seasharp/Rosenthal
1
0
Fork 0
mirror of https://codeberg.org/hako/Rosenthal.git synced 2025-06-14 06:45:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

services: tailscale: Reduce configuration fields.

Browse Source 
* rosenthal/services/networking.scm (tailscale-configuration)
[extra-options]: New field.
[iptables]: Switch to iptables-nft.
[socket]: Move to /run.
[bird-socket,debug-server,port,http-proxy-server,socks5-server,state-file]
[tunnel-interface]: Remove fields.
(tailscale-shepherd-service): Adjust accordingly.
This commit is contained in:
Hilton Chain 2024-10-02 20:42:52 +08:00
parent 1d40787105
commit 7409288c70
No known key found for this signature in database
GPG Key ID: ACC66D09CA528292
1 changed files with 10 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
rosenthal/services/networking.scm
View File

@ -375,56 +375,23 @@ list, power save will be disabled."))
"The tailscale package to use.") "The tailscale package to use.")
(iptables (iptables
(file-like iptables) (file-like iptables-nft)
"The iptables package to use.") "The iptables package to use.")
(log-file (log-file
(string "/var/log/tailscaled.log") (string "/var/log/tailscaled.log")
"Path to log file.") "Path to log file.")
(bird-socket
maybe-string
"Path of the bird UNIX socket.")
(debug-server
maybe-string
"Listen address ([ip]:port) of optional debug server.")
(port
(integer 0)
"UDP port to listen for WireGuard and peer-to-peer traffic; 0 means
automatically select.")
(socket (socket
(string "/var/run/tailscale/tailscaled.sock") (string "/run/tailscale/tailscaled.sock")
"Path of the service UNIX socket.") "Path of the service UNIX socket.")
(http-proxy-server
maybe-string
"[ip]:port to run an outbound HTTP proxy (e.g. \"localhost:8080\").")
(socks5-server
maybe-string
"[ip]:port to run a SOCKS5 server (e.g. \"localhost:1080\").")
(state-directory (state-directory
(string "/var/lib/tailscale") (string "/var/lib/tailscale")
"Path to directory for storage of config state, TLS certs, temporary incoming "Path to directory for storage of config state, TLS certs, temporary incoming
Taildrop files, etc. If empty, it's derived from @code{state-file} when Taildrop files, etc. If empty, it's derived from @code{state-file} when
possible.") possible.")
(state-file
maybe-string
"Absolute path of state file; use @code{kube:<secret-name>} to use Kubernetes
secrets or @code{arn:aws:ssm:...} to store in AWS SSM; use 'mem:' to not store
state and register as an ephemeral node. If empty and @code{state-directory} is
provided, the default is @code{<state-directory>/tailscaled.state}.")
(tunnel-interface
(string "tailscale0")
"Tunnel interface name; use @code{\"userspace-networking\"} (beta) to not use
TUN.")
(upload-log? (upload-log?
(boolean #f) (boolean #f)
"Whether to upload logs or not, technical support is also disabled when set "Whether to upload logs or not, technical support is also disabled when set
@ -433,6 +400,10 @@ to #f.")
(verbosity (verbosity
(integer 0) (integer 0)
"Log verbosity level; 0 is default, 1 or higher are increasingly verbose.") "Log verbosity level; 0 is default, 1 or higher are increasingly verbose.")
(extra-options
(list-of-strings '())
"List of extra options.")
(no-serialization)) (no-serialization))
(define (tailscale-log-rotations config) (define (tailscale-log-rotations config)
@ -441,9 +412,8 @@ to #f.")
(define tailscale-shepherd-service (define tailscale-shepherd-service
(match-record-lambda <tailscale-configuration> (match-record-lambda <tailscale-configuration>
(tailscale iptables log-file bird-socket debug-server port socket (tailscale iptables log-file socket state-directory
http-proxy-server socks5-server state-directory state-file upload-log? verbosity extra-options)
tunnel-interface upload-log? verbosity)
(let ((environment (let ((environment
#~(list (string-append "PATH=" #~(list (string-append "PATH="
(string-join (string-join
@ -458,29 +428,13 @@ to #f.")
#~(make-forkexec-constructor #~(make-forkexec-constructor
(list (list
#$(file-append tailscale "/bin/tailscaled") #$(file-append tailscale "/bin/tailscaled")
#$@(if (maybe-value-set? bird-socket)
`("-bird-socket" ,bird-socket)
'())
#$@(if (maybe-value-set? debug-server)
`("-debug" ,debug-server)
'())
#$@(if upload-log? #$@(if upload-log?
'() '()
'("-no-logs-no-support")) '("-no-logs-no-support"))
#$@(if (maybe-value-set? http-proxy-server)
`("-outbound-http-proxy-listen" ,http-proxy-server)
'())
"-port" #$(number->string port)
"-socket" #$socket "-socket" #$socket
#$@(if (maybe-value-set? socks5-server)
`("-socks5-server" ,socks5-server)
'())
#$@(if (maybe-value-set? state-file)
`("-state" ,state-file)
'())
"-statedir" #$state-directory "-statedir" #$state-directory
"-tun" #$tunnel-interface "-verbose" #$(number->string verbosity)
"-verbose" #$(number->string verbosity)) #$@extra-options)
#:environment-variables #$environment #:environment-variables #$environment
#:log-file #$log-file)) #:log-file #$log-file))
(stop #~(make-kill-destructor))))))) (stop #~(make-kill-destructor)))))))