Add optional tailscale service

[klutchell]

Signed-off-by: Kyle Harding kyle@balena.io Depends-on: https://github.com/klutchell/balena-pihole/pull/207

[klutchell]

@eiddor this is working for me (both using Tailscale, and with it disabled).

The service is configured with REQUIRE_AUTH_KEY=true by default, meaning that if TS_AUTH_KEY is not set the service will exit quietly and not loop forever. This makes the service effectively "opt-in".

So it can be used by either providing TS_AUTH_KEY or REQUIRE_AUTH_KEY=false and using the auth URL from the logs.

The best part of this PR though, is binding to all interfaces by default without port conflicts! LMK if it works for you!

[eiddor]

I'll give it a shot this afternoon!

[klutchell]

This one is next! The tailscale service should be stopped by default.

[eiddor]

[Error]      Some services failed to build:
[Error]        Service: tailscale
[Error]          Error: pull access denied for bh.cr/klutchell_blocks/tailscale-armv7hf/1.36.0, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
[Info]       Built on arm01
[Error]      Not deploying release.
Remote build failed

[klutchell]

Oh good catch, I guess I need to make that block public.

On Mon, Feb 13, 2023, 7:36 a.m. Roddie Hasan @.***> wrote:

[Error] Some services failed to build: [Error] Service: tailscale [Error] Error: pull access denied for bh.cr/klutchell_blocks/tailscale-armv7hf/1.36.0, repository does not exist or may require 'docker login': denied: requested access to the resource is denied [Info] Built on arm01 [Error] Not deploying release. Remote build failed

— Reply to this email directly, view it on GitHub https://github.com/klutchell/balena-pihole/pull/200#issuecomment-1427871073, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4CWIDMVC6RH76TAYFNYS3WXITFJANCNFSM6AAAAAAUJ2LZOY . You are receiving this because you authored the thread.Message ID: @.***>

[klutchell]

Okay, should work now?

On Mon, Feb 13, 2023 at 8:04 AM Kyle Harding @.***> wrote:

Oh good catch, I guess I need to make that block public.

On Mon, Feb 13, 2023, 7:36 a.m. Roddie Hasan @.***> wrote:

[Error] Some services failed to build: [Error] Service: tailscale [Error] Error: pull access denied for bh.cr/klutchell_blocks/tailscale-armv7hf/1.36.0, repository does not exist or may require 'docker login': denied: requested access to the resource is denied [Info] Built on arm01 [Error] Not deploying release. Remote build failed

— Reply to this email directly, view it on GitHub https://github.com/klutchell/balena-pihole/pull/200#issuecomment-1427871073, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4CWIDMVC6RH76TAYFNYS3WXITFJANCNFSM6AAAAAAUJ2LZOY . You are receiving this because you authored the thread.Message ID: @.***>

[eiddor]

Got the new version pushed and I see the tailscale service running because I have REQUIRE_AUTH_KEY=false, but I don't see any auth URL or access URL in the logs. The tailscale service actually has nothing in the log.

[klutchell]

Odd, what if you restart the service?

On Mon, Feb 13, 2023 at 9:01 AM Roddie Hasan @.***> wrote:

Got the new version pushed and I see the tailscale service running because I have REQUIRE_AUTH_KEY=false, but I don't see any auth URL or access URL in the logs. The tailscale service actually has nothing in the log.

[image: image] https://user-images.githubusercontent.com/7586731/218477662-73e9356d-0d90-4170-9c08-c7bb00aa2871.png

— Reply to this email directly, view it on GitHub https://github.com/klutchell/balena-pihole/pull/200#issuecomment-1427988502, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE4CWIB2X3P2YOAJJLCGVULWXI5DNANCNFSM6AAAAAAUJ2LZOY . You are receiving this because you authored the thread.Message ID: @.***>

[eiddor]

That screenshot was after restarting the service - Absolutely nothing in the log about tailscale, not with a service filter or even a text filter.

I restarted the entire device and it works now, though - very strange! I stopped short of installing the app on my Mac, but I was able to auth the device to Tailscale and see it connected. I flipped REQUIRE_AUTH_KEY to true and the service is excited as expected. I think we're good to go! (once you get it merged, I'll test the latest Pihole.)