feat: tailscale extension

Tailscale as a system service extension.
Creates network devices in the talos 'host'

Makefile

@@ -51,7 +51,8 @@ TARGETS = \
 		nut-client \
 		nvidia-container-toolkit \
 		nvidia-fabricmanager \
-		nvidia-open-gpu-kernel-modules
+		nvidia-open-gpu-kernel-modules \
+		tailscale
 
 # Temporarily disabled, as mellanox-ofed fails to build with Linux 6.1
 #		mellanox-ofed \

network/tailscale/manifest.yaml

@@ -0,0 +1,10 @@
+version: v1alpha1
+metadata:
+  name: tailscale
+  version: "$VERSION"
+  author: Beau Trepp
+  description: |
+    Tailscale connects your team's devices and development environments for easy access to remote resources.
+  compatibility:
+    talos:
+      version: ">= v1.2.0"

network/tailscale/pkg.yaml

@@ -0,0 +1,38 @@
+name: tailscale
+variant: scratch
+shell: /toolchain/bin/bash
+dependencies:
+  - stage: base
+steps:
+  - env:
+      GOPATH: /go
+  - sources:
+      - url: https://github.com/tailscale/tailscale/archive/refs/tags/v{{ .TAILSCALE_VERSION }}.tar.gz
+        destination: tailscale.tar.gz
+        sha256: 6964176889943e0e0b25d8d69e14226cfb1c1a9944a257b24cb2dd212f797141
+        sha512: a64cad7685ba1dd438e16c8fa6ed1c29e5d840ffe17b2417342e43a2da5c1679826eb3a29b33e40ac075171a59605cdc857e1e09e60cf5140b22d363bb31ff30
+    prepare:
+      - |
+        sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
+      - |
+        tar -xzvf tailscale.tar.gz --strip-components=1
+    build:
+      - |
+        export PATH=${PATH}:${TOOLCHAIN}/go/bin
+        mkdir dist
+        go build -o dist -ldflags "-X tailscale.com/version.shortStamp={{ .TAILSCALE_VERSION }}" tailscale.com/cmd/{tailscale,tailscaled,containerboot}
+    install:
+      - |
+        mkdir -p /rootfs/usr/local/etc/containers
+        mkdir -p /rootfs/usr/local/lib/containers/tailscale
+        mkdir -p /rootfs/usr/local/bin
+        cp -pr dist/tailscale /rootfs/usr/local/bin
+        cp -pr dist/tailscaled /rootfs/usr/local/bin
+        cp -pr dist/containerboot /rootfs/usr/local/lib/containers/tailscale
+finalize:
+  - from: /rootfs
+    to: /rootfs
+  - from: /pkg/manifest.yaml
+    to: /
+  - from: /pkg/tailscale.yaml
+    to: /rootfs/usr/local/etc/containers/

network/tailscale/tailscale.yaml

@@ -0,0 +1,66 @@
+name: tailscale
+depends:
+  - service: cri
+  - network:
+    - addresses
+    - connectivity
+    - etcfiles
+container:
+  entrypoint: ./containerboot
+  args: []
+  environment:
+  - PATH=/usr/local/bin:/sbin
+  - TS_SOCKET=/var/run/tailscale/tailscaled.sock
+  - TS_STATE_DIR=/var/lib/tailscale
+  - TS_USERSPACE=false
+  security:
+    maskedPaths: []
+    readonlyPaths: []
+    writeableRootfs: true
+    writeableSysfs: true
+  mounts:
+  # libs
+  - source: /lib
+    destination: /lib
+    type: bind
+    options:
+      - bind
+      - ro
+  # more libs
+  - source: /usr/lib
+    destination: /usr/lib
+    type: bind
+    options:
+      - bind
+      - ro
+  - source: /sbin
+    destination: /sbin
+    type: bind
+    options:
+      - bind
+      - ro
+  - source: /usr/local/bin
+    destination: /usr/local/bin
+    type: bind
+    options:
+      - bind
+      - ro
+  - source: /dev/net/tun
+    destination: /dev/net/tun
+    type: bind
+    options:
+      - bind
+      - rw
+  - source: /var/lib/tailscale
+    destination: /var/lib/tailscale
+    type: bind
+    options:
+      - bind
+      - rw
+  - source: /var/run/tailscale
+    destination: /var/run/tailscale
+    type: bind
+    options:
+      - bind
+      - rw
+restart: always

network/tailscale/vars.yaml

@@ -0,0 +1 @@
+VERSION: "{{ .TAILSCALE_VERSION }}-{{ .BUILD_ARG_TAG }}"

network/vars.yaml

@@ -0,0 +1 @@
+TAILSCALE_VERSION: 1.40.0