tailscale: add more parameters and firewall zone config #26407
Conversation
setting.js: adjust it to match the tailscale package (openwrt/packages#26407) config/tailscale: drop init.d/tailscale: drop Signed-off-by: asvow <asvows@gmail.com>
|
Please check contributing guidelines wrt commit author and signoff, and submissions guidelines wrt commit message formatting. When modifying a package without updating the underlying software, you're expected to bump the |
832e218 to
68326d7
Compare
9ffbb4e to
0c49a
6D4E
06
Compare
0c49a06 to
6e468a2
Compare
There was a problem hiding this comment.
I'm still not convinced about the utility of the subshell. What happens if something inside of it fails? How would the user know? It seems like the service will continue running, but in some kind of an undefined state, i.e. some bits will be semi-configured. Perhaps, you should stop the service and cleanup? And what happens if you run the code inside the subshell without it?
I'm certain this subshell is necessary and must use |
There was a problem hiding this comment.
What's bothering me about the whole subshell thing, is that it's circumventing the normal procd process management, and seemingly running the config section nowhere and logging to nowhere, i.e. after the service is started, since you're not awaiting its completion. I understand how procd works and you explanation why you're doing this but it doesn't make this code any more elegant.
What you could do instead is have a config helper script, that would run using the standard procd_open_instance. That way you could do whatever you want inside, without worrying about the side-effects of an async subshell.
Also, all the current exit code checks [ $? -ne 0 ] are checking the exit status of the most recently executed command, so if any previous command fails they won't be triggered. A contrived example of the scenario:
true
false
true
[ $? -ne 0 ] && echo failed
|
I get your point – subshell usage has been removed and the code refactored, then committed. Note that this commit used my GitHub anonymous email; please ignore it for now. I'll correct this when squashing all changes into a single commit to finalize the commit history. |
80ca696 to
0932b41
Compare
This implements: * Add support for main Tailscale parameters, including: - accept-routes - hostname - accept-dns - advertise-exit-node - exit-node - advertise-routes - snat-subnet-routes - subnet-routes - login-server - authkey * Other parameters not mentioned above also support configuration by setting flags. * Firewall zone configuration integration. Ref: - https://tailscale.com/kb/1241/tailscale-up - https://openwrt.org/docs/guide-user/services/vpn/tailscale/start Signed-off-by: Geoffrey Hall <asvows@gmail.com>
4a757b6 to
b1069ac
Compare
|
@hnyman I thoroughly checked the build log and confirmed the error was due to the missing diff --git a/net/tailscale/Makefile b/net/tailscale/Makefile
index be6502fe4..2cfc1d970 100644
--- a/net/tailscale/Makefile
+++ b/net/tailscale/Makefile
@@ -56,7 +56,7 @@ define Package/tailscale/conffiles
endef
define Package/tailscale/install
- $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config
+ $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config $(1)/etc/hotplug.d/iface
$(INSTALL_BIN) $(GO_PKG_BUILD_BIN_DIR)/tailscaled $(1)/usr/sbin
$(LN) tailscaled $(1)/usr/sbin/tailscale
$(INSTALL_BIN) ./files//tailscale.init $(1)/etc/init.d/tailscale
-- |
Maintainer: me / @mochaaP @SuperSandro2000 @ja-pa @oskarirauta
Compile tested: 24.10.1 & Snapshot
Run tested: x86-64
Description:
Based on the official documentation, introduce support for most tailscale up parameters and OpenWrt firewall zone configuration to simplify and improve the Tailscale configuration. Meanwhile, provide the corresponding luci-app-tailscale (openwrt/luci#7735).
Add:
Reference: