tailscale: init at 0.96-33

Signed-off-by: Martin Baillie <martin@baillie.email>

5 files changed, 90 insertions, 0 deletions

diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 993e5c2d46d..5f90bc8b152 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -4607,6 +4607,12 @@
     githubId = 1269099;
     name = "Marius Bakke";
   };
+  mbaillie = {
+    email = "martin@baillie.email";
+    github = "martinbaillie";
+    githubId = 613740;
+    name = "Martin Baillie";
+  };
   mbbx6spp = {
     email = "me@susanpotter.net";
     github = "mbbx6spp";
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 8c6e8766cd9..1ff5f5ff0c2 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -728,6 +728,7 @@
   ./services/networking/syncthing.nix
   ./services/networking/syncthing-relay.nix
   ./services/networking/syncplay.nix
+  ./services/networking/tailscale.nix
   ./services/networking/tcpcrypt.nix
   ./services/networking/teamspeak3.nix
   ./services/networking/tedicross.nix
diff --git a/nixos/modules/services/networking/tailscale.nix b/nixos/modules/services/networking/tailscale.nix
new file mode 100644
index 00000000000..513c42b4011
--- /dev/null
+++ b/nixos/modules/services/networking/tailscale.nix
@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let cfg = config.services.tailscale;
+in {
+  meta.maintainers = with maintainers; [ danderson mbaillie ];
+
+  options.services.tailscale = {
+    enable = mkEnableOption "Tailscale client daemon";
+
+    port = mkOption {
+      type = types.port;
+      default = 41641;
+      description = "The port to listen on for tunnel traffic (0=autoselect).";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.tailscale = {
+      description = "Tailscale client daemon";
+
+      after = [ "network-pre.target" ];
+      wants = [ "network-pre.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      unitConfig = {
+        StartLimitIntervalSec = 0;
+        StartLimitBurst = 0;
+      };
+
+      serviceConfig = {
+        ExecStart =
+          "${pkgs.tailscale}/bin/tailscaled --port ${toString cfg.port}";
+
+        RuntimeDirectory = "tailscale";
+        RuntimeDirectoryMode = 755;
+
+        StateDirectory = "tailscale";
+        StateDirectoryMode = 700;
+
+        Restart = "on-failure";
+      };
+    };
+  };
+}
diff --git a/pkgs/servers/tailscale/default.nix b/pkgs/servers/tailscale/default.nix
new file mode 100644
index 00000000000..52b6f36dd02
--- /dev/null
+++ b/pkgs/servers/tailscale/default.nix
@@ -0,0 +1,35 @@
+{ lib, buildGoModule, fetchFromGitHub, makeWrapper, iptables, iproute }:
+
+buildGoModule rec {
+  pname = "tailscale";
+  version = "0.96-33";
+
+  src = fetchFromGitHub {
+    owner = "tailscale";
+    repo = "tailscale";
+    rev = "19cc4f8b8ecfdc16136d8489a1c2b899f556fda7";
+    sha256 = "0kcf3mz7fs15dm1dnkvrmdkm3agrl1zlg9ngb7cwfmvkkw1rkl6i";
+  };
+
+  nativeBuildInputs = [ makeWrapper ];
+
+  CGO_ENABLED = 0;
+
+  goPackagePath = "tailscale.com";
+  modSha256 = "1pjqfzw411k6kw8hqf56irnlhnl8947p1ad8yd84zvqqpzfs3jmz";
+  subPackages = [ "cmd/tailscale" "cmd/tailscaled" ];
+
+  postInstall = ''
+    wrapProgram $out/bin/tailscaled --prefix PATH : ${
+      lib.makeBinPath [ iproute iptables ]
+    }
+  '';
+
+  meta = with lib; {
+    homepage = "https://tailscale.com";
+    description = "The node agent for Tailscale, a mesh VPN built on WireGuard";
+    platforms = platforms.linux;
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ danderson mbaillie ];
+  };
+}
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a7adf2d6f95..a9a2297f5cb 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -16024,6 +16024,8 @@ in
 
   syncserver = callPackage ../servers/syncserver { };
 
+  tailscale = callPackage ../servers/tailscale { };
+
   thanos = callPackage ../servers/monitoring/thanos { };
 
   inherit (callPackages ../servers/http/tomcat { })