services: Add tailscale.

* rosenthal/services/networking.scm (tailscale-configuration): New data type.
(tailscale-shepherd-service,tailscale-service-type): New variables.
* README.org: Update.

README.org

@@ -117,6 +117,7 @@ Rosenthal 頻道定義如下，將其加入 =~/.config/guix/channels.scm= 以由
 
 Binary Packages / 二進制包：
 + clash-bin
++ clash-meta-bin
 + hugo-bin
 + shadow-tls-bin
 + sing-box-bin
@@ -137,4 +138,5 @@ Non-free Packages / 非自由軟件：
 + (home-)shadow-tls-service-type
 + smartdns-service-type
 + home-socks2http-service-type
++ tailscale-service-type
 + home-wakapi-service-type

rosenthal/services/networking.scm

@@ -6,13 +6,18 @@
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (gnu packages dns)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages networking)
   #:use-module (gnu services)
   #:use-module (gnu services configuration)
   #:use-module (gnu services dbus)
   #:use-module (gnu services shepherd)
+  #:use-module (rosenthal packages binaries)
   #:export (iwd-configuration
-            iwd-service-type))
+            iwd-service-type
+
+            tailscale-configuration
+            tailscale-service-type))
 
 ;;
 ;; iwd
@@ -379,3 +384,128 @@ list, power save will be disabled."))
                              add-iwd-package)))
    (default-value (iwd-configuration))
    (description "Run iwd, the iNet wireless daemon.")))
+
+
+;;
+;; Tailscale
+;;
+
+
+(define-configuration tailscale-configuration
+  (tailscale
+   (file-like tailscale-bin)
+   "The tailscale package to use.")
+
+  (iptables
+   (file-like iptables)
+   "The iptables package to use.")
+
+  (log-file
+   (string "/dev/null")
+   "Path to log file.")
+
+  (bird-socket
+   maybe-string
+   "Path of the bird UNIX socket.")
+
+  (debug-server
+   maybe-string
+   "Listen address ([ip]:port) of optional debug server.")
+
+  (port
+   (integer 0)
+   "UDP port to listen for WireGuard and peer-to-peer traffic; 0 means
+automatically select.")
+
+  (socket
+   (string "/var/run/tailscale/tailscaled.sock")
+   "Path of the service UNIX socket.")
+
+  (http-proxy-server
+   maybe-string
+   "[ip]:port to run an outbound HTTP proxy (e.g. \"localhost:8080\").")
+
+  (socks5-server
+   maybe-string
+   "[ip]:port to run a SOCKS5 server (e.g. \"localhost:1080\").")
+
+  (state-directory
+   (string "/var/lib/tailscale")
+   "Path to directory for storage of config state, TLS certs, temporary incoming
+Taildrop files, etc.  If empty, it's derived from @code{state-file} when
+possible.")
+
+  (state-file
+   maybe-string
+   "Absolute path of state file; use @code{kube:<secret-name>} to use Kubernetes
+secrets or @code{arn:aws:ssm:...} to store in AWS SSM; use 'mem:' to not store
+state and register as an ephemeral node.  If empty and @code{state-directory} is
+provided, the default is @code{<state-directory>/tailscaled.state}.")
+
+  (tunnel-interface
+   (string "tailscale0")
+   "Tunnel interface name; use @code{\"userspace-networking\"} (beta) to not use
+TUN.")
+
+  (upload-log?
+   (boolean #f)
+   "Whether to upload logs or not, technical support is also disabled when set
+to #f.")
+
+  (verbosity
+   (integer 0)
+   "Log verbosity level; 0 is default, 1 or higher are increasingly verbose.")
+  (no-serialization))
+
+(define tailscale-shepherd-service
+  (match-record-lambda <tailscale-configuration>
+      (tailscale iptables log-file bird-socket debug-server port socket
+                 http-proxy-server socks5-server state-directory state-file
+                 tunnel-interface upload-log? verbosity)
+    (let ((environment
+           #~(list (string-append "PATH=" #$(file-append iptables "/sbin")))))
+      (list (shepherd-service
+             (documentation "Run tailscaled")
+             (provision '(tailscaled))
+             (requirement '(user-processes))
+             (start
+              #~(make-forkexec-constructor
+                 (list
+                  #$(file-append tailscale "/bin/tailscaled")
+                  #$@(if (maybe-value-set? bird-socket)
+                         `("-bird-socket" ,bird-socket)
+                         '())
+                  #$@(if (maybe-value-set? debug-server)
+                         `("-debug" ,debug-server)
+                         '())
+                  #$@(if upload-log?
+                         '()
+                         '("-no-logs-no-support"))
+                  #$@(if (maybe-value-set? http-proxy-server)
+                         `("-outbound-http-proxy-listen" ,http-proxy-server)
+                         '())
+                  "-port" #$(number->string port)
+                  "-socket" #$socket
+                  #$@(if (maybe-value-set? socks5-server)
+                         `("-socks5-server" ,socks5-server)
+                         '())
+                  #$@(if (maybe-value-set? state-file)
+                         `("-state" ,state-file)
+                         '())
+                  "-statedir" #$state-directory
+                  "-tun" #$tunnel-interface
+                  "-verbose" #$(number->string verbosity))
+                 #:environment-variables #$environment
+                 #:log-file #$log-file))
+             (stop #~(make-kill-destructor)))))))
+
+(define tailscale-service-type
+  (service-type
+   (name 'tailscaled)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             tailscale-shepherd-service)
+          (service-extension profile-service-type
+                             (compose list tailscale-configuration-tailscale))))
+   (default-value (tailscale-configuration))
+   (description "Run tailscaled.")))