From 3b0a49f12e5e0f228adbfa3629354b4800f73846 Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Tue, 11 Nov 2025 04:05:58 +0100 Subject: [PATCH] Added tailscale Also routes the whole subnet of the cluster over tailscale so it can act as an entry point to my home network even when not at home. --- config.yaml | 3 +++ nodes/_defaults.yaml | 1 + patches/tailscale.yaml | 7 +++++++ requirements.txt | 1 + schematics/default.yaml | 1 + secrets.yaml | Bin 0 -> 95 bytes tools/render | 12 +++++++++++- 7 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 patches/tailscale.yaml create mode 100644 secrets.yaml diff --git a/config.yaml b/config.yaml index 6b6309e..c3c705a 100644 --- a/config.yaml +++ b/config.yaml @@ -1,3 +1,6 @@ server: tftpIp: 192.168.1.1 httpUrl: http://192.168.1.1:8000 + +tailscale: + loginServer: https://headscale.huizinga.dev diff --git a/nodes/_defaults.yaml b/nodes/_defaults.yaml index 29031e8..d8e62db 100644 --- a/nodes/_defaults.yaml +++ b/nodes/_defaults.yaml @@ -26,5 +26,6 @@ patches: - !patch install-disk - !patch network - !patch vip + - !patch tailscale patchesControlPlane: - !patch allow-control-plane-workloads diff --git a/patches/tailscale.yaml b/patches/tailscale.yaml new file mode 100644 index 0000000..0161b7e --- /dev/null +++ b/patches/tailscale.yaml @@ -0,0 +1,7 @@ +apiVersion: v1alpha1 +kind: ExtensionServiceConfig +name: tailscale +environment: + - TS_AUTHKEY={{ config.tailscale.authKey }} + - TS_EXTRA_ARGS=--login-server {{ config.tailscale.loginServer }} + - TS_ROUTES={{ helper.tailscale_subnet(node.gateway, node.netmask) }} diff --git a/requirements.txt b/requirements.txt index 5594b17..db84d6c 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,3 +3,4 @@ requests==2.32.5 Jinja2==3.1.6 GitPython==3.1.45 mergedeep==1.3.4 +netaddr==1.3.0 diff --git a/schematics/default.yaml b/schematics/default.yaml index a90b6f0..c12043f 100644 --- a/schematics/default.yaml +++ b/schematics/default.yaml @@ -5,3 +5,4 @@ customization: - siderolabs/util-linux-tools - siderolabs/intel-ucode - siderolabs/i915 + - siderolabs/tailscale diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000000000000000000000000000000000000..b187c779c13deb14dd2fe04dd60e3c696d5bab95 GIT binary patch literal 95 zcmV-l0HFT>M@dveQdv+`0J5BAa7{<~wD_sNFY-zG5$5quS3gV)M7DzyiVn_5b*5z@ zA^D0B@p{6J7^I|jHIFBN(%4JHgu0P0ZJdc%%oF|WNh?6gO>5~ElT@RaM8wNYe&`!B BEtdcQ literal 0 HcmV?d00001 diff --git a/tools/render b/tools/render index 3c5706f..b06232f 100755 --- a/tools/render +++ b/tools/render @@ -12,6 +12,7 @@ import requests import yaml from jinja2 import Environment, FileSystemLoader, StrictUndefined, Template from mergedeep import merge +from netaddr import IPAddress REPO = git.Repo(sys.path[0], search_parent_directories=True) assert REPO.working_dir is not None @@ -53,6 +54,11 @@ def render_templates(node: dict, args: dict): return Inner +def tailscale_subnet(gateway: str, netmask: str): + netmask_bits = IPAddress(netmask).netmask_bits() + return f"{IPAddress(gateway) & IPAddress(netmask)}/{netmask_bits}" + + @functools.cache def get_schematic_id(schematic: str): """Lookup the schematic id associated with a given schematic""" @@ -138,7 +144,11 @@ def main(): with open(ROOT.joinpath("secrets.yaml")) as fyaml: merge(config, yaml.safe_load(fyaml)) - template_args = {"config": config, "root": ROOT} + template_args = { + "config": config, + "root": ROOT, + "helper": {"tailscale_subnet": tailscale_subnet}, + } nodes = [] for fullname in walk_files(NODES):