support for commonly used Tailscale param settings
This commit is contained in:
asvow
@@ -4,7 +4,8 @@ START=90
|
||||
|
||||
USE_PROCD=1
|
||||
|
||||
PROG=/usr/sbin/tailscaled
|
||||
PROG=/usr/sbin/tailscale
|
||||
PROGD=/usr/sbin/tailscaled
|
||||
CONFIG_PATH=/var/lib/tailscale
|
||||
|
||||
service_triggers() {
|
||||
@@ -17,9 +18,115 @@ section_enabled() {
|
||||
[ $enabled -gt 0 ]
|
||||
}
|
||||
|
||||
custom_instance() {
|
||||
local cfg="$1"
|
||||
local port config_path fw_mode std_out std_err state_file
|
||||
local ARGS=" up --reset"
|
||||
|
||||
if ! section_enabled "$cfg"; then
|
||||
echo "disabled in config"
|
||||
return 1
|
||||
fi
|
||||
|
||||
config_get_bool acceptRoutes $cfg 'acceptRoutes'
|
||||
config_get hostname $cfg 'hostname'
|
||||
config_get advertiseRoutes $cfg 'advertiseRoutes'
|
||||
config_get loginServer $cfg 'loginServer'
|
||||
config_get authkey $cfg 'authkey'
|
||||
config_get_bool std_out $cfg 'log_stdout'
|
||||
config_get_bool std_err $cfg 'log_stderr'
|
||||
|
||||
[ -n "$acceptRoutes" ] && ARGS="$ARGS --accept-routes true"
|
||||
[ -n "$hostname" ] && ARGS="$ARGS --hostname $hostname"
|
||||
[ -n "$advertiseRoutes" ] && ARGS="$ARGS --advertise-routes $advertiseRoutes"
|
||||
[ -n "$loginServer" ] && ARGS="$ARGS --login-server $loginServer"
|
||||
[ -n "$authkey" ] && ARGS="$ARGS --authkey $authkey"
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command $PROG $ARGS
|
||||
procd_set_param stdout "$std_out"
|
||||
procd_set_param stderr "$std_err"
|
||||
procd_close_instance
|
||||
(
|
||||
[ -f "/var/run/tailscale.wait.pid" ] && return
|
||||
touch /var/run/tailscale.wait.pid
|
||||
count=0
|
||||
while [ -z "$(ifconfig | grep 'tailscale' | awk '{print $1}')" ]
|
||||
do
|
||||
sleep 2
|
||||
let count++
|
||||
[ "${count}" -ge 5 ] && { rm /var/run/tailscale.wait.pid; exit 19; }
|
||||
done
|
||||
ts0=$(ifconfig | grep 'tailscale' | awk '{print $1}')
|
||||
for i in ${ts0}
|
||||
do
|
||||
echo "tailscale interface $i is started!"
|
||||
if [ -z "$(uci -q get network.$i)" ]; then
|
||||
uci set network.$i=interface
|
||||
uci set network.$i.proto='static'
|
||||
uci set network.$i.device=$i
|
||||
fi
|
||||
done
|
||||
|
||||
config_get_bool acceptRoutes $cfg 'acceptRoutes'
|
||||
if [ "$acceptRoutes" == "1" ]; then
|
||||
if [ -z "$(uci -q get firewall.tszone)" ]; then
|
||||
uci set firewall.tszone=zone
|
||||
uci set firewall.tszone.input='ACCEPT'
|
||||
uci set firewall.tszone.output='ACCEPT'
|
||||
uci set firewall.tszone.forward='REJECT'
|
||||
uci set firewall.tszone.masq='1'
|
||||
uci set firewall.tszone.name='tailscale'
|
||||
if [ "$ts0" = *$'\n'* ]; then
|
||||
printf '%s\n' "$ts0" | IFS=$'\n' read -ra ts0_array
|
||||
uci add_list firewall.tszone.network ${ts0_array[@]}
|
||||
else
|
||||
uci set firewall.tszone.network=$ts0
|
||||
fi
|
||||
fi
|
||||
else
|
||||
uci -q delete firewall.tszone
|
||||
fi
|
||||
|
||||
config_get access $cfg 'access'
|
||||
if [ "${access//tsfwlan/}" != "$access" ]; then
|
||||
uci set firewall.tsfwlan=forwarding
|
||||
uci set firewall.tsfwlan.dest='lan'
|
||||
uci set firewall.tsfwlan.src='tailscale'
|
||||
else
|
||||
uci -q delete firewall.tsfwlan
|
||||
fi
|
||||
if [ "${access//tsfwwan/}" != "$access" ]; then
|
||||
uci set firewall.tsfwwan=forwarding
|
||||
uci set firewall.tsfwwan.dest='wan'
|
||||
uci set firewall.tsfwwan.src='tailscale'
|
||||
else
|
||||
uci -q delete firewall.tsfwwan
|
||||
fi
|
||||
if [ "${access//lanfwts/}" != "$access" ]; then
|
||||
uci set firewall.lanfwts=forwarding
|
||||
uci set firewall.lanfwts.dest='tailscale'
|
||||
uci set firewall.lanfwts.src='lan'
|
||||
else
|
||||
uci -q delete firewall.lanfwts
|
||||
fi
|
||||
if [ "${access//wanfwts/}" != "$access" ]; then
|
||||
uci set firewall.wanfwts=forwarding
|
||||
uci set firewall.wanfwts.dest='tailscale'
|
||||
uci set firewall.wanfwts.src='wan'
|
||||
else
|
||||
uci -q delete firewall.wanfwts
|
||||
fi
|
||||
|
||||
[ -n "$(uci changes network)" ] && uci commit network && /etc/init.d/network reload
|
||||
[ -n "$(uci changes firewall)" ] && uci commit firewall && /etc/init.d/firewall reload
|
||||
rm /var/run/tailscale.wait.pid
|
||||
) &
|
||||
}
|
||||
|
||||
start_instance() {
|
||||
local cfg="$1"
|
||||
local port std_err std_out config_path
|
||||
local port config_path fw_mode std_out std_err state_file
|
||||
local ARGS=""
|
||||
|
||||
if ! section_enabled "$cfg"; then
|
||||
@@ -27,34 +134,23 @@ start_instance() {
|
||||
return 1
|
||||
fi
|
||||
|
||||
[ -d /etc/tailscale ] || mkdir -p /etc/tailscale
|
||||
config_path=/etc/tailscale
|
||||
config_get port $cfg 'port'
|
||||
config_get config_path $cfg 'config_path'
|
||||
config_get fw_mode $cfg 'fw_mode'
|
||||
config_get_bool std_out $cfg 'log_stdout'
|
||||
config_get_bool std_err $cfg 'log_stderr'
|
||||
|
||||
config_get_bool std_out $cfg log_stdout 1
|
||||
config_get_bool std_err $cfg log_stderr 1
|
||||
config_get port $cfg port 41641
|
||||
config_get state_file $cfg state_file /etc/tailscale/tailscaled.state
|
||||
config_get fw_mode $cfg fw_mode nftables
|
||||
[ -d $config_path ] || mkdir -p $config_path
|
||||
[ -d $CONFIG_PATH ] || mkdir -p $CONFIG_PATH
|
||||
state_file=$config_path/tailscaled.state
|
||||
|
||||
/usr/sbin/tailscaled --cleanup
|
||||
|
||||
# Remove existing link or folder
|
||||
rm -rf $CONFIG_PATH
|
||||
|
||||
# Create link from CONFIG_PATH to config_path
|
||||
if [ -n "$config_path" -a "$config_path" != $CONFIG_PATH ]; then
|
||||
if [ ! -d "$config_path" ]; then
|
||||
echo "Tailscale config_path does not exist: $config_path"
|
||||
return
|
||||
fi
|
||||
ln -s $config_path $CONFIG_PATH
|
||||
fi
|
||||
|
||||
[ -n "$port" ] && ARGS="$ARGS --port $port"
|
||||
[ -n "$port" ] && ARGS="$ARGS --port $port"
|
||||
[ -n "$state_file" ] && ARGS="$ARGS --state $state_file"
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command $PROG $ARGS
|
||||
procd_set_param command $PROGD $ARGS
|
||||
|
||||
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode"
|
||||
|
||||
@@ -67,14 +163,30 @@ start_instance() {
|
||||
start_service() {
|
||||
config_load 'tailscale'
|
||||
config_foreach start_instance 'tailscale'
|
||||
config_foreach custom_instance 'tailscale'
|
||||
}
|
||||
|
||||
stop_instance() {
|
||||
local cfg="$1"
|
||||
/usr/sbin/tailscaled --cleanup
|
||||
|
||||
# Remove network interfaces
|
||||
ts0="$(ifconfig | grep 'tailscale' | awk '{print $1}')"
|
||||
for i in ${ts0}
|
||||
do
|
||||
uci -q delete network.$i
|
||||
done
|
||||
|
||||
# Remove firewall settings
|
||||
uci -q delete firewall.tszone
|
||||
uci -q delete firewall.tsfwlan
|
||||
uci -q delete firewall.tsfwwan
|
||||
uci -q delete firewall.lanfwts
|
||||
uci -q delete firewall.wanfwts
|
||||
[ -n "$(uci changes network)" ] && uci commit network && /etc/init.d/network reload
|
||||
[ -n "$(uci changes firewall)" ] && uci commit firewall && /etc/init.d/firewall reload
|
||||
|
||||
# Remove existing link or folder
|
||||
rm -rf $CONFIG_PATH/*.log*
|
||||
rm -rf $CONFIG_PATH
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user