From ef33a1441ccff9a3faeab9b269e7d7763b428106 Mon Sep 17 00:00:00 2001 From: JigSaw Date: Sun, 16 Jun 2024 23:03:53 +0200 Subject: [PATCH] refactor(tailscale): reworked tailscale app with params (#3802) --- apps/tailscale/config.json | 64 ++++++++++++++++++++++++-- apps/tailscale/docker-compose.yml | 30 ++++++------ apps/tailscale/metadata/description.md | 4 +- 3 files changed, 78 insertions(+), 20 deletions(-) diff --git a/apps/tailscale/config.json b/apps/tailscale/config.json index 146c34f9..ee72e0e5 100644 --- a/apps/tailscale/config.json +++ b/apps/tailscale/config.json @@ -2,16 +2,70 @@ "$schema": "../schema.json", "name": "Tailscale", "available": true, + "exposable": false, + "no_gui": true, "port": 8093, "id": "tailscale", - "tipi_version": 28, + "tipi_version": 29, "version": "1.66.4", - "categories": ["network", "security"], + "categories": [ + "network", + "security" + ], "description": "Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.", "short_desc": "The easiest, most secure way to use WireGuard and 2FA.", "author": "© Tailscale Inc.", "source": "https://github.com/tailscale/tailscale", "website": "https://tailscale.com/", - "form_fields": [], - "supported_architectures": ["arm64", "amd64"] -} + "form_fields": [ + { + "type": "boolean", + "label": "TS_ACCEPT_DNS > Accept DNS configuration from the admin console. Not accepted by default.", + "env_variable": "TAILSCALE_ACCEPT_DNS" + }, + { + "type": "boolean", + "label": "TS_AUTH_ONCE > Attempt to log in only if not already logged in. False by default, to forcibly log in every time the container starts.", + "env_variable": "TAILSCALE_AUTH_ONCE" + }, + { + "type": "text", + "label": "TS_AUTHKEY > An auth key used to authenticate the container. It is also possible to use an OAuth client secret. To mark a containerized node as ephemeral append ?ephemeral=true to the auth key or OAuth client secret.", + "placeholder": "tskey-abcdef1432341818", + "env_variable": "TAILSCALE_AUTHKEY" + }, + { + "type": "text", + "label": "TS_HOSTNAME > Use the specified hostname for the node.", + "placeholder": "runtipi", + "env_variable": "TAILSCALE_HOSTNAME" + }, + { + "type": "text", + "label": "TS_ROUTES > Advertise subnet routes. To accept advertised routes, use TS_EXTRA_ARGS to pass in --accept-routes.", + "placeholder": "10.0.0.0/8,192.168.0.0/24", + "env_variable": "TAILSCALE_ROUTES" + }, + { + "type": "text", + "label": "TS_SERVE_CONFIG > Accepts a JSON file to programatically configure Serve and Funnel functionality. Located in app-data/tailscale/data/config/*", + "placeholder": "/config/serve-config.json", + "env_variable": "TAILSCALE_SERVE_CONFIG" + }, + { + "type": "text", + "label": "TS_EXTRA_ARGS > Any other flags to pass in to the Tailscale CLI.", + "placeholder": "--accept-routes --advertise-tags=tag:container", + "env_variable": "TAILSCALE_EXTRA_ARGS" + }, + { + "type": "boolean", + "label": "TS_USERSPACE > Enable userspace networking, instead of kernel networking. Enabled by default.", + "env_variable": "TAILSCALE_USERSPACE" + } + ], + "supported_architectures": [ + "arm64", + "amd64" + ] +} \ No newline at end of file diff --git a/apps/tailscale/docker-compose.yml b/apps/tailscale/docker-compose.yml index eb406ccd..e622bb5d 100644 --- a/apps/tailscale/docker-compose.yml +++ b/apps/tailscale/docker-compose.yml @@ -1,20 +1,22 @@ -version: "3.8" - services: tailscale: container_name: tailscale - network_mode: "host" # TODO: Find a way to remove this image: tailscale/tailscale:v1.66.4 - privileged: true - restart: on-failure - stop_grace_period: 1m - command: "sh -c 'tailscale web --listen 0.0.0.0:${APP_PORT} & exec tailscaled --tun=userspace-networking'" + environment: + - TS_SERVE_CONFIG=${TAILSCALE_SERVE_CONFIG} + - TS_ACCEPT_DNS=${TAILSCALE_ACCEPT_DNS-false} + - TS_AUTH_ONCE=${TAILSCALE_AUTH_ONCE-false} + - TS_AUTHKEY=${TAILSCALE_AUTHKEY} + - TS_HOSTNAME=${TAILSCALE_HOSTNAME-runtipi} + - TS_ROUTES=${TAILSCALE_ROUTES} + - TS_EXTRA_ARGS=${TAILSCALE_EXTRA_ARGS} + - TS_USERSPACE=${TAILSCALE_USERSPACE-true} + - TS_STATE_DIR=/var/lib/tailscale + cap_add: + - net_admin + - sys_module + restart: unless-stopped volumes: - - /var/lib:/var/lib + - ${APP_DATA_DIR}/data/state:/var/lib/tailscale + - ${APP_DATA_DIR}/data/config:/config - /dev/net/tun:/dev/net/tun - healthcheck: - test: wget --no-verbose --tries=1 --spider http://localhost:${APP_PORT} - interval: 10s - timeout: 5s - retries: 5 - start_period: 30s diff --git a/apps/tailscale/metadata/description.md b/apps/tailscale/metadata/description.md index 1b4f17a3..36112c7f 100644 --- a/apps/tailscale/metadata/description.md +++ b/apps/tailscale/metadata/description.md @@ -4,4 +4,6 @@ Zero config VPN. Installs on any device in minutes, manages firewall rules for y Create a secure network between your servers, computers, and cloud instances. Even when separated by firewalls or subnets, Tailscale just works. Devices only connect after signing in through your existing identity provider. Easily enforce multi-factor authentication, deauthorize employees who’ve moved on, and more. -![Screenshot](https://tailscale.com/static/images/marketing/home-illustration-2080w.webp) \ No newline at end of file +![Screenshot](https://tailscale.com/static/images/marketing/home-illustration-2080w.webp) + +**Documentation:** https://tailscale.com/kb/1282/docker#parameters \ No newline at end of file