From 37c93eb8a9776ecb2c54624b1529afa5f2038361 Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Sat, 5 Apr 2025 13:34:02 +0000
Subject: [PATCH] Tailscale - Create template and install service

---
 tailscale/repo.sls                      |  87 ++++++++++++++++++++++++
 tailscale/tailscale-archive-keyring.gpg | Bin 0 -> 2288 bytes
 tailscale/tailscale.list                |   2 +
 3 files changed, 89 insertions(+)
 create mode 100644 tailscale/repo.sls
 create mode 100644 tailscale/tailscale-archive-keyring.gpg
 create mode 100644 tailscale/tailscale.list

diff --git a/tailscale/repo.sls b/tailscale/repo.sls
new file mode 100644
index 0000000..31e3162
--- /dev/null
+++ b/tailscale/repo.sls
@@ -0,0 +1,87 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+#
+#
+#
+
+{% if salt['pillar.get']('update_proxy:caching') %}
+{% set proxy = 'cacher' %}
+{% endif %}
+
+{% if grains['nodename'] != 'dom0' %}
+{% if grains['os_family']|lower == 'debian' %}
+{% if grains['nodename']|lower != 'host' %}
+{% if proxy  == 'cacher' %}
+{% for repo in salt['file.find']('/etc/apt/sources.list.d/', name='*list') %}
+{{ repo }}_baseurl:
+  file.replace:
+    - name: {{ repo }}
+    - pattern: 'https://'
+    - repl: 'http://HTTPS///'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+    - backup: False
+
+{% endfor %}
+
+/etc/apt/sources.list:
+  file.replace:
+    - name: /etc/apt/sources.list
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+    - backup: False
+
+{% endif %}
+
+requirements_installed:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - qubes-core-agent-networking
+      - qubes-core-agent-passwordless-root
+      - iproute2
+      - libnotify-bin
+      - lsb-release
+      - xz-utils
+
+/etc/apt/sources.list.d/tailscale.list:
+  file.managed:
+    - source:
+      - salt://tailscale/tailscale.list
+    - user: root
+    - group: root
+    - makedirs: True
+
+/usr/share/keyrings/tailscale-achive-keyring.gpg:
+  file.managed:
+    - source:
+      - salt://tailscale/tailscale-archive-keyring.gpg
+    - user: root
+    - group: root
+    - makedirs: True
+
+{% if proxy == 'cacher' %}
+/etc/apt/sources.list.d/tailscale.list:
+  file.replace:
+    - name: /etc/apt/sources.list.d/tailscale.list
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+    - backup: False
+
+{% endif %}
+
+tailscale_installed:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - tailscale
+
+{% endif %}
+
+disable_tailscaled:
+  service.disabled:
+    - name: tailscaled
+
+mask_tailscaled:
+  service.masked:
+    - name: tailscaled
diff --git a/tailscale/tailscale-archive-keyring.gpg b/tailscale/tailscale-archive-keyring.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..603538d6458641164d8767c30a6959db122ccaf3
GIT binary patch
literal 2288
zcmajfc{~#i1IO`g=Ge@Y@pIeUgt;<TMTAi1Ud1%mvbl-5auv!=m?I%_<qF{`FH`)C
zat}=^xfY5X`OOi}@p}DU&-35&|M&CX_w_CU@qlrTMO{FC0F|w%mAg*~YjN;N$gKbl
z@nekN?40i~)~C&K*tI5$>KnM;$SiZIny}V^Ln4(iw}RDxSu6I`YRgkt><oj7%{b(W
zNT==1_0d^E=reP=Hj<q@nBnvp0!Ld6_>xE4)@ScHwNjI5uZ}UJwQ}|yi4HLzQ>&4-
zAWu|7Zlcan;k?EHVrsLfIOm$tnKyQI9p)s3+yd#u<}TvFdDULD#_MiG)4i7i@*|iv
zI){p*<{RmH08ZW1y(9t^E<(QFA}h1mgic1>T7E)e=3RVY{tahplCNGR%*tZ@WRsY|
zt+?upoB8u?@8Wyrr3(}zODMR5p@zWOjHgkC5PsZx_OlJ(3d@q#(Z5ohQ3wci@3G(N
z^_NweOwOB)v+H*eyta*Ydi*}_M`@gpVi2aN%ji%3;uxT;Of}xu=>xDlPQa`9Q+~8W
z?&_!ro5ScUrIwqPDfC0%U$JDBsVBP12_&0)qwJkrVf{&EHs?y})~{w42{f9c>$MAI
zo0@5ZI6P9h+`kxcUKBZY<Vv*f-1d&QNR2=brk3wNSMT-MTfuGDKOc&C0)4$mlyQB}
zBL}U$-7F997)(#xPbplpya+3pxYLsLLuIMBE&bJS)R%nIVW`@9f>!U(WX@a#RBRlp
ze{mqyFFfomIE;~9nO!$IRnSlveUgl@Iu8&40)Xvij(A_cP*1#{H{wcwr#eCjgZCui
z3Eqeh@1Vd?->|@tNJOYFA;33)fFOBCDkF@11AGFF!~U++Jp=tOJOEt-3j(<SdcsJs
zd_i4VeVZQgfe|$Fa(b;+ejN5TJLun^1BtV-b3?c|K^#I*2p2a9EDT};f~0_;KjHyU
z2>;(>Y%t#`=0n7EQBz8YOX<#x>Q<JCONSXwLG5S}!2Hy=A>Kgghyd^1DN2E}tp_c5
zFkh@v@#?$dskYw>b11I!7Y#qVINNesmjNXZlm@#p5Az$T$TSg*@zfiu@B5bRB<Zl6
zpOP$lt%)q_mbwyU&*%@x9Yy_b<4EpK{dTVvzGm#MW=dulhPz^c>c+~Li;>q+zVgnu
zShiI^^e#D$hdKXo^6DPM<{2H*^@S=hzGGkpXLh$(97Ib*a#<@xKA3JZ5IGS`h|#yT
z>#cthnW!Zhc4ybX1l5%9E{AEX`Q#*n2^xB*tbE^>o){mtYXEUM^@v|4!4#I%c|%Ae
z#1{Q<p#<^E>#dupX$Cd`NfV;(;+C|YhpX~=m;a23vANLICGcV5FnlpaimQ9hOHt0r
zTG2yyk1dN_07FH+7x!L`l2f<$(@MEIk}H_HesBclFHvcopmAT5Jk0w;_Or#q5DN##
zG<Nhu^=<a;lByr@p`mKQ%+asswpy|JIhi_feA|Vbf+TImy@txb8dfzP?M#I=Sb2S_
zocPF^ehMI7xpBeR3;A1efiy>QO5WR?Z@6>`UuQ0NXIERiXf4Oh@-Ff&z8c>)O!j|#
zHo7OY`CcKhZp74SjcL{|s@Zd%N*N2;p@H&Yh0Uao)2lS8Se+4iBB&Q5L#j?$?fx%Q
zQ<jx4$ZoS(BcCr)uQWD(`S^beN$KvtH37<7PON~jZJrjN^Ck+q)bfeH^n;CIESMXl
z^cAH_0b+9RWuu)<<*MGQYklC~$7j*;3pIkNR^39pkdbUIGrx)!=*ik^S7rAfJ}T>a
zaCYvOgA8L%=~t;rL3F<}Y;ZEOXi{4-4`@VF>5*mhyeTNjK-^rM(IB4Dh;<zJlF$>t
zV%p-OwT^3|{gz0<jvr?<Ws-6!iDp!M?BGG@D!ZG{W^-{<n{SN^4^mb^(2jmx#<cX7
za5V?I#TnmZnRw>0_0jtF?riMhlpa}rU=U+aN^5aUa4OBMk@@0N@s2#dFzE5<ulO=8
zOh~R1#}xdWE?H@m-rt=`qF~<~Dit8F^qJUl{<u#4BFTE)F$cDa8;(DbIo8f$J%+wV
z5$qJ-TD|}MXe&7A@NVu5`7BSIoDB=Z(FEqz*l}+!nC~hpzF-1fc>v0cI3;lJomwt`
z>`WtC%YEHVhZhd`q-&8pavvHuIi_O={lqx-2JWBu%0~|bHb(A?%4ZnE9|toi(#Wx{
zv9pDx;efewSXIt}Dk$+S<XFCH2>XHXZnqKi&d|+$rdyL&(|gWli$G(f<TqPoiJD|<
zneS6e6Os_O5sKyQjsX4w;=FAk>UzF2&FHuf)GLJE>$mHa0>moH{)edtAYHJ?zkosf
zA7Ehr3(4YNe8;?~5cSB-@I8V^$Dc6GaGrK}8ssXu#KI_;#mRu0RhmjW`ZF{Bf#O4f
z){?43?F2URHum`)7AJ}MwS3yH6s_HIhoj4KVw^K+Cm}AqE1m@d7QctruIMa?7#h`*
zxDCT~9qgVyElKA{dg2a#{nW|X@C4@oZdbbdwYsgzd+@gd<BsEbN)>^r&Hk$?>N8@J
z*t!hB^n9Z+qSwKp!{4(PK!B-w)}*j$lEUCPV1!=c?rf{QnDXtIAYBplELm|zzA^VL
z@bg1GH?-qvwm-X<-FLc10DGeOXPJoKZBi(lC;b~UD47dCC|Q14vMX|JX%(AQ#KUJi
zFe<mDr!Gu844fA=ajIXusHu3S?rWBmohO@E0DZP1G05J=Wey;#QXAeue%_+wM%B#G
z0q63zR7iC5N5k$~!w<4`Gw(_3dFihmt~2-eN*{Ie<mahsvh(^^Id8ms;jh53@(>ns
zI471ip#>ci4?8r1Rb3JY5j=nizdBIK`?{&Iv|Orv$;LX{LBb1dzjP;rQh`VkYt(L#
zKnm%vs_FmQ83Q^EiBoE(Z`<e&H7+r3s+31%{8)Q*KT}P1lk3T{#k`wv*?8U<2P9Z>
zYE%1Uo3JRx+dO*J^=9yWl-wR+h%&~AwR+`&pEwZLh_=~yt}4hgo0aaV^s8?zBF+=~
G*FORFpf800

literal 0
HcmV?d00001

diff --git a/tailscale/tailscale.list b/tailscale/tailscale.list
new file mode 100644
index 0000000..45ef98e
--- /dev/null
+++ b/tailscale/tailscale.list
@@ -0,0 +1,2 @@
+# Tailscale packages for debian bookworm
+deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/debian bookworm main