feat: add Tailscale formula

Fixes: https://github.com/ben-grande/qusal/issues/42

.qubesbuilder

@@ -48,6 +48,7 @@ host:
       - rpm_spec/qusal-sys-ssh.spec
       - rpm_spec/qusal-sys-ssh-agent.spec
       - rpm_spec/qusal-sys-syncthing.spec
+      - rpm_spec/qusal-sys-tailscale.spec
       - rpm_spec/qusal-sys-usb.spec
       - rpm_spec/qusal-sys-wireguard.spec
       - rpm_spec/qusal-terraform.spec

.reuse/dep5

@@ -105,6 +105,10 @@ Files: salt/sys-syncthing/files/repo/*
 Copyright: 2014 The Syncthing Project <release@syncthing.net>
 License: CC0-1.0
 
+Files: salt/sys-tailscale/files/repo/*
+Copyright: 2020 Tailscale Inc. <info@tailscale.com>
+License: CC0-1.0
+
 Files: salt/terraform/files/repo/*
 Copyright: 2023 HashiCorp Inc. <security+packaging@hashicorp.com>
 License: CC0-1.0

rpm_spec/qusal-sys-tailscale.spec

@@ -0,0 +1,108 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+%define project         sys-tailscale
+%define license_csv     AGPL-3.0-or-later
+## Reproducibility.
+%define source_date_epoch_from_changelog 1
+%define use_source_date_epoch_as_buildtime 1
+%define clamp_mtime_to_source_date_epoch 1
+## Changelog is trimmed according to current date, not last date from changelog.
+%define _changelog_trimtime 0
+%define _changelog_trimage 0
+%global _buildhost %{name}
+## Python bytecode interferes when updates occur and restart is not done.
+%undefine __brp_python_bytecompile
+
+Name:           qusal-sys-tailscale
+Version:        0.0.1
+Release:        1%{?dist}
+Summary:        Tailscale environment in Qubes OS
+Group:          qusal
+Packager:       %{?_packager}%{!?_packager:Ben Grande <ben.grande.b@gmail.com>}
+Vendor:         Ben Grande
+License:        AGPL-3.0-or-later
+URL:            https://github.com/ben-grande/qusal
+BugURL:         https://github.com/ben-grande/qusal/issues
+Source0:        %{name}-%{version}.tar.gz
+BuildArch:      noarch
+
+Requires:       qubes-mgmt-salt
+Requires:       qubes-mgmt-salt-dom0
+Requires:       qusal-utils
+
+
+%description
+Install Tailscale and use it on the "sys-tailscale" or with any other qube you
+want to install.
+
+%prep
+%setup -q
+
+%build
+
+%check
+
+%pre
+
+%install
+rm -rf %{buildroot}
+install -m 755 -d \
+  %{buildroot}/srv/salt/qusal \
+  %{buildroot}%{_docdir}/%{name} \
+  %{buildroot}%{_defaultlicensedir}/%{name}
+
+for license in $(echo "%{license_csv}" | tr "," " "); do
+  license_dir="LICENSES"
+  if test -d "salt/%{project}/LICENSES"; then
+    license_dir="salt/%{project}/LICENSES"
+  fi
+  install -m 644 "${license_dir}/${license}.txt" %{buildroot}%{_defaultlicensedir}/%{name}/
+done
+
+install -m 644 salt/%{project}/README.md %{buildroot}%{_docdir}/%{name}/
+rm -rf \
+  salt/%{project}/LICENSES \
+  salt/%{project}/README.md \
+  salt/%{project}/.*
+cp -rv salt/%{project} %{buildroot}/srv/salt/qusal/%{name}
+
+%post
+if test "$1" = "1"; then
+  ## Install
+  qubesctl state.apply sys-tailscale.create
+  qubesctl --skip-dom0 --targets=tpl-sys-tailscale state.apply sys-tailscale.install
+elif test "$1" = "2"; then
+  ## Upgrade
+  true
+fi
+
+%preun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%postun
+if test "$1" = "0"; then
+  ## Uninstall
+  true
+elif test "$1" = "1"; then
+  ## Upgrade
+  true
+fi
+
+%files
+%defattr(-,root,root,-)
+%license %{_defaultlicensedir}/%{name}/*
+%doc %{_docdir}/%{name}/README.md
+%dir /srv/salt/qusal/%{name}
+/srv/salt/qusal/%{name}/*
+%dnl TODO: missing '%ghost', files generated during %post, such as Qrexec policies.
+
+%changelog
+

salt/sys-tailscale/README.md

@@ -0,0 +1,58 @@
+# sys-tailscale
+
+Tailscale environment in Qubes OS.
+
+## Table of Contents
+
+*   [Description](#description)
+*   [Installation](#installation)
+*   [Usage](#usage)
+
+## Description
+
+Install Tailscale and use it on the "sys-tailscale" or with any other qube you
+want to install.
+
+## Installation
+
+*   Top:
+
+```sh
+sudo qubesctl top.enable sys-tailscale
+sudo qubesctl --targets=tpl-sys-tailscale state.apply
+sudo qubesctl top.disable sys-tailscale
+```
+
+*   State:
+
+<!-- pkg:begin:post-install -->
+
+```sh
+sudo qubesctl state.apply sys-tailscale.create
+sudo qubesctl --skip-dom0 --targets=tpl-sys-tailscale state.apply sys-tailscale.install
+```
+
+<!-- pkg:end:post-install -->
+
+The Tailscale qube requires the Tailscale service to be enabled:
+
+```sh
+qvm-features QUBE service.tailscale 1
+```
+
+## Usage
+
+Authenticate to your Tailnet by following the upstream instructions to
+[generate an auth key](https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key).
+
+On the Tailscale web interface, authorize the new device.
+
+You may want to [disable automatic key
+expiry](https://tailscale.com/kb/1085/auth-keys#key-expiry) to avoid having to
+redo the authentication steps.
+
+There are various functionalities Tailscale provides, consult
+[upstream documentation](https://tailscale.com/kb) for more information. There
+is also an
+[introductory video](https://tailscale.dev/blog/get-started-in-10-nov2023)
+covering the basics.

salt/sys-tailscale/clone.sls

@@ -0,0 +1,8 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% from 'utils/macros/clone-template.sls' import clone_template -%}
+{{ clone_template('debian-minimal', sls_path) }}

salt/sys-tailscale/clone.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-tailscale.clone

salt/sys-tailscale/create.sls

@@ -0,0 +1,57 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{%- from "qvm/template.jinja" import load -%}
+
+include:
+  - .clone
+
+{% load_yaml as defaults -%}
+name: tpl-{{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+prefs:
+- audiovm: ""
+- memory: 300
+- maxmem: 400
+features:
+- set:
+  - default-menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
+  - menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
+{%- endload %}
+{{ load(defaults) }}
+
+{% load_yaml as defaults -%}
+name: {{ slsdotpath }}
+force: True
+require:
+- sls: {{ slsdotpath }}.clone
+present:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+prefs:
+- template: tpl-{{ slsdotpath }}
+- label: purple
+- audiovm: ""
+- vcpus: 1
+- memory: 400
+- maxmem: 500
+- autostart: False
+- include_in_backups: True
+features:
+- set:
+  - menu-items: "qubes-run-terminal.desktop qubes-start.desktop"
+- enable:
+  - service.tailscale
+- disable:
+  - service.cups
+  - service.cups-browsed
+{%- endload %}
+{{ load(defaults) }}
+
+{% from 'utils/macros/policy.sls' import policy_set with context -%}
+{{ policy_set(sls_path, '80') }}

salt/sys-tailscale/create.top

@@ -0,0 +1,10 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-tailscale.create

salt/sys-tailscale/files/repo/tailscale.asc

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF5UmbgBEADAA5mxC8EoWEf53RVdlhQJbNnQW7fctUA5yNcGUbGGGTk6XFqO
+nlek0Us0FAl5KVBgcS0Bj+VSwKVI/wx91tnAWI36CHeMyPTawdT4FTcS2jZMHbcN
+UMqM1mcGs3wEQmKz795lfy2cQdVktc886aAF8hy1GmZDSs2zcGMvq5KCNPuX3DD5
+INPumZqRTjwSwlGptUZrJpKWH4KvuGr5PSy/NzC8uSCuhLbFJc1Q6dQGKlQxwh+q
+AF4uQ1+bdy92GHiFsCMi7q43hiBg5J9r55M/skboXkNBlS6kFviP+PADHNZe5Vw0
+0ERtD/HzYb3cH5YneZuYXvnJq2/XjaN6OwkQXuqQpusB5fhIyLXE5ZqNlwBzX71S
+779tIyjShpPXf1HEVxNO8TdVncx/7Zx/FSdwUJm4PMYQmnwBIyKlYWlV2AGgfxFk
+mt2VexyS5s4YA1POuyiwW0iH1Ppp9X14KtOfNimBa0yEzgW3CHTEg55MNZup6k2Q
+mRGtRjeqM5cjrq/Ix15hISmgbZogPRkhz/tcalK38WWAR4h3N8eIoPasLr9i9OVe
+8aqsyXefCrziaiJczA0kCqhoryUUtceMgvaHl+lIPwyW0XWwj+0q45qzjLvKet+V
+Q8oKLT1nMr/whgeSJi99f/jE4sWIbHZ0wwR02ZCikKnS05arl3v+hiBKPQARAQAB
+tERUYWlsc2NhbGUgSW5jLiAoUGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5
+KSA8aW5mb0B0YWlsc2NhbGUuY29tPokCTgQTAQgAOBYhBCWWqZ6qszghiTwKeUWM
+qDKVf1hoBQJeVJm4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEEWMqDKV
+f1hoWHEP/1DYd9WZrodyV5zy1izvj0FXtUReJi374gDn3cHrG6uYtXcE9HWZhxQD
+6nDgYuey5sBhLvPQiE/sl5GYXNw/O95XVk8HS54BHCCYq1GeYkZaiCGLGFBA08JK
+7PZItGsfdJHwHfhSMtGPS7Cpmylje9gh8ic56NAhC7c5tGTlD69Y8zGHjnRQC6Hg
+wF34jdp8JTQpSctpmiOxOXN+eH8N59zb0k30CUym1Am438AR0PI6RBTnubBH+Xsc
+eQhLJnmJ1bM6GP4agXw5T1G/qp95gjIddHXzOkEvrpVfJFCtp91VIlBwycspKYVp
+1IKAdPM6CVf/YoDkawwm4y4OcmvNarA5dhWBG0Xqse4v1dlYbiHIFcDzXuMyrHYs
+D2Wg8Hx8TD64uBHY0fp24nweCLnaZCckVUsnYjb0A494lgwveswbZeZ6JC5SbDKH
+Tc2SE4jq+fsEEJsqsdHIC04d+pMXI95HinJHU1SLBTeKLvEF8Zuk7RTJyaUTjs7h
+Ne+xWDmRjjR/D/GXBxNrM9mEq6Jvp/ilYTdWwAyrSmTdotHb+NWjAGpJWj5AZCH9
+HeBr2mtVhvTu3KtCQmGpRiR18zMbmemRXUh+IX5hpWGzynhtnSt7vXOvhJdqqc1D
+VennRMQZMb09wJjPcvLIApUMl69r29XmyB59NM3UggK/UCJrpYfmuQINBF5UmbgB
+EADTSKKyeF3XWDxm3x67MOv1Zm3ocoe5xGDRApPkgqEMA+7/mjVlahNXqA8btmwM
+z1BH5+trjOUoohFqhr9FPPLuKaS/pE7BBP38KzeA4KcTiEq5FQ4JzZAIRGyhsAr+
+6bxcKV/tZirqOBQFC7bH2UAHH7uIKHDUbBIDFHjnmdIzJ5MBPMgqvSPZvcKWm40g
+W+LWMGoSMH1Uxd+BvW74509eezL8p3ts42txVNvWMSKDkpiCRMBhfcf5c+YFXWbu
+r5qus2mnVw0hIyYTUdRZIkOcYBalBjewVmGuSIISnUv76vHz133i0zh4JcXHUDqc
+yLBUgVWckqci32ahy3jc4MdilPeAnjJQcpJVBtMUNTZ4KM7UxLmOa5hYwvooliFJ
+wUFPB+1ZwN8d+Ly12gRKf8qA/iL8M5H4nQrML2dRJ8NKzP2U73Fw+n6S1ngrDX8k
+TPhQBq4EDjDyX7SW3Liemj5BCuWJAo53/2cL9P9I5Nu3i2pLJOHzjBSXxWaMMmti
+kopArlSMWMdsGgb0xYX+aSV7xW+tefYZJY1AFJ1x2ZgfIc+4zyuXnHYA2jVYLAfF
+pApqwwn8JaTJWNhny/OtAss7XV/WuTEOMWXaTO9nyNmHla9KjxlBkDJG9sCcgYMg
+aCAnoLRUABCWatxPly9ZlVbIPPzBAr8VN/TEUbceAH0nIwARAQABiQI2BBgBCAAg
+FiEEJZapnqqzOCGJPAp5RYyoMpV/WGgFAl5UmbgCGwwACgkQRYyoMpV/WGji9w/8
+Di9yLnnudvRnGLXGDDF2DbQUiwlNeJtHPHH4B9kKRKJDH1Rt5426Lw8vAumDpBlR
+EeuT6/YQU+LSapWoDzNcmDLzoFP7RSQaB9aL/nJXv+VjlsVH/crpSTTgGDs8qGsL
+O3Y2U1Gjo5uMBoOfXwS8o1VWO/5eUwS0KH7hpbOuZcf9U9l1VD2YpGfnMwX1rnre
+INJqseQAUL3oyNl76gRzyuyQ4AIA06r40hZDgybH0ADN1JtfVk8z4ofo/GcfoXqm
+hifWJa2SwwHeijhdN1T/kG0FZFHs1DBuBYJG3iJ3/bMeL15j1OjncIYIYccdoEUd
+uHnp4+ZYj5kND0DFziTvOC4WyPpv3BlBVariPzEnEqnhjx5RYwMabtTXoYJwUkxX
+2gAjKqh2tXissChdwDGRNASSDrChHLkQewx+SxT5kDaOhB84ZDnp+urn9A+clLkN
+lZMsMQUObaRW68uybSbZSmIWFVM1GovRMgrPG3T6PAykQhFyE/kMFrv5KpPh7jDj
+5JwzQkxLkFMcZDdS43VymKEggxqtM6scIRU55i059fLPAVXJG5in1WhMNsmt49lb
+KqB6je3plIWOLSPuCJ/kR9xdFp7Qk88GCXEd0+4z/vFn4hoOr85NXFtxhS8k9GfJ
+mM/ZfUq7YmHR+Rswe0zrrCwTDdePjGMo9cHpd39jCvc=
+=AIVM
+-----END PGP PUBLIC KEY BLOCK-----

salt/sys-tailscale/files/repo/tailscale.sources

@@ -0,0 +1,6 @@
+Types: deb
+URIs: https://pkgs.tailscale.com/stable/debian
+Suites: bookworm
+Components: main
+Signed-by: /usr/share/keyrings/tailscale.asc
+# vim: ft=debsources

salt/sys-tailscale/files/repo/tailscale.yum.asc

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBF5UmbgBEADAA5mxC8EoWEf53RVdlhQJbNnQW7fctUA5yNcGUbGGGTk6XFqO
+nlek0Us0FAl5KVBgcS0Bj+VSwKVI/wx91tnAWI36CHeMyPTawdT4FTcS2jZMHbcN
+UMqM1mcGs3wEQmKz795lfy2cQdVktc886aAF8hy1GmZDSs2zcGMvq5KCNPuX3DD5
+INPumZqRTjwSwlGptUZrJpKWH4KvuGr5PSy/NzC8uSCuhLbFJc1Q6dQGKlQxwh+q
+AF4uQ1+bdy92GHiFsCMi7q43hiBg5J9r55M/skboXkNBlS6kFviP+PADHNZe5Vw0
+0ERtD/HzYb3cH5YneZuYXvnJq2/XjaN6OwkQXuqQpusB5fhIyLXE5ZqNlwBzX71S
+779tIyjShpPXf1HEVxNO8TdVncx/7Zx/FSdwUJm4PMYQmnwBIyKlYWlV2AGgfxFk
+mt2VexyS5s4YA1POuyiwW0iH1Ppp9X14KtOfNimBa0yEzgW3CHTEg55MNZup6k2Q
+mRGtRjeqM5cjrq/Ix15hISmgbZogPRkhz/tcalK38WWAR4h3N8eIoPasLr9i9OVe
+8aqsyXefCrziaiJczA0kCqhoryUUtceMgvaHl+lIPwyW0XWwj+0q45qzjLvKet+V
+Q8oKLT1nMr/whgeSJi99f/jE4sWIbHZ0wwR02ZCikKnS05arl3v+hiBKPQARAQAB
+tERUYWlsc2NhbGUgSW5jLiAoUGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5
+KSA8aW5mb0B0YWlsc2NhbGUuY29tPokCTgQTAQgAOBYhBCWWqZ6qszghiTwKeUWM
+qDKVf1hoBQJeVJm4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEEWMqDKV
+f1hoWHEP/1DYd9WZrodyV5zy1izvj0FXtUReJi374gDn3cHrG6uYtXcE9HWZhxQD
+6nDgYuey5sBhLvPQiE/sl5GYXNw/O95XVk8HS54BHCCYq1GeYkZaiCGLGFBA08JK
+7PZItGsfdJHwHfhSMtGPS7Cpmylje9gh8ic56NAhC7c5tGTlD69Y8zGHjnRQC6Hg
+wF34jdp8JTQpSctpmiOxOXN+eH8N59zb0k30CUym1Am438AR0PI6RBTnubBH+Xsc
+eQhLJnmJ1bM6GP4agXw5T1G/qp95gjIddHXzOkEvrpVfJFCtp91VIlBwycspKYVp
+1IKAdPM6CVf/YoDkawwm4y4OcmvNarA5dhWBG0Xqse4v1dlYbiHIFcDzXuMyrHYs
+D2Wg8Hx8TD64uBHY0fp24nweCLnaZCckVUsnYjb0A494lgwveswbZeZ6JC5SbDKH
+Tc2SE4jq+fsEEJsqsdHIC04d+pMXI95HinJHU1SLBTeKLvEF8Zuk7RTJyaUTjs7h
+Ne+xWDmRjjR/D/GXBxNrM9mEq6Jvp/ilYTdWwAyrSmTdotHb+NWjAGpJWj5AZCH9
+HeBr2mtVhvTu3KtCQmGpRiR18zMbmemRXUh+IX5hpWGzynhtnSt7vXOvhJdqqc1D
+VennRMQZMb09wJjPcvLIApUMl69r29XmyB59NM3UggK/UCJrpYfmuQINBF5UmbgB
+EADTSKKyeF3XWDxm3x67MOv1Zm3ocoe5xGDRApPkgqEMA+7/mjVlahNXqA8btmwM
+z1BH5+trjOUoohFqhr9FPPLuKaS/pE7BBP38KzeA4KcTiEq5FQ4JzZAIRGyhsAr+
+6bxcKV/tZirqOBQFC7bH2UAHH7uIKHDUbBIDFHjnmdIzJ5MBPMgqvSPZvcKWm40g
+W+LWMGoSMH1Uxd+BvW74509eezL8p3ts42txVNvWMSKDkpiCRMBhfcf5c+YFXWbu
+r5qus2mnVw0hIyYTUdRZIkOcYBalBjewVmGuSIISnUv76vHz133i0zh4JcXHUDqc
+yLBUgVWckqci32ahy3jc4MdilPeAnjJQcpJVBtMUNTZ4KM7UxLmOa5hYwvooliFJ
+wUFPB+1ZwN8d+Ly12gRKf8qA/iL8M5H4nQrML2dRJ8NKzP2U73Fw+n6S1ngrDX8k
+TPhQBq4EDjDyX7SW3Liemj5BCuWJAo53/2cL9P9I5Nu3i2pLJOHzjBSXxWaMMmti
+kopArlSMWMdsGgb0xYX+aSV7xW+tefYZJY1AFJ1x2ZgfIc+4zyuXnHYA2jVYLAfF
+pApqwwn8JaTJWNhny/OtAss7XV/WuTEOMWXaTO9nyNmHla9KjxlBkDJG9sCcgYMg
+aCAnoLRUABCWatxPly9ZlVbIPPzBAr8VN/TEUbceAH0nIwARAQABiQI2BBgBCAAg
+FiEEJZapnqqzOCGJPAp5RYyoMpV/WGgFAl5UmbgCGwwACgkQRYyoMpV/WGji9w/8
+Di9yLnnudvRnGLXGDDF2DbQUiwlNeJtHPHH4B9kKRKJDH1Rt5426Lw8vAumDpBlR
+EeuT6/YQU+LSapWoDzNcmDLzoFP7RSQaB9aL/nJXv+VjlsVH/crpSTTgGDs8qGsL
+O3Y2U1Gjo5uMBoOfXwS8o1VWO/5eUwS0KH7hpbOuZcf9U9l1VD2YpGfnMwX1rnre
+INJqseQAUL3oyNl76gRzyuyQ4AIA06r40hZDgybH0ADN1JtfVk8z4ofo/GcfoXqm
+hifWJa2SwwHeijhdN1T/kG0FZFHs1DBuBYJG3iJ3/bMeL15j1OjncIYIYccdoEUd
+uHnp4+ZYj5kND0DFziTvOC4WyPpv3BlBVariPzEnEqnhjx5RYwMabtTXoYJwUkxX
+2gAjKqh2tXissChdwDGRNASSDrChHLkQewx+SxT5kDaOhB84ZDnp+urn9A+clLkN
+lZMsMQUObaRW68uybSbZSmIWFVM1GovRMgrPG3T6PAykQhFyE/kMFrv5KpPh7jDj
+5JwzQkxLkFMcZDdS43VymKEggxqtM6scIRU55i059fLPAVXJG5in1WhMNsmt49lb
+KqB6je3plIWOLSPuCJ/kR9xdFp7Qk88GCXEd0+4z/vFn4hoOr85NXFtxhS8k9GfJ
+mM/ZfUq7YmHR+Rswe0zrrCwTDdePjGMo9cHpd39jCvc=
+=AIVM
+-----END PGP PUBLIC KEY BLOCK-----

salt/sys-tailscale/files/repo/tailscale.yum.repo

@@ -0,0 +1,9 @@
+[tailscale-stable]
+name=Tailscale stable
+baseurl=https://pkgs.tailscale.com/stable/fedora/$basearch
+enabled=1
+type=rpm
+repo_gpgcheck=1
+gpgcheck=1
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-tailscale
+# vim: ft=toml

salt/sys-tailscale/files/server/qubes-bind-dirs.d/50-sys-tailscale.conf

@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+binds+=('/var/lib/tailscale')
+binds+=('/var/cache/tailscale')
+
+# vim: ft=bash

salt/sys-tailscale/files/server/systemd/tailscaled.service.d/50_qusal.conf

@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+# vim: ft=systemd
+[Unit]
+ConditionPathExists=/var/run/qubes-service/tailscale
+After=qubes-sysinit.service
+
+[Service]
+Environment=TS_DEBUG_FIREWALL_MODE=nftables
+Environment=TS_NO_LOGS_NO_SUPPORT=true

salt/sys-tailscale/init.top

@@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'dom0':
+    - match: nodegroup
+    - sys-tailscale.create
+  'tpl-sys-tailscale':
+    - sys-tailscale.install

salt/sys-tailscale/install-repo.sls

@@ -0,0 +1,12 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+{% from 'utils/macros/install-repo.sls' import install_repo -%}
+{{ install_repo(sls_path, 'tailscale') }}
+
+{% endif -%}

salt/sys-tailscale/install-repo.top

@@ -0,0 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'tpl-sys-tailscale':
+    - sys-tailscale.install-repo

salt/sys-tailscale/install.sls

@@ -0,0 +1,56 @@
+{#
+SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+{% if grains['nodename'] != 'dom0' -%}
+
+include:
+  - .install-repo
+  - utils.tools.common.update
+
+"{{ slsdotpath }}-systemd":
+  file.recurse:
+    - name: /usr/lib/systemd/system/
+    - source: salt://{{ slsdotpath }}/files/server/systemd/
+    - dir_mode: '0755'
+    - file_mode: '0644'
+    - user: root
+    - group: root
+    - makedirs: True
+
+"{{ slsdotpath }}-installed":
+  pkg.installed:
+    - require:
+      - sls: {{ slsdotpath }}.install-repo
+      - sls: utils.tools.common.update
+      - file: "{{ slsdotpath }}-systemd"
+    - install_recommends: False
+    - skip_suggestions: True
+    - pkgs:
+      - qubes-core-agent-networking
+      - qubes-core-agent-passwordless-root
+      - tailscale
+      - bash-completion
+      - man-db
+
+"{{ slsdotpath }}-unmask-tailscaled":
+  service.unmasked:
+    - name: tailscaled
+    - runtime: False
+
+"{{ slsdotpath }}-enable-tailscaled":
+  service.enabled:
+    - name: tailscaled
+
+"{{ slsdotpath }}-bind-dirs":
+  file.managed:
+    - name: /etc/qubes-bind-dirs.d/50-{{ slsdotpath }}.conf
+    - source: salt://{{ slsdotpath }}/files/server/qubes-bind-dirs.d/50-{{ slsdotpath }}.conf
+    - mode: '0644'
+    - user: root
+    - group: root
+    - makedirs: True
+
+{% endif -%}

salt/sys-tailscale/install.top

@@ -0,0 +1,9 @@
+{#
+SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
+
+SPDX-License-Identifier: AGPL-3.0-or-later
+#}
+
+base:
+  'tpl-sys-tailscale':
+    - sys-tailscale.install

salt/sys-tailscale/version

@@ -0,0 +1 @@
+0.0.1