Add tailscale app (#1248)

apps/registry.json

@@ -896,5 +896,27 @@
         "path": "",
         "deterministicPassword": true,
         "torOnly": false
+    },
+    {
+        "id": "tailscale",
+        "category": "Networking",
+        "name": "Tailscale",
+        "version": "1.20.2",
+        "tagline": "Zero config VPN to access your Umbrel from anywhere",
+        "description": "Tailscale is zero config VPN that creates a secure network between your Umbrel and your other devices. Even when separated by firewalls or subnets, Tailscale just works.\n\nTailscale will assign your Umbrel a stable IP and an auto-assigned domain that stays consistent, no matter what network your Umbrel is connected to. It’s like a local network that works everywhere.\n\nTailscale builds on top of WireGuard®’s Noise protocol encryption, a peer-reviewed and trusted standard.",
+        "developer": "Tailscale Inc",
+        "website": "https://tailscale.com",
+        "dependencies": [],
+        "repo": "https://github.com/tailscale/tailscale",
+        "support": "https://tailscale.com/contact/support",
+        "port": 2100,
+        "gallery": [
+            "1.jpg",
+            "2.jpg",
+            "3.jpg"
+        ],
+        "path": "",
+        "deterministicPassword": false,
+        "torOnly": false
     }
 ]

apps/tailscale/docker-compose.yml

@@ -0,0 +1,11 @@
+version: "3.7"
+
+services:
+  web:
+    network_mode: "host" # TODO: We can remove this later with some iptables magic
+    image: tailscale/tailscale:v1.20.2@sha256:ce7d5663390a170eb9f05789c00b069a2cd3cea185ce15231e9f77ad8d016d49
+    restart: on-failure
+    stop_grace_period: 1m
+    command: "sh -c 'tailscale web --listen 0.0.0.0:${APP_TAILSCALE_PORT} & exec tailscaled --tun=userspace-networking'"
+    volumes:
+      - ${APP_DATA_DIR}/data:/var/lib

scripts/configure

@@ -241,6 +241,8 @@ APP_URBIT_PORT="8090"
 APP_URBIT_P2P_PORT="34343"
 APP_USOCIAL_IP="10.21.21.77"
 APP_USOCIAL_PORT="8448"
+APP_TAILSCALE_IP="10.21.21.80"
+APP_TAILSCALE_PORT="2100"
 
 # Generate RPC credentials
 if [[ -z ${BITCOIN_RPC_USER+x} ]] || [[ -z ${BITCOIN_RPC_PASS+x} ]] || [[ -z ${BITCOIN_RPC_AUTH+x} ]]; then
@@ -482,6 +484,8 @@ for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "
   sed -i "s/<app-urbit-p2p-port>/${APP_URBIT_P2P_PORT}/g" "${template}"
   sed -i "s/<app-usocial-ip>/${APP_USOCIAL_IP}/g" "${template}"
   sed -i "s/<app-usocial-port>/${APP_USOCIAL_PORT}/g" "${template}"
+  sed -i "s/<app-tailscale-ip>/${APP_TAILSCALE_IP}/g" "${template}"
+  sed -i "s/<app-tailscale-port>/${APP_TAILSCALE_PORT}/g" "${template}"
 done
 
 ##########################################################

templates/.env-sample

@@ -139,3 +139,5 @@ APP_URBIT_PORT=<app-urbit-port>
 APP_URBIT_P2P_PORT=<app-urbit-p2p-port>
 APP_USOCIAL_IP=<app-usocial-ip>
 APP_USOCIAL_PORT=<app-usocial-port>
+APP_TAILSCALE_IP=<app-tailscale-ip>
+APP_TAILSCALE_PORT=<app-tailscale-port>

templates/torrc-server-sample

@@ -205,3 +205,7 @@ HiddenServicePort 80 <app-urbit-ip>:<app-urbit-port>
 # usocial Hidden Service
 HiddenServiceDir /data/app-usocial
 HiddenServicePort 80 <app-usocial-ip>:5000
+
+# tailscale Hidden Service
+HiddenServiceDir /data/app-tailscale
+HiddenServicePort 80 <app-tailscale-ip>:<app-tailscale-port>