tailscale / codespace Goto Github PK

View Code? Open in Web Editor NEW

71.0 71.0 46.0 117 KB

Experimenting with codespaces

License: BSD 3-Clause "New" or "Revised" License

Shell 100.00%

codespace's Introduction

Tailscale

https://tailscale.com

Private WireGuard® networks made easy

Overview

This repository contains the majority of Tailscale's open source code. Notably, it includes the tailscaled daemon and the tailscale CLI tool. The tailscaled daemon runs on Linux, Windows, macOS, and to varying degrees on FreeBSD and OpenBSD. The Tailscale iOS and Android apps use this repo's code, but this repo doesn't contain the mobile GUI code.

Other Tailscale repos of note:

the Android app is at https://github.com/tailscale/tailscale-android
the Synology package is at https://github.com/tailscale/tailscale-synology
the QNAP package is at https://github.com/tailscale/tailscale-qpkg
the Chocolatey packaging is at https://github.com/tailscale/tailscale-chocolatey

For background on which parts of Tailscale are open source and why, see https://tailscale.com/opensource/.

Using

We serve packages for a variety of distros and platforms at https://pkgs.tailscale.com.

Other clients

The macOS, iOS, and Windows clients use the code in this repository but additionally include small GUI wrappers. The GUI wrappers on non-open source platforms are themselves not open source.

Building

We always require the latest Go release, currently Go 1.22. (While we build releases with our Go fork, its use is not required.)

go install tailscale.com/cmd/tailscale{,d}

If you're packaging Tailscale for distribution, use build_dist.sh instead, to burn commit IDs and version info into the binaries:

./build_dist.sh tailscale.com/cmd/tailscale
./build_dist.sh tailscale.com/cmd/tailscaled

If your distro has conventions that preclude the use of build_dist.sh, please do the equivalent of what it does in your distro's way, so that bug reports contain useful version information.

Bugs

Please file any issues about this code or the hosted service on the issue tracker.

Contributing

PRs welcome! But please file bugs. Commit messages should reference bugs.

We require Developer Certificate of Origin Signed-off-by lines in commits.

See git log for our commit message style. It's basically the same as Go's style.

About Us

Tailscale is primarily developed by the people at https://github.com/orgs/tailscale/people. For other contributors, see:

Legal

WireGuard is a registered trademark of Jason A. Donenfeld.

codespace's People

Contributors

Stargazers

Watchers

Forkers

ghuntley legomushroom brickseek shellerci iyaja tosh joshua-noakes1 isabella232 platespinners anshuman852 sailingnumbers danielv123 dverschaeve bonitao agneevx chrishutchison9 gbraad ilkersigirci billimek zhangxiubo patrickhaussmann zombiezen slappyboy12122 shmatt intellis-team titanous peterwald lou-lan fiddleonloose alyxdeburca sec-alebrijecircus-x artis3n rhettg xuede jacob-ja-shanks huw kwekewk metcalfc nthon xxynly wan0net ubuntu2310fake oznakn

codespace's Issues

Can't connect to Codespace using an exit node

After running tailscale up with an --exit-node the connection to the Codespace goes away and I'm unable to connect to the Codespace again.

Also tried with more options:

sudo tailscale up --accept-routes --exit-node=100.x.x.x --exit-node-allow-lan-access=true

TERMUX - SENARAI PKG PENTING (NEWBORN)

MUAT TURUN APLIKASI TERMUX
Pastikan anda muat turun aplikasi TERMUX dari sumber yang betul.

• Muat turun aplikasi F-Droid
Muat turun : https://f-droid.org/F-Droid.apk

• Muat turun dan Pasang TERMUX dari aplikasi F-Droid tersebut.

Failed to download package for ghcr.io/tailscale/codespace

I can't seem to get this to work anymore. I created a test repository here and it fails to create a codespace with the devcontainer.json configured as

{
  "image":"mcr.microsoft.com/devcontainers/universal:2",
  "runArgs": ["--device=/dev/net/tun"],
  "features": {
    // ...
    "ghcr.io/tailscale/codespace": {}
    // ...
  }
}

I see:

=================================================================
2023-07-19 21:00:15.891Z: Creating container...
2023-07-19 21:00:15.893Z: $ devcontainer up --id-label Type=codespaces --workspace-folder /var/lib/docker/codespacemount/workspace/stunning-sniffle --mount type=bind,source=/.codespaces/agent/mount/cache,target=/vscode --user-data-folder /var/lib/docker/codespacemount/.persistedshare --container-data-folder .vscode-remote/data/Machine --container-system-data-folder /var/vscode-remote --log-level trace --log-format json --update-remote-user-uid-default never --mount-workspace-git-root false --omit-config-remote-env-from-metadata --skip-non-blocking-commands --skip-post-create --remove-existing-container --config "/var/lib/docker/codespacemount/workspace/stunning-sniffle/.devcontainer/devcontainer.json" --override-config /root/.codespaces/shared/merged_devcontainer.json --default-user-env-probe loginInteractiveShell --container-session-data-folder /workspaces/.codespaces/.persistedshare/devcontainers-cli/cache --secrets-file /root/.codespaces/shared/user-secrets-envs.json
2023-07-19 21:00:16.105Z: @devcontainers/cli 0.48.0. Node.js v18.16.1. linux 5.15.0-1041-azure x64.
2023-07-19 21:00:16.752Z: Resolving Feature dependencies for 'ghcr.io/tailscale/codespace'...
2023-07-19 21:00:17.898Z: {"outcome":"error","message":"Failed to download package for ghcr.io/tailscale/codespace","description":"An error occurred setting up the container."}
2023-07-19 21:00:17.902Z: Error: Failed to download package for ghcr.io/tailscale/codespace
2023-07-19 21:00:17.903Z:     at fg (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1830:18327)
2023-07-19 21:00:17.904Z:     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
2023-07-19 21:00:17.905Z:     at async pN (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1830:25540)
2023-07-19 21:00:17.907Z:     at async Lee (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1830:24135)
2023-07-19 21:00:17.909Z:     at async Lf (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1830:26289)
2023-07-19 21:00:17.911Z:     at async mg (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1830:26513)
2023-07-19 21:00:17.913Z:     at async xg (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1935:2368)
2023-07-19 21:00:17.914Z:     at async zf (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1937:1830)
2023-07-19 21:00:17.916Z:     at async Fg (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:1937:280)
2023-07-19 21:00:17.919Z:     at async cC (/usr/lib/node_modules/@devcontainers/cli/dist/spec-node/devContainersSpecCLI.js:2007:1729)
2023-07-19 21:00:17.920Z: devcontainer process exited with exit code 1

====================================== ERROR ====================================
2023-07-19 21:00:17.939Z: Failed to create container.
=================================================================================
2023-07-19 21:00:17.944Z: Error: Failed to download package for ghcr.io/tailscale/codespace
2023-07-19 21:00:17.945Z: Error code: 1302 (UnifiedContainersErrorFatalCreatingContainer)

====================================== ERROR ====================================
2023-07-19 21:00:17.959Z: Container creation failed.
=================================================================================

Is this just me? Am I doing something wrong?

Example config seems incorrect

When adding this:

  "runArgs": [
    "--device=/dev/net/tun"
  ]

I get the following error: Property runArgs is not allowed..

Not sure if it is something with my setup, but happens with Codespaces and Docker dev containers.

Can't update tailscale

I set this up and it's working great but my tailscale version is stuck at 1.36.2 and can't update using any of the manual methods described on the Tailscale site. Also can't seem to turn on auto-update. I have tried all methods as the user and and after using sudo su root.

Anyone have any success updating Tailscale after initially installing it into your Codespace?

Daemon does not start automatically

After the codespace is built including the feature (which now is available, thank you), I try the following:

tailscale up --accept-routes
failed to connect to local tailscaled; it doesn't appear to be running (sudo systemctl start tailscaled ?)

However, if I manually enter (copied from tailscaled-entrypoint.sh):

 sudo /usr/local/sbin/tailscaled  --statedir=/workspaces/.tailscale/  --socket=/var/run/tailscale/tailscaled.sock  --port=41641

I can then use sudo tailscale up --accept-routes (note the sudo; it doesn't work without it)

I suspect that you may be expecting remoteUser to be root (which is not the default for codespaces)?

DNS doesn't resolve in codespace

Seems like tailscaled is unable to update the dns resolver settings.

Tailscaled log:

logtail started
Program starting: v1.34.1-t328b49c4d-g921b59a2e, Go 1.19.2-ts3fd24dee31: []string{"tailscaled", "--state=mem:"}
LogID: xxxxx
logpolicy: using system state directory "/var/lib/tailscale"
logpolicy.ConfigFromFile /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
logpolicy.Config.Validate for /var/lib/tailscale/tailscaled.log.conf: config is nil
wgengine.NewUserspaceEngine(tun "tailscale0") ...
setting link attributes: netlink receive: no such file or directory
router: v6nat = true
dns: resolvedIsActuallyResolver error: resolv.conf doesn't point to systemd-resolved; points to [127.0.0.53 168.63.129.16]
dns: [rc=resolved resolved=not-in-use ret=direct]
dns: using "direct" mode
dns: using *dns.directManager
link state: interfaces.State{defaultRoute=eth0 ifs={docker0:[172.17.0.1/16] eth0:[172.16.5.4/24]} v4=true v6=false}
magicsock: disco key = d:xxxxx
Creating WireGuard device...
Bringing WireGuard device up...
external route: up
Bringing router up...
Clearing router settings...
Starting link monitor...
Engine created.
pm: migrating "_daemon" profile to new format
got LocalBackend in 2.104s
Start
Backend: logs: be:xxxxx fe:
Switching ipn state NoState -> NeedsLogin (WantRunning=false, nm=false)
blockEngineUpdates(true)
wgengine: Reconfig: configuring userspace WireGuard config (with 0/0 peers)
wgengine: Reconfig: configuring router
wgengine: Reconfig: configuring DNS
dns: Set: {DefaultResolvers:[] Routes:{} SearchDomains:[] Hosts:0}
dns: Resolvercfg: {Routes:{} Hosts:0 LocalDomains:[]}
dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[] Hosts:[]}
health("overall"): error: state=NeedsLogin, wantRunning=false
Start
generating new machine key
machine key written to store
Backend: logs: be:xxxxx fe:
Switching ipn state NoState -> NeedsLogin (WantRunning=true, nm=false)
blockEngineUpdates(true)
control: client.Shutdown()
control: client.Shutdown: inSendStatus=0
control: mapRoutine: quit
control: Client.Shutdown done.
StartLoginInteractive: url=false
control: client.Login(false, 6)
control: LoginInteractive -> regen=true
control: doLogin(regen=true, hasUrl=false)
control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
control: Generating a new nodekey.
control: RegisterReq: onode= node=[Zi5HA] fup=false nks=false
control: creating new noise client
control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=false; authURL=true
control: AuthURL is https://login.tailscale.com/a/xxxxxxxx
Received auth URL: https://login.tailsc...
popBrowserAuthNow: url=true
blockEngineUpdates(true)
stopEngineAndWait...
requestEngineStatusAndWait
requestEngineStatusAndWait: waiting...
requestEngineStatusAndWait: got status update.
stopEngineAndWait: done.
control: doLogin(regen=false, hasUrl=true)
control: RegisterReq: onode= node=[Zi5HA] fup=true nks=false
control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
blockEngineUpdates(false)
active login: xxxx
Switching ipn state NeedsLogin -> Starting (WantRunning=true, nm=true)
magicsock: SetPrivateKey called (init)
wgengine: Reconfig: configuring userspace WireGuard config (with 1/5 peers)
wgengine: Reconfig: configuring router
monitor: RTM_NEWROUTE: src=, dst=10.xx.0.0/16, gw=, outif=10, table=52
monitor: RTM_NEWROUTE: src=, dst=10.xx.xx.0/24, gw=, outif=10, table=52
Taildrop disabled; no state directory
peerapi starting without Taildrop directory configured
peerapi: serving on http://100.64.222.158:33280
peerapi: serving on http://[fd7a:115c:a1e0:efe3::6440:de9e]:33280
Switching ipn state Starting -> Running (WantRunning=true, nm=true)
health("router"): error: setting up filter/ts-input: running [/usr/sbin/ip6tables -t filter -N ts-input --wait]: exit status 3: ip6tables v1.8.4 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
magicsock: home is now derp-14 (ams)
magicsock: endpoints changed: 20.234.135.20:1025 (stun), 172.16.5.4:60438 (local), 172.17.0.1:60438 (local)
control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false ipv6os=true udp=true icmpv4=false derp=#14 portmap= link=""}
magicsock: adding connection to derp-14 for home-keep-alive
magicsock: 1 active derp conns: derp-14=cr0s,wr0s
derphttp.Client.Connect: connecting to derp-14 (ams)
magicsock: derp-14 connected; connGen=1
network-lock unavailable; no state directory

/etc/resolv.conf:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "systemd-resolve --status" to see details about the actual nameservers.

nameserver 127.0.0.53
search k3lhcgm3d11urhp2rjmnl5p2jd.ax.internal.cloudapp.net
options timeout:1 attempts:5
nameserver 168.63.129.16

devcontainer.json

{
  "runArgs": ["--device=/dev/net/tun"],
  "features": {
      // ...
      "ghcr.io/tailscale/codespace/tailscale": {}
      // ...
  }
}

dig output

$ dig xxx.tailxxxx.ts.net

; <<>> DiG 9.16.1-Ubuntu <<>> xxx.tailxxxx.ts.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15864
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;xxx.tailxxxx.ts.net.         IN      A

;; Query time: 120 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Thu Jan 12 09:57:29 UTC 2023
;; MSG SIZE  rcvd: 50

$ dig @100.100.100.100 xxx.tailxxxx.ts.net

; <<>> DiG 9.16.1-Ubuntu <<>> @100.100.100.100 xxx.tailxxxx.ts.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19364
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;xxx.tailxxxx.ts.net.         IN      A

;; Query time: 0 msec
;; SERVER: 100.100.100.100#53(100.100.100.100)
;; WHEN: Thu Jan 12 09:57:34 UTC 2023
;; MSG SIZE  rcvd: 39

When doing that last one, I get the following in tailscaled log:

dns: resolver: forward: no upstream resolvers set, returning SERVFAIL

List on containers.dev

This may have been originally written for Codespaces, but Codespaces are basically just fancy devcontainers and this works just fine in a regular devcontainer like in VSCode. If you list this on containers.dev it will be easily discoverable to anyone using devcontainers. You can do so by creating a PR for this file https://github.com/devcontainers/devcontainers.github.io/blob/gh-pages/_data/collection-index.yml

more info https://containers.dev/features

Feature package not public

Great to see this, after dealing with getting the docker layers working.

However, I don't think you've flagged the feature as public yet, as it appears as unavailable

Implement as Dev Container "feature"?

Would there be interest in restructuring this as a Dev Container "feature"? This would allow any project to add Tailscale in as a one-line mix-in rather than having to build off this base image, like:

"features": {
  "ghcr.io/tailscale/codespace": {}
}

I'd be willing to contribute this if it is of interest.