infra/metal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added tailscale

Browse Source 
Also routes the whole subnet of the cluster over tailscale so it can act
as an entry point to my home network even when not at home.
This commit is contained in:
Dreaded_X
2025-11-11 04:05:58 +01:00
parent a75a0c8722
commit 3b0a49f12e
7 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config.yaml
View File

@@ -1,3 +1,6 @@
server: server:
tftpIp: 192.168.1.1 tftpIp: 192.168.1.1
httpUrl: http://192.168.1.1:8000 httpUrl: http://192.168.1.1:8000
tailscale:
loginServer: https://headscale.huizinga.dev

1
nodes/_defaults.yaml
View File

@@ -26,5 +26,6 @@ patches:
- !patch install-disk - !patch install-disk
- !patch network - !patch network
- !patch vip - !patch vip
- !patch tailscale
patchesControlPlane: patchesControlPlane:
- !patch allow-control-plane-workloads - !patch allow-control-plane-workloads

7
patches/tailscale.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: tailscale
environment:
- TS_AUTHKEY={{ config.tailscale.authKey }}
- TS_EXTRA_ARGS=--login-server {{ config.tailscale.loginServer }}
- TS_ROUTES={{ helper.tailscale_subnet(node.gateway, node.netmask) }}

1
requirements.txt
View File

@@ -3,3 +3,4 @@ requests==2.32.5
Jinja2==3.1.6 Jinja2==3.1.6
GitPython==3.1.45 GitPython==3.1.45
mergedeep==1.3.4 mergedeep==1.3.4
netaddr==1.3.0

1
schematics/default.yaml
View File

@@ -5,3 +5,4 @@ customization:
- siderolabs/util-linux-tools - siderolabs/util-linux-tools
- siderolabs/intel-ucode - siderolabs/intel-ucode
- siderolabs/i915 - siderolabs/i915
- siderolabs/tailscale

BIN
secrets.yaml Normal file
View File

Binary file not shown.

12
tools/render
View File

@@ -12,6 +12,7 @@ import requests
import yaml import yaml
from jinja2 import Environment, FileSystemLoader, StrictUndefined, Template from jinja2 import Environment, FileSystemLoader, StrictUndefined, Template
from mergedeep import merge from mergedeep import merge
from netaddr import IPAddress
REPO = git.Repo(sys.path[0], search_parent_directories=True) REPO = git.Repo(sys.path[0], search_parent_directories=True)
assert REPO.working_dir is not None assert REPO.working_dir is not None
@@ -53,6 +54,11 @@ def render_templates(node: dict, args: dict):
return Inner return Inner
def tailscale_subnet(gateway: str, netmask: str):
netmask_bits = IPAddress(netmask).netmask_bits()
return f"{IPAddress(gateway) & IPAddress(netmask)}/{netmask_bits}"
@functools.cache @functools.cache
def get_schematic_id(schematic: str): def get_schematic_id(schematic: str):
"""Lookup the schematic id associated with a given schematic""" """Lookup the schematic id associated with a given schematic"""
@@ -138,7 +144,11 @@ def main():
with open(ROOT.joinpath("secrets.yaml")) as fyaml: with open(ROOT.joinpath("secrets.yaml")) as fyaml:
merge(config, yaml.safe_load(fyaml)) merge(config, yaml.safe_load(fyaml))
template_args = {"config": config, "root": ROOT} template_args = {
"config": config,
"root": ROOT,
"helper": {"tailscale_subnet": tailscale_subnet},
}
nodes = [] nodes = []
for fullname in walk_files(NODES): for fullname in walk_files(NODES):