From 6d28a88df685ceb0e138d82d58169acd4b040c91 Mon Sep 17 00:00:00 2001 From: Guilhem Lettron Date: Sat, 4 May 2024 15:06:06 +0200 Subject: [PATCH] feat: add a tailscale bake Signed-off-by: Guilhem Lettron --- README.md | 23 ++++++++++++++---- create_tailscale_sysext.sh | 48 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 4 deletions(-) create mode 100755 create_tailscale_sysext.sh diff --git a/README.md b/README.md index 85248f9..a1a055a 100644 --- a/README.md +++ b/README.md @@ -226,7 +226,7 @@ version: 1.0.0 storage: links: - path: /etc/systemd/system/multi-user.target.wants/k3s.service - target: /usr/local/lib/systemd/k3s.service + target: /usr/local/lib/systemd/system/k3s.service overwrite: true ``` @@ -238,7 +238,7 @@ version: 1.0.0 storage: links: - path: /etc/systemd/system/multi-user.target.wants/k3s-agent.service - target: /usr/local/lib/systemd/k3s-agent.service + target: /usr/local/lib/systemd/system/k3s-agent.service overwrite: true ``` @@ -257,7 +257,7 @@ version: 1.0.0 storage: links: - path: /etc/systemd/system/multi-user.target.wants/rke2-server.service - target: /usr/local/lib/systemd/rke2-server.service + target: /usr/local/lib/systemd/system/rke2-server.service overwrite: true ``` @@ -269,7 +269,7 @@ version: 1.0.0 storage: links: - path: /etc/systemd/system/multi-user.target.wants/rke2-agent.service - target: /usr/local/lib/systemd/rke2-agent.service + target: /usr/local/lib/systemd/system/rke2-agent.service overwrite: true ``` @@ -277,6 +277,21 @@ Of course, any configuration you need should be prepared before starting the services, like providing a token for an agent or server to join or creating a `config.yaml` file. +#### Tailscale + +The Tailscale sysext ships a service unit but doesn't pre-enable it. +You can use this Butane snippet to enable it: + +``` +variant: flatcar +version: 1.0.0 +storage: + links: + - path: /etc/systemd/system/multi-user.target.wants/tailscaled.service + target: /usr/local/lib/systemd/system/tailscaled.service + overwrite: true +``` + ### Creating a custom Docker sysext image The Docker releases publish static binaries including containerd and the only missing piece are the systemd units. diff --git a/create_tailscale_sysext.sh b/create_tailscale_sysext.sh new file mode 100755 index 0000000..8e6e0db --- /dev/null +++ b/create_tailscale_sysext.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash +set -euo pipefail + +export ARCH="${ARCH-x86-64}" +SCRIPTFOLDER="$(dirname "$(readlink -f "$0")")" + +if [ $# -lt 2 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then + echo "Usage: $0 VERSION SYSEXTNAME" + echo "The script will download tailscale binaries (e.g., for 1.64.0) and create a sysext squashfs image with the name SYSEXTNAME.raw in the current folder." + echo "A temporary directory named SYSEXTNAME in the current folder will be created and deleted again." + echo "All files in the sysext image will be owned by root." + echo "To use arm64 pass 'ARCH=arm64' as environment variable (current value is '${ARCH}')." + "${SCRIPTFOLDER}"/bake.sh --help + exit 1 +fi + +VERSION="$1" +SYSEXTNAME="$2" + +if [ "${ARCH}" = "x86-64" ]; then + ARCH="amd64" +elif [ "${ARCH}" = "aarch64" ]; then + ARCH="arm64" +fi + +TARBALL="tailscale_${VERSION}_${ARCH}.tgz" +URL="https://pkgs.tailscale.com/stable/${TARBALL}" + +rm -rf "${SYSEXTNAME}" +TMP_DIR="${SYSEXTNAME}/tmp" +mkdir -p "${TMP_DIR}" + +curl -o "${TMP_DIR}/${TARBALL}" -fsSL "${URL}" + +tar xf "${TMP_DIR}/${TARBALL}" -C "${TMP_DIR}" --strip-components=1 + +mkdir -p "${SYSEXTNAME}"/usr/local/{bin,sbin,lib/{systemd/system,extension-release.d}} + +mv "${TMP_DIR}/tailscale" "${SYSEXTNAME}/usr/local/bin/tailscale" +mv "${TMP_DIR}/tailscaled" "${SYSEXTNAME}/usr/local/sbin/tailscaled" +mv "${TMP_DIR}/systemd/tailscaled.service" "${SYSEXTNAME}/usr/local/lib/systemd/system/tailscaled.service" + +sed -i 's/--port.*//g' "${SYSEXTNAME}/usr/local/lib/systemd/system/tailscaled.service" + +rm -rf "${TMP_DIR}" + +RELOAD=1 "${SCRIPTFOLDER}"/bake.sh "${SYSEXTNAME}" +rm -rf "${SYSEXTNAME}"