headscale-bin: Add -bin ebuild

Based on the gentoo headscale one, but using the official amd64
binary, as a lame workaround for the "improved" 0.17+ NIX buildsystem.

Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>

net-vpn/headscale-bin/files/headscale.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=headscale controller
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User=headscale
+Group=headscale
+ExecStart=/usr/bin/headscale serve
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/headscale /run/headscale
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RuntimeDirectory=headscale
+
+[Install]
+WantedBy=multi-user.target