From 81f204573e72d5401e1c5ce9d23d11142de97c09 Mon Sep 17 00:00:00 2001
From: unman <unman@thirdeyesecurity.org>
Date: Fri, 11 Apr 2025 13:39:12 +0000
Subject: [PATCH] Tailscale - Create sys-tailscale and configure binds

---
 tailscale/50_user.conf         |  4 ++++
 tailscale/configure.sls        | 22 ++++++++++++++++++++++
 tailscale/create_tailscale.sls | 12 ++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 tailscale/50_user.conf
 create mode 100644 tailscale/configure.sls
 create mode 100644 tailscale/create_tailscale.sls

diff --git a/tailscale/50_user.conf b/tailscale/50_user.conf
new file mode 100644
index 0000000..2db6bdf
--- /dev/null
+++ b/tailscale/50_user.conf
@@ -0,0 +1,4 @@
+binds+=( '/var/cache/tailscale/' )
+binds+=( '/var/lib/tailscale/' )
+binds+=( '/var/log/tailscale/' )
+binds+=( '/etc/default/tailscaled' )
diff --git a/tailscale/configure.sls b/tailscale/configure.sls
new file mode 100644
index 0000000..ec87c88
--- /dev/null
+++ b/tailscale/configure.sls
@@ -0,0 +1,22 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+
+{% if grains['nodename'] != 'dom0' %}
+
+tailscale_rc.local:
+    file.append:
+      - name: /rw/config/rc.local
+      - text: |
+          systemctl unmask tailscaled
+          systemctl start tailscaled
+          tailscale up
+
+tailscale_binds:
+  file.managed:
+    - name: /rw/config/qubes-bind-dirs.d/50_user.conf
+    - source:
+      - salt://tailscale/50_user.conf
+    - user: root
+    - group: root
+    - makedirs: True
+
+{% endif %}
diff --git a/tailscale/create_tailscale.sls b/tailscale/create_tailscale.sls
new file mode 100644
index 0000000..418f5ac
--- /dev/null
+++ b/tailscale/create_tailscale.sls
@@ -0,0 +1,12 @@
+qvm-present-id:
+  qvm.present:
+    - name: sys-tailscale
+    - template: template-tailscale
+    - label: gray
+
+qvm-prefs-id:
+  qvm.prefs:
+    - name: sys-tailscale
+    - memory: 400
+    - maxmem: 1000
+    - vcpus: 2