headscale-bin: Add -bin ebuild

Based on the gentoo headscale one, but using the official amd64
binary, as a lame workaround for the "improved" 0.17+ NIX buildsystem.

Signed-off-by: Stefan Knoblich <stkn@bitplumber.de>

net-vpn/headscale-bin/Manifest

@@ -0,0 +1,8 @@
+AUX config-socket.patch 513 BLAKE2B cf104dc1521a184d2b715a6d77341a298dbe0f8fdb3c1396f09ac20091c37dedf62066fba56b0940020aeab3dc34b4b5165bdae437dfa475854e029ad98c9b0c SHA512 21aaf0d457f321a54a0c36be146a56ffa24a50461f3d1d8fe56594744bd5655ac13cc74860df711b9913f4e66ce6ad1852eec75307c18d2ca8a54fe81ea3445a
+AUX headscale.confd 165 BLAKE2B 0bf5013e2820c4a9dcae234b61a9e1c5bc6b45903eb6b5687ccb561f4857c2b68332a610e7a813fd967fce10f0a1028e3a989e2575fff8dd9abc35121d642e09 SHA512 ff1e354e60ffd912be4c36712228550e70d9bc66928aeaf470504875fe68a04ed1de3b0d5a96ec7980c8957bc42912da643737d32631c379f3e72cd53b0adffd
+AUX headscale.initd 955 BLAKE2B 02759db0feabe388458cf678760c0cf06bfdffb7b96ee85736a442c2b18c6e94690c2313c3e55d43284c7a68b8228db81c4f898d732a9edb2f732dff7261d2cd SHA512 c600a078e881837f9a2e5da4a2dd23d3115e6fe4d57df6e208ba9d9aad96c6251237ccded75c9471405d62a6f53e4d9ca39900c7ae607c1883e2fad09c636f7b
+AUX headscale.service 459 BLAKE2B 0c8d9b82cf3a9065fc9a57a0b0670a4cdb57cf62b27d1aac5c6823581b398c073922a142e07ef11d9867184e96981c314a6ce964d5f126dae51cabcba360ad50 SHA512 318b7394fe8232c461415438eed878962a429d4a47b7ffcb55f9aaec711c851aa59135bb5b9115b898d5ec2ae078fbaf1926052cfe44e6aafa44617e0ebffb37
+DIST headscale-0.17.1.tar.gz 563769 BLAKE2B 6e06345f65b0076478cbd8ae42dc87cf8d643f6fc92700e5c377ffb1e54142dac66f9c1dc9f795112c5035c11df7f28f081c4a4b2a3b242cf8588d6f3ee794c4 SHA512 0742b6e8f635d46e3f9d65ac057c4ab16c4168fb363460d32df65817e3d22b230797305dc6c55fe19e6a1c686495d8c838c68553e68571c303cf5f80cbc9ac67
+DIST headscale_0.17.1_linux_amd64 25821184 BLAKE2B 18d9d65d7496d57ef20c9247a3a9d72c3cf00d4e0d21633a35d1d6ed2ed0f4a61962fc33f4bff44e77d0721dfbefa4bcce660aa3a85fa9c49a713cda95927699 SHA512 12d88ad6db57dc4386f5f4ce5f9688346a09a72c6ca5da98ae18fd5637dbb06630cb9a33875e507b2724a63510fe2d5f696a85a9bcd80cb0ed971c8d5075ded1
+EBUILD headscale-bin-0.17.1.ebuild 1392 BLAKE2B da1d8ed6154720f51eababb2bb265347f57d2d281772504a968e5e613accb296a2a696b152053b2e66f1cb1c747681dbb7d5ce5dfa9fe066a6855a1710dbb0f1 SHA512 e5a6b9e77fd97c3e05de39863b6fc8797b9f49cd3fb3e719a79482575590c1160259eeefff016d11b20e7b7b9e67c8d06e39002b8126c28bdc9775a417a43ade
+MISC metadata.xml 500 BLAKE2B 7dc95b76985ac9cb40ac5f12de2739f6e8f9f4f4a68a0bb397968c7419900c52c6233df1ce7eefa369de0a66cfa07ce8ec71624a6111d72e8c91553012169228 SHA512 d5b77a9da9eba9bdf9ba2ce675f92ca058f145f5bebc3546ad7acbff8140c16915afdf153bba8aacd2ce5130d7427cdaedef64efcb368546da91cbac8b5495e1

net-vpn/headscale-bin/files/config-socket.patch

@@ -0,0 +1,13 @@
+diff --git a/config-example.yaml b/config-example.yaml
+index d3d155e..a070c22 100644
+--- a/config-example.yaml
++++ b/config-example.yaml
+@@ -208,7 +208,7 @@ dns_config:
+ # Unix socket used for the CLI to connect without authentication
+ # Note: for local development, you probably want to change this to:
+ # unix_socket: /var/run/headscale.sock
+-unix_socket: ./headscale.sock
++unix_socket: /run/headscale/headscale.sock
+ unix_socket_permission: "0770"
+ #
+ # headscale supports experimental OpenID connect support,

net-vpn/headscale-bin/files/headscale.confd

@@ -0,0 +1,8 @@
+HEADSCALE_USER=headscale
+HEADSCALE_GROUP=headscale
+
+# max number of open files (for floodfill)
+rc_ulimit="-n 4096"
+
+# Options to headscale
+HEADSCALE_OPTIONS="serve"

net-vpn/headscale-bin/files/headscale.initd

@@ -0,0 +1,35 @@
+#!/sbin/openrc-run
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Headscale Server daemon"
+command="/usr/bin/headscale"
+user="${HEADSCALE_USER}:${HEADSCALE_GROUP}"
+directory="/var/lib/headscale"
+output_log="/var/log/headscale.log"
+error_log="/var/log/headscale.log"
+private_key="/var/lib/headscale/private.key"
+
+start_stop_daemon_args="--user \"${user}\" ${HEADSCALE_OPTIONS} --background"
+
+depend() {
+	need net
+}
+
+start_pre() {
+	if [ ! -s /etc/headscale/config.yaml ] ; then
+		eerror "Missing headscale configuration file"
+		eerror "Please check the documentation directory for an example"
+		return 1
+	fi
+
+	checkpath -d -m 700 -o "${user}" /run/headscale /var/lib/headscale
+	checkpath -f -m 600 -o "${user}" \
+		/var/lib/headscale/db.sqlite \
+		/var/log/headscale.log \
+		/etc/headscale/config.yaml
+
+	if [ -f ${private_key} ]; then
+		checkpath -f -m 600 -o "${user}" ${private_key}
+	fi
+}

net-vpn/headscale-bin/files/headscale.service

@@ -0,0 +1,24 @@
+[Unit]
+Description=headscale controller
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+User=headscale
+Group=headscale
+ExecStart=/usr/bin/headscale serve
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/headscale /run/headscale
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+RuntimeDirectory=headscale
+
+[Install]
+WantedBy=multi-user.target

net-vpn/headscale-bin/headscale-bin-0.17.1.ebuild

@@ -0,0 +1,50 @@
+# Copyright 2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit systemd
+
+DESCRIPTION="An open source, self-hosted implementation of the Tailscale control server"
+HOMEPAGE="https://github.com/juanfont/headscale"
+SRC_URI="https://github.com/juanfont/headscale/releases/download/v${PV}/headscale_${PV}_linux_amd64
+	 https://github.com/juanfont/headscale/archive/refs/tags/v${PV}.tar.gz -> headscale-${PV}.tar.gz"
+
+LICENSE="BSD Apache-2.0 MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+S="${WORKDIR}/headscale-${PV}"
+
+DEPEND="
+	acct-group/headscale
+	acct-user/headscale
+	!net-vpn/headscale
+"
+RDEPEND="
+	${DEPEND}
+	net-firewall/iptables
+"
+
+PATCHES=(
+	"${FILESDIR}"/config-socket.patch
+)
+
+src_compile() {
+	cp "${DISTDIR}/headscale_${PV}_linux_amd64" headscale || die "Failed to copy headscale binary"
+}
+
+src_install() {
+	dobin headscale
+	dodoc -r docs/* config-example.yaml
+	keepdir /etc/headscale /var/lib/headscale
+	systemd_dounit "${FILESDIR}"/headscale.service
+	newconfd "${FILESDIR}"/headscale.confd headscale
+	newinitd "${FILESDIR}"/headscale.initd headscale
+	fowners -R ${PN}:${PN} /etc/headscale /var/lib/headscale
+}
+
+pkg_postinst() {
+	[[ -f "${EROOT}"/etc/headscale/config.yaml ]] && return
+	elog "Please create ${EROOT}/etc/headscale/config.yaml before starting the service"
+	elog "An example is in ${EROOT}/usr/share/doc/${PV}/config-example.yaml"
+}

net-vpn/headscale-bin/metadata.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person" proxied="yes">
+		<email>chris@lesscrowds.org</email>
+		<name>Chris Su</name>
+	</maintainer>
+	<maintainer type="person" proxied="proxy">
+		<email>dlan@gentoo.org</email>
+		<name>Yixun Lan</name>
+	</maintainer>
+	<maintainer type="person" proxied="proxy">
+		<email>jsmolic@gentoo.org</email>
+		<name>Jakov Smolić</name>
+	</maintainer>
+</pkgmetadata>