refactor(tailscale): reworked tailscale app with params (#3802)

2024-06-16 23:03:53 +02:00 · 2024-06-16 23:03:53 +02:00 · ef33a1441c
commit ef33a1441c
parent 0b9abf6d05
3 changed files with 78 additions and 20 deletions
--- a/apps/tailscale/config.json
+++ b/apps/tailscale/config.json
@ -2,16 +2,70 @@
  "$schema": "../schema.json",
  "name": "Tailscale",
  "available": true,
+  "exposable": false,
+  "no_gui": true,
  "port": 8093,
  "id": "tailscale",
-  "tipi_version": 28,
+  "tipi_version": 29,
  "version": "1.66.4",
-  "categories": ["network", "security"],
+  "categories": [
+    "network",
+    "security"
+  ],
  "description": "Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.",
  "short_desc": "The easiest, most secure way to use WireGuard and 2FA.",
  "author": "© Tailscale Inc.",
  "source": "https://github.com/tailscale/tailscale",
  "website": "https://tailscale.com/",
-  "form_fields": [],
-  "supported_architectures": ["arm64", "amd64"]
+  "form_fields": [
+    {
+      "type": "boolean",
+      "label": "TS_ACCEPT_DNS > Accept DNS configuration from the admin console. Not accepted by default.",
+      "env_variable": "TAILSCALE_ACCEPT_DNS"
+    },
+    {
+      "type": "boolean",
+      "label": "TS_AUTH_ONCE > Attempt to log in only if not already logged in. False by default, to forcibly log in every time the container starts.",
+      "env_variable": "TAILSCALE_AUTH_ONCE"
+    },
+    {
+      "type": "text",
+      "label": "TS_AUTHKEY > An auth key used to authenticate the container. It is also possible to use an OAuth client secret. To mark a containerized node as ephemeral append ?ephemeral=true to the auth key or OAuth client secret.",
+      "placeholder": "tskey-abcdef1432341818",
+      "env_variable": "TAILSCALE_AUTHKEY"
+    },
+    {
+      "type": "text",
+      "label": "TS_HOSTNAME > Use the specified hostname for the node.",
+      "placeholder": "runtipi",
+      "env_variable": "TAILSCALE_HOSTNAME"
+    },
+    {
+      "type": "text",
+      "label": "TS_ROUTES > Advertise subnet routes. To accept advertised routes, use TS_EXTRA_ARGS to pass in --accept-routes.",
+      "placeholder": "10.0.0.0/8,192.168.0.0/24",
+      "env_variable": "TAILSCALE_ROUTES"
+    },
+    {
+      "type": "text",
+      "label": "TS_SERVE_CONFIG > Accepts a JSON file to programatically configure Serve and Funnel functionality. Located in app-data/tailscale/data/config/*",
+      "placeholder": "/config/serve-config.json",
+      "env_variable": "TAILSCALE_SERVE_CONFIG"
+    },
+    {
+      "type": "text",
+      "label": "TS_EXTRA_ARGS > Any other flags to pass in to the Tailscale CLI.",
+      "placeholder": "--accept-routes --advertise-tags=tag:container",
+      "env_variable": "TAILSCALE_EXTRA_ARGS"
+    },
+    {
+      "type": "boolean",
+      "label": "TS_USERSPACE > Enable userspace networking, instead of kernel networking. Enabled by default.",
+      "env_variable": "TAILSCALE_USERSPACE"
+    }
+  ],
+  "supported_architectures": [
+    "arm64",
+    "amd64"
+  ]
 }
--- a/apps/tailscale/docker-compose.yml
+++ b/apps/tailscale/docker-compose.yml
@ -1,20 +1,22 @@
-version: "3.8"
-
 services:
  tailscale:
    container_name: tailscale
-    network_mode: "host" # TODO: Find a way to remove this
    image: tailscale/tailscale:v1.66.4
-    privileged: true
-    restart: on-failure
-    stop_grace_period: 1m
-    command: "sh -c 'tailscale web --listen 0.0.0.0:${APP_PORT} & exec tailscaled --tun=userspace-networking'"
+    environment:
+      - TS_SERVE_CONFIG=${TAILSCALE_SERVE_CONFIG}
+      - TS_ACCEPT_DNS=${TAILSCALE_ACCEPT_DNS-false}
+      - TS_AUTH_ONCE=${TAILSCALE_AUTH_ONCE-false}
+      - TS_AUTHKEY=${TAILSCALE_AUTHKEY}
+      - TS_HOSTNAME=${TAILSCALE_HOSTNAME-runtipi}
+      - TS_ROUTES=${TAILSCALE_ROUTES}
+      - TS_EXTRA_ARGS=${TAILSCALE_EXTRA_ARGS}
+      - TS_USERSPACE=${TAILSCALE_USERSPACE-true}
+      - TS_STATE_DIR=/var/lib/tailscale
+    cap_add:
+      - net_admin
+      - sys_module
+    restart: unless-stopped
    volumes:
-      - /var/lib:/var/lib
+      - ${APP_DATA_DIR}/data/state:/var/lib/tailscale
+      - ${APP_DATA_DIR}/data/config:/config
      - /dev/net/tun:/dev/net/tun
-    healthcheck:
-      test: wget --no-verbose --tries=1 --spider http://localhost:${APP_PORT}
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 30s
--- a/apps/tailscale/metadata/description.md
+++ b/apps/tailscale/metadata/description.md
@ -5,3 +5,5 @@ Create a secure network between your servers, computers, and cloud instances. Ev
 Devices only connect after signing in through your existing identity provider. Easily enforce multi-factor authentication, deauthorize employees who’ve moved on, and more.

 ![Screenshot](https://tailscale.com/static/images/marketing/home-illustration-2080w.webp)
+
+**Documentation:** https://tailscale.com/kb/1282/docker#parameters