Skip to content

tailscale: persist state across container restarts #48

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 13, 2025
Merged

tailscale: persist state across container restarts #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,17 @@ sudo tailscale up --accept-routes
You'll only need to run `tailscale up` once per Codespace.
The Tailscale state will be saved between rebuilds.

## Details

- A mount is added called `tailscale-${devcontainerId}` mapped to
`/var/lib/tailscale` to persist taislcaled state across devcontainer rebuilds,
so a single devcontainer will remain logged in for the devcontainer lifetime.
- The feature requires `CAP_NET_ADMIN` in order to configure certain network
properties for kernel mode tailscale.
- The feature requires kernel tun support in the runtime and `CAP_MKNOD` so that
it can create a tun device node if needed.
- `CAP_NET_RAW` enables the feature to send ICMP.

## Development

A convenient way to develop this feature is to use codespaces, as they start by
Expand Down
9 changes: 8 additions & 1 deletion src/tailscale/devcontainer-feature.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,5 +13,12 @@
"default": "latest",
"description": "Version of Tailscale to download"
}
}
},
"mounts": [
{
"source": "tailscale-${devcontainerId}",
"target": "/var/lib/tailscale",
"type": "volume"
}
]
}
3 changes: 2 additions & 1 deletion src/tailscale/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ install -D "$scratch_dir/tailscale" /usr/local/bin/tailscale
install -D "$scratch_dir/tailscaled" /usr/local/sbin/tailscaled
install -D "$script_dir/tailscaled-entrypoint.sh" /usr/local/sbin/tailscaled-entrypoint

mkdir -p /var/lib/tailscale /var/run/tailscale
mkdir -p /var/lib/tailscale /var/run/tailscale /var/log
touch /var/log/tailscaled.log

if ! command -v iptables >& /dev/null; then
if command -v apt-get >& /dev/null; then
Expand Down
15 changes: 2 additions & 13 deletions src/tailscale/tailscaled-entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,28 +30,17 @@ if [[ "$(id -u)" -eq 0 ]]; then
mknod /dev/net/tun c 10 200
fi
check_userspace
mkdir -p /workspaces/.tailscale /var/log
touch $TAILSCALED_LOG
>$TAILSCALED_LOG 2>&1 \
/usr/local/sbin/tailscaled \
--statedir=/workspaces/.tailscale/ \
--socket=$TAILSCALED_SOCK \
--port=41641 &
>$TAILSCALED_LOG 2>&1 /usr/local/sbin/tailscaled &
TAILSCALED_PID=$!
elif command -v sudo > /dev/null; then
if [[ ! -c /dev/net/tun ]]; then
sudo --non-interactive mkdir -p /dev/net
sudo --non-interactive mknod /dev/net/tun c 10 200
fi
check_userspace
sudo --non-interactive mkdir -p /workspaces/.tailscale /var/log
sudo --non-interactive touch $TAILSCALED_LOG
>$TAILSCALED_LOG 2>&1 \
sudo --non-interactive "TS_DEBUG_FIREWALL_MODE=$TS_DEBUG_FIREWALL_MODE" \
/usr/local/sbin/tailscaled \
--statedir=/workspaces/.tailscale/ \
--socket=$TAILSCALED_SOCK \
--port=41641 &
/usr/local/sbin/tailscaled &
TAILSCALED_PID=$!
else
>&2 echo "tailscaled could not start as root."
Expand Down