From fd08ef88161c2c0fe4bcd87d941932ca355aa95b Mon Sep 17 00:00:00 2001
From: 0x7fffff92 <40755502+0x7fffff92@users.noreply.github.com>
Date: Tue, 21 Oct 2025 23:59:36 +0800
Subject: [PATCH] fix: Increase permissions and resolve mirror cache issues
 (#1961)

Co-authored-by: 0x7fffff92 <0x7fffff92@example.com>
---
 .../headscale/templates/headscale_deploy.yaml | 25 ++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml b/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
index ff9dec9ed..a95b485c1 100644
--- a/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
+++ b/framework/headscale/.olares/config/user/helm-charts/headscale/templates/headscale_deploy.yaml
@@ -71,6 +71,29 @@ roleRef:
   name: admin
   apiGroup: rbac.authorization.k8s.io
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Values.bfl.username }}:sysenv-reader
+rules:
+- apiGroups: ["sys.bytetrade.io"]
+  resources: ["systemenvs"]
+  verbs: ["get","list","watch"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: user:{{ .Values.bfl.username }}:sysenv-reader
+subjects:
+- kind: ServiceAccount
+  name: tailscale
+  namespace: user-space-{{ .Values.bfl.username }}
+roleRef:
+  kind: ClusterRole
+  name: {{ .Values.bfl.username }}:sysenv-reader
+  apiGroup: rbac.authorization.k8s.io
 
 ---
 apiVersion: apps/v1
@@ -128,7 +151,7 @@ spec:
         - |
           chown -R 1000:1000 /headscale 
       - name: init
-        image: beclab/headscale-init:v0.1.12
+        image: beclab/headscale-init:v0.1.13
         imagePullPolicy: IfNotPresent
         securityContext:
           privileged: true