Tailscale - Create template and install service

2025-04-15 05:03:13 -04:00 · 2025-04-11 13:36:44 +00:00 · 2025-04-11 13:36:44 +00:00 · f629df4a4c
commit f629df4a4c
parent ea8008c94f
4 changed files with 116 additions and 0 deletions
--- a/tailscale/create.sls
+++ b/tailscale/create.sls
@ -0,0 +1,20 @@
+qvm-present-tailscale:
+  qvm.present:
+    - name: sys-tailscale
+    - class: AppVM
+    - template: template-tailscale
+    - label: green
+
+qvm-prefs-tailscale:
+  qvm.prefs:
+    - name: sys-tailscale
+    - memory: 400
+    - maxmem: 4000
+    - vcpus: 2
+    - provides-network: True
+
+qvm-features-tailscale:
+  qvm.features:
+    - name: sys-tailscale
+    - disable:
+      - service.tinyproxy
--- a/tailscale/create.top
+++ b/tailscale/create.top
@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - tailscale.create
--- a/tailscale/install.sls
+++ b/tailscale/install.sls
@ -0,0 +1,88 @@
+# vim: set syntax=yaml ts=2 sw=2 sts=2 et :
+#
+#
+#
+
+{% if salt['pillar.get']('update_proxy:caching') %}
+{% set proxy = 'cacher' %}
+{% endif %}
+
+{% if grains['nodename'] != 'dom0' %}
+{% if grains['os_family']|lower == 'debian' %}
+{% if grains['nodename']|lower != 'host' %}
+{% if proxy  == 'cacher' %}
+{% for repo in salt['file.find']('/etc/apt/sources.list.d/', name='*list') %}
+{{ repo }}_baseurl:
+  file.replace:
+    - name: {{ repo }}
+    - pattern: 'https://'
+    - repl: 'http://HTTPS///'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+    - backup: False
+
+{% endfor %}
+
+/etc/apt/sources.list:
+  file.replace:
+    - name: /etc/apt/sources.list
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+    - backup: False
+
+{% endif %}
+
+requirements_installed:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - qubes-core-agent-networking
+      - qubes-core-agent-passwordless-root
+      - iproute2
+      - libnotify-bin
+      - lsb-release
+      - xz-utils
+
+/etc/apt/sources.list.d/tailscale.list:
+  file.managed:
+    - source:
+      - salt://tailscale/tailscale.list
+    - user: root
+    - group: root
+    - makedirs: True
+
+/usr/share/keyrings/tailscale-archive-keyring.gpg:
+  file.managed:
+    - source:
+      - salt://tailscale/bookworm.noarmor.gpg
+    - user: root
+    - group: root
+    - makedirs: True
+
+{% if proxy == 'cacher' %}
+use_cacher_tailscale:
+  file.replace:
+    - name: /etc/apt/sources.list.d/tailscale.list
+    - pattern: 'https:'
+    - repl: 'http://HTTPS/'
+    - flags: [ 'IGNORECASE', 'MULTILINE' ]
+    - backup: False
+
+{% endif %}
+
+tailscale_installed:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - tailscale
+
+disable_tailscaled:
+  service.disabled:
+    - name: tailscaled
+
+mask_tailscaled:
+  service.masked:
+    - name: tailscaled
+{% endif %}
+{% endif %}
+{% endif %}
--- a/tailscale/install.top
+++ b/tailscale/install.top
@ -0,0 +1,4 @@
+base:
+  dom0:
+    - match: nodegroup
+    - tailscale.install