[PACKAGE REQUEST] Tailscale

[shayne]

Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.

Similar to Tinc, but uses WireGuard (wireguard-go) and doesn't require port forwarding (does NAT busting). Would be great to have installed via NerdPack over Docker. Having it installed via NerdPack would allow access to the machine even if the array is stopped.

Statically compiled (go program)

https://pkgs.tailscale.com/stable/#static

[shayne]

Ended up throwing together a SlackBuild for Tailscale.

[mikeburgh]

@shayne do you still use this ? when I install it, nothing seems to happen in Unraid (nothing added to boot/config for example), and NerdPack still shows it as uninstalled.

[shayne]

I noticed that too... I just manually install it/update it. Not sure why...

# /boot/config/go
installpkg /boot/config/tailscale/tailscale-1.6.0_amd64-x86_64-1_SBo.txz
ln -s /boot/config/tailscale/tailscaled.state /var/lib/tailscale/tailscaled.state
/usr/sbin/tailscaled > /var/log/tailscale.log 2>&1 &

[mikeburgh]

Ahh, simple enough, thanks! although where did you fetch the package from, just from the matching static build: https://pkgs.tailscale.com/stable/#static ?

[mikeburgh]

Incase anyone else needs it, here are the steps to use the static builds:

#Do this manually on the server
#it will fetch the latest version of tailscale, into /boot/config/tailscale/tailscale_latest_amd64
#and also setup a state file to survive reboots/upgrades
mkdir /boot/config/tailscale
cd /boot/config/tailscale
touch tailscaled.state
tailscaleVer=$(curl -sL https://api.github.com/repos/tailscale/tailscale/releases/latest |  jq -r ".tag_name" | cut -c 2-)
curl "https://pkgs.tailscale.com/stable/tailscale_${tailscaleVer}_amd64.tgz" -O
tar xvf "tailscale_${tailscaleVer}_amd64.tgz" 
mv "tailscale_${tailscaleVer}_amd64" tailscale_latest_amd64

#Then add to /boot/config/go:
mkdir /tmp/tailscale
mkdir /var/lib/tailscale
cp /boot/config/tailscale/tailscale_latest_amd64/tailscale* /tmp/tailscale/
chmod +x /tmp/tailscale/tailscale*
ln -s /boot/config/tailscale/tailscaled.state /var/lib/tailscale/tailscaled.state
/tmp/tailscale/tailscaled > /var/log/tailscale.log 2>&1 &

#then reboot and run to auth the first time (or when token expires down the road) 
/tmp/tailscale/tailscale up

[Cruizer8]

Incase anyone else needs it, here are the steps to use the static builds:

#Do this manually on the server
mkdir /boot/config/tailscale
cd /boot/config/tailscale
touch tailscaled.state
curl https://pkgs.tailscale.com/stable/tailscale_1.10.2_amd64.tgz -O
tar xvf tailscale_1.10.2_amd64.tgz

#Then add to /boot/config/go:
mkdir /tmp/tailscale
cp /boot/config/tailscale/tailscale_1.10.2_amd64/tailscale* /tmp/tailscale/
chmod +x /tmp/tailscale/tailscale*
ln -s /boot/config/tailscale/tailscaled.state /var/lib/tailscale/tailscaled.state
/tmp/tailscale/tailscaled > /var/log/tailscale.log 2>&1 &

#then reboot and run to auth the first time (or when token expires down the road) 
/tmp/tailscale/tailscale up

This was very helpful but I ran into an issue where the settings would not persist during a reboot and I had to re-authenticate every restart. After troubleshooting, I discovered that the /var/lib/tailscale directory does not exist on restart so I added the following to the /boot/config/go file after mkdir /tmp/tailscale and everything ran swimmingly. mkdir /var/lib/tailscale

[mikeburgh]

Ahh indeed, thanks for pointing that out, fixed the post!

[tomtom215]

Just want to say thank you to everyone in this thread!

I originally tried the NerdPack install which I noticed was an old version and did not appear to work. After doing some research and following the posts above I now I have Tailscale connected even when the array is stopped.

One thought is possibly setting a regex to grab the latest package instead of hardcoding the version? (For ex. it is currently now on 1.16.1)

[mikeburgh]

trying to regex it off their downloads page could be prone to errors.. If tailscale produced a "latest" url that redirected to the latest build that would work.. eg instead of https://pkgs.tailscale.com/stable/tailscale_1.16.1_amd64.tgz something like https://pkgs.tailscale.com/stable/latest/tailscale_amd64.tgz but it would be up to them to do that.

[shayne]

You can use GitHub to get the latest release version...

$ curl -sL https://api.github.com/repos/tailscale/tailscale/releases/latest

Using jq you can get the version and use that to generate a URL to download...

$ curl -sL https://api.github.com/repos/tailscale/tailscale/releases/latest |  jq -r ".tag_name"

[mikeburgh]

Ahh, never thought about that approach... nice!, updated the original post.

It's still a little clunky, you could probably save the latest version down in the boot file instead, but not sure what happens if that fails.

[shayne]

Combined with your approach @mikeburgh, here's a gist that can perform auto upgrades (scheduled via User Scripts). It also places the binaries in the PATH so they're easily made available via CLI.

https://gist.github.com/shayne/25e194e068751e281937ef68edefb99b