Route entire cluster subnet over tailscale

tools/render

@@ -11,6 +11,7 @@ import git
 import requests
 import yaml
 from jinja2 import Environment, FileSystemLoader, StrictUndefined, Template
+from netaddr import IPAddress
 
 REPO = git.Repo(sys.path[0], search_parent_directories=True)
 assert REPO.working_dir is not None
@@ -52,6 +53,11 @@ def render_templates(node: dict, args: dict):
     return Inner
 
 
+def tailscale_subnet(gateway: str, netmask: str):
+    netmask_bits = IPAddress(netmask).netmask_bits()
+    return f"{IPAddress(gateway) & IPAddress(netmask)}/{netmask_bits}"
+
+
 @functools.cache
 def get_schematic_id(schematic: str):
     """Lookup the schematic id associated with a given schematic"""
@@ -137,7 +143,11 @@ def main():
     with open(ROOT.joinpath("secrets.yaml")) as fyaml:
         config |= yaml.safe_load(fyaml)
 
-    template_args = {"config": config, "root": ROOT}
+    template_args = {
+        "config": config,
+        "root": ROOT,
+        "helper": {"tailscale_subnet": tailscale_subnet},
+    }
 
     nodes = []
     for fullname in walk_files(NODES):