \
+		/var/log/headscale.log \
+		/etc/headscale/config.yaml
+
+	if [ -f ${private_key} ]; then
+		checkpath -f -m 600 -o "${user}" ${private_key}
+	fi
+}

net-vpn/headscale-bin/files/headscale.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=headscale controller
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User=headscale
+Group=headscale
+ExecStart=/usr/bin/headscale serve
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/headscale /run/headscale
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RuntimeDirectory=headscale
+
+[Install]
+WantedBy=multi-user.target