version: "3"
services:
  headscale-webui:
    image: ghcr.io/ifargle/headscale-webui:latest
    container_name: headscale-webui
    environment:
      - TZ=UTC                                 # Timezone
      - HS_SERVER=localhost                    # Set this to your Headscale server's URL.  It will need to access /api/ on Headscale.
      - BASE_PATH="/admin"                     # Default, can be anything you want.  Tailscale's Windows app expects "HS_SERVER/admin"
      - KEY="YourKeyBetweenQuotes"             # Generate with "openssl rand -base64 32"
      - AUTH_TYPE=Basic                        # AUTH_TYPE is either "Basic" or "OIDC" - Removing this will disable authentication
      - BASIC_AUTH_USER=user                   # Used for basic auth - Can be omitted if not using Basic Auth  
      - BASIC_AUTH_PASS=pass                   # Used for basic auth - Can be omitted if not using Basic Auth
      # ENV for OIDC (Used only if AUTH_TYPE is "OIDC")
      - FLASK_OIDC_PROVIDER_NAME="OIDC"
      - FLASK_OIDC_CLIENT_ID=Headscale-WebUI
      - FLASK_OIDC_CLIENT_SECRET=secret
      - FLASK_OIDC_CONFIG_URL=https://auth.$DOMAIN/.well-known/openid-configuration
    volumes:
      - ./volume:/data                         # Headscale-WebUI's storage.  Make sure ./volume is readable by UID 1000 (chown 1000:1000 ./volume)
      - ./headscale/config/:/etc/headscale/:ro # Headscale's config storage location.  Used to read your Headscale config.