Offer Debian repository to keep Headscale installations up to date

[renne]

Why

Currently the workflow of security checking of Headscale hosts is quite frustrating.

1. Regularly log into host and run dpkg -l | grep -i headscale to see which Headscale version is installed.
2. Go to the releases page of this Github repository.
3. Check most current release version of Headscale.
4. Download most current release version of Headscale.
5. Run sudo dpkg --install headscale.deb to update Headscale.

Description

Offer a package repository for Debian/Ubuntu which can be added to APT. That allows to either run apt update && apt upgrade or even use unattended-upgrades to update Headscale.

[mich2k]

Following this, I tought the headscale deb was embedding the hs repository too

[kradalby]

Hi, we do not have capacity to maintain this, we are happy to receive help from someone who can and are willing to maintain this. I have marked this issue with "help wanted".

[github-actions[bot]]

This issue is stale because it has been open for 90 days with no activity.

[renne]

Anti stale ;-)

[DaAwesomeP]

It is maybe possible to do with a GitHub CI workflow + GitHub Pages (existing build workflows push to a repo hosted on GitHub Pages).

Example writeup: https://jon.sprig.gs/blog/post/2835 Example workflow: https://github.com/terminate-notice/terminate-notice.github.io/blob/main/.github/workflows/repo.yml

[github-actions[bot]]

This issue is stale because it has been open for 90 days with no activity.

[renne]

Maybe Headscale can be added to the Tailscale repositories?

[github-actions[bot]]

This issue is stale because it has been open for 90 days with no activity.

[renne]

Stale ping.

[kradalby]

It is maybe possible to do with a GitHub CI workflow + GitHub Pages (existing build workflows push to a repo hosted on GitHub Pages).

Example writeup: jon.sprig.gs/blog/post/2835 Example workflow: terminate-notice/terminate-notice.github.io@main/.github/workflows/repo.yml

If someone wants to try this, we are open to have it set up, but two potential problems:

• How much maintenance is it?
• Will we hit Github bandwidth/transfer limits?

[macthecadillac]

You guys can use Open Build Service. I've seen plenty of Debian/Fedora repositories hosted there. I never did this myself but I think this could be useful: https://en.opensuse.org/openSUSE:Build_Service_Debian_builds

[kradalby]

Thats not a bad idea, my main concern with using an external service is that if they shut down, we have to find a new service because if we start offering this, it will no longer be acceptable to not offer it.

[macthecadillac]

It's quite unimaginable that OBS will shut down in the foreseeable future since it is tied to openSUSE--OBS is to openSUSE as AUR is to Arch. It has also been around for a very long time (openSUSE Build Service reached 1.0 in 2008, so they've been around for at least that long). Granted, every time we rely on some external service there is a chance they get shut down, but the same goes with Github or its build actions, which depends on the whims of Microsoft as much as OBS is on SUSE.

If you worry about the longevity of openSUSE Build Service, there is also Ubuntu's PPA. I don't know if they support building for Debian though.

The least risky way is to contribute to Debian directly, but becoming a Debian maintainer can be a chore (speaking from experience haha)

[heldchen]

as a new potential headscale user, looking for an apt repository was the first thing I did as it makes integrating it into our existing ansible infrastructure management much easier.

a community member seems to have created an unofficial repo (https://github.com/allddd/headscale-apt) maybe they would be willing to contribute to the official project?

[theothertom]

I'd be happy to explore getting something building in OBS if that would be valuable - I've done a bit there before.