03b49ab6e5
1. you can integrate additional flags within the Extra Settings. 2. refactor UI 3. bump version to v1.1.0.
212 lines
6.0 KiB
Bash
Executable File
212 lines
6.0 KiB
Bash
Executable File
#!/bin/sh /etc/rc.common
|
|
|
|
START=90
|
|
|
|
USE_PROCD=1
|
|
|
|
PROG=/usr/sbin/tailscale
|
|
PROGD=/usr/sbin/tailscaled
|
|
CONFIG_PATH=/var/lib/tailscale
|
|
|
|
service_triggers() {
|
|
procd_add_reload_trigger "tailscale"
|
|
procd_add_interface_trigger "interface.*.up" wan /etc/init.d/tailscale reload
|
|
}
|
|
|
|
section_enabled() {
|
|
config_get_bool enabled "$1" 'enabled' 0
|
|
[ $enabled -gt 0 ]
|
|
}
|
|
|
|
custom_instance() {
|
|
local cfg="$1"
|
|
local acceptRoutes hostname acceptDNS advertiseExitNode advertiseRoutes s2s flags loginServer authkey std_out std_err
|
|
local ARGS=" up --reset"
|
|
|
|
if ! section_enabled "$cfg"; then
|
|
echo "disabled in config"
|
|
return 1
|
|
fi
|
|
|
|
config_get_bool acceptRoutes $cfg 'acceptRoutes'
|
|
config_get hostname $cfg 'hostname'
|
|
config_get_bool acceptDNS $cfg 'acceptDNS'
|
|
config_get_bool advertiseExitNode $cfg 'advertiseExitNode'
|
|
config_get advertiseRoutes $cfg 'advertiseRoutes'
|
|
config_get_bool s2s $cfg 's2s'
|
|
config_get flags $cfg 'flags'
|
|
config_get loginServer $cfg 'loginServer'
|
|
config_get authkey $cfg 'authkey'
|
|
config_get_bool std_out $cfg 'log_stdout'
|
|
config_get_bool std_err $cfg 'log_stderr'
|
|
|
|
[ "$acceptRoutes" = "1" ] && ARGS="$ARGS --accept-routes=true"
|
|
[ -n "$hostname" ] && ARGS="$ARGS --hostname=$hostname"
|
|
[ "$acceptDNS" = "0" ] && ARGS="$ARGS --accept-dns=false"
|
|
[ "$advertiseExitNode" = "1" ] && ARGS="$ARGS --advertise-exit-node"
|
|
[ -n "$advertiseRoutes" ] && ARGS="$ARGS --advertise-routes=$advertiseRoutes"
|
|
[ "$s2s" = "1" ] && ARGS="$ARGS --snat-subnet-routes=false --stateful-filtering=false"
|
|
[ -n "$flags" ] && ARGS="$ARGS $flags"
|
|
[ -n "$loginServer" ] && ARGS="$ARGS --login-server=$loginServer"
|
|
[ -n "$authkey" ] && ARGS="$ARGS --authkey=$authkey"
|
|
|
|
procd_open_instance
|
|
procd_set_param command $PROG $ARGS
|
|
procd_set_param stdout "$std_out"
|
|
procd_set_param stderr "$std_err"
|
|
procd_close_instance
|
|
(
|
|
[ -f "/var/run/tailscale.wait.pid" ] && return
|
|
touch /var/run/tailscale.wait.pid
|
|
count=0
|
|
while [ -z "$(ifconfig | grep 'tailscale' | awk '{print $1}')" ] || [ -z "$(tailscale ip -4)" ]
|
|
do
|
|
sleep 2
|
|
let count++
|
|
[ "${count}" -ge 5 ] && { rm /var/run/tailscale.wait.pid; exit 19; }
|
|
done
|
|
ts0=$(ifconfig | grep 'tailscale' | awk '{print $1}')
|
|
if [ -z "$(uci -q get network.tailscale)" ]; then
|
|
uci set network.tailscale='interface'
|
|
if [ "$ts0" = *$'\n'* ]; then
|
|
uci set network.ts_lan='device'
|
|
uci set network.ts_lan.type='bridge'
|
|
uci set network.ts_lan.name='ts-lan'
|
|
for port in "${ts0}"; do
|
|
uci add_list network.ts_lan.ports=$port
|
|
done
|
|
uci set network.tailscale.proto='none'
|
|
uci set network.tailscale.device='ts-lan'
|
|
else
|
|
ts_ip=$(tailscale ip -4)
|
|
uci set network.tailscale.proto='static'
|
|
uci set network.tailscale.ipaddr=$ts_ip
|
|
uci set network.tailscale.netmask='255.0.0.0'
|
|
uci set network.tailscale.device=$ts0
|
|
fi
|
|
fi
|
|
|
|
config_get_bool acceptRoutes $cfg 'acceptRoutes'
|
|
if [ "$acceptRoutes" == "1" ]; then
|
|
if [ -z "$(uci -q get firewall.tszone)" ]; then
|
|
uci set firewall.tszone='zone'
|
|
uci set firewall.tszone.input='ACCEPT'
|
|
uci set firewall.tszone.output='ACCEPT'
|
|
uci set firewall.tszone.forward='REJECT'
|
|
uci set firewall.tszone.masq='1'
|
|
uci set firewall.tszone.name='tailscale'
|
|
uci set firewall.tszone.network='tailscale'
|
|
fi
|
|
else
|
|
uci -q delete firewall.tszone
|
|
fi
|
|
|
|
config_get access $cfg 'access'
|
|
if [ "${access//tsfwlan/}" != "$access" ]; then
|
|
uci set firewall.tsfwlan=forwarding
|
|
uci set firewall.tsfwlan.dest='lan'
|
|
uci set firewall.tsfwlan.src='tailscale'
|
|
else
|
|
uci -q delete firewall.tsfwlan
|
|
fi
|
|
if [ "${access//tsfwwan/}" != "$access" ]; then
|
|
uci set firewall.tsfwwan=forwarding
|
|
uci set firewall.tsfwwan.dest='wan'
|
|
uci set firewall.tsfwwan.src='tailscale'
|
|
else
|
|
uci -q delete firewall.tsfwwan
|
|
fi
|
|
if [ "${access//lanfwts/}" != "$access" ]; then
|
|
uci set firewall.lanfwts=forwarding
|
|
uci set firewall.lanfwts.dest='tailscale'
|
|
uci set firewall.lanfwts.src='lan'
|
|
else
|
|
uci -q delete firewall.lanfwts
|
|
fi
|
|
if [ "${access//wanfwts/}" != "$access" ]; then
|
|
uci set firewall.wanfwts=forwarding
|
|
uci set firewall.wanfwts.dest='tailscale'
|
|
uci set firewall.wanfwts.src='wan'
|
|
else
|
|
uci -q delete firewall.wanfwts
|
|
fi
|
|
|
|
[ -n "$(uci changes network)" ] && uci commit network && /etc/init.d/network reload
|
|
[ -n "$(uci changes firewall)" ] && uci commit firewall && /etc/init.d/firewall reload
|
|
rm /var/run/tailscale.wait.pid
|
|
) &
|
|
}
|
|
|
|
start_instance() {
|
|
local cfg="$1"
|
|
local port config_path fw_mode std_out std_err state_file
|
|
local ARGS=""
|
|
|
|
if ! section_enabled "$cfg"; then
|
|
echo "disabled in config"
|
|
return 1
|
|
fi
|
|
|
|
config_get port $cfg 'port'
|
|
config_get config_path $cfg 'config_path'
|
|
config_get fw_mode $cfg 'fw_mode'
|
|
config_get_bool std_out $cfg 'log_stdout'
|
|
config_get_bool std_err $cfg 'log_stderr'
|
|
|
|
[ -d $config_path ] || mkdir -p $config_path
|
|
[ -d $CONFIG_PATH ] || mkdir -p $CONFIG_PATH
|
|
state_file=$config_path/tailscaled.state
|
|
|
|
/usr/sbin/tailscaled --cleanup
|
|
|
|
[ -n "$port" ] && ARGS="$ARGS --port $port"
|
|
[ -n "$state_file" ] && ARGS="$ARGS --state $state_file"
|
|
|
|
procd_open_instance
|
|
procd_set_param command $PROGD $ARGS
|
|
|
|
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode"
|
|
|
|
procd_set_param respawn
|
|
procd_set_param stdout "$std_out"
|
|
procd_set_param stderr "$std_err"
|
|
procd_close_instance
|
|
}
|
|
|
|
start_service() {
|
|
config_load 'tailscale'
|
|
config_foreach start_instance 'tailscale'
|
|
config_foreach custom_instance 'tailscale'
|
|
}
|
|
|
|
stop_instance() {
|
|
local cfg="$1"
|
|
/usr/sbin/tailscaled --cleanup
|
|
|
|
# Remove network settings
|
|
uci -q delete network.tailscale
|
|
uci -q delete network.ts_lan
|
|
|
|
# Remove firewall settings
|
|
uci -q delete firewall.tszone
|
|
uci -q delete firewall.tsfwlan
|
|
uci -q delete firewall.tsfwwan
|
|
uci -q delete firewall.lanfwts
|
|
uci -q delete firewall.wanfwts
|
|
[ -n "$(uci changes network)" ] && uci commit network && /etc/init.d/network reload
|
|
[ -n "$(uci changes firewall)" ] && uci commit firewall && /etc/init.d/firewall reload
|
|
|
|
# Remove existing link or folder
|
|
rm -rf $CONFIG_PATH
|
|
}
|
|
|
|
stop_service() {
|
|
config_load 'tailscale'
|
|
config_foreach stop_instance 'tailscale'
|
|
}
|
|
|
|
reload_service() {
|
|
stop
|
|
start
|
|
}
|