32 Commits

Author	SHA1	Message	Date
Andrey Smirnov	3698471739	fix: install iptables correctly into tailscale extension ... See https://github.com/siderolabs/extensions/issues/1061 Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2026-05-04 16:09:33 +04:00
Noel Georgi	fb4eb042d7	feat: consolidate extension services ... Consolidate extension services to be self contained, don't pollute rootfs or mount up libraries from host unless absolutely needed. Fixes: #876 Fixes: https://github.com/siderolabs/talos/issues/12667 Signed-off-by: Noel Georgi <git@frezbo.dev>	2026-02-18 21:47:18 +05:30
Andrey Smirnov	263f699ea4	chore: annotate extensions with tiers ... Fixes #10940 Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2025-08-26 20:58:30 +04:00
Dmitrii Sharshakov	cd4673697a	feat: add SBOM to some extensions ... Tailscale is built here, with SBOM generated in its pkg.yaml, and nvidia-lts copies SBOM from pkgs. Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>	2025-07-15 18:36:21 +02:00
Noel Georgi	21b44b1559	fix: tailscale static builds ... Moving to new toolchain meant we didn't set `CGO_ENABLED=0` from bldr anymore. Explicitly set it. Signed-off-by: Noel Georgi <git@frezbo.dev>	2025-05-24 11:56:32 +05:30
Andrew Rynhard	5bf5413437	fix: add SSL mount to Tailscale ... Fixes 'x509: certificate signed by unknown authority' Signed-off-by: Andrew Rynhard <andrew@rynhard.io>	2025-04-17 08:00:48 -05:00
Dmitrii Sharshakov	da519cf25a	feat: update various extensions ... Updated Gvisor, Kata-containers, crun, Glib, Glibc, libseccomp, Open-iSCSI, mdadm, ecr-credential-provider, qemu-guest-agent, tailscale, as well as pkgs and wolfi-base base images Move all hashes to vars for easier updates Use tools instead of base Remove dependency on packages which are in tools Signed-off-by: Dmitrii Sharshakov <dmitry.sharshakov@siderolabs.com>	2025-03-10 21:23:04 +01:00
Dmitry Sharshakov	5cd226e3ea	chore: build with new toolchain ... Move modules, firmware and libraries to accommodate usrmerged rootfs Only use network where needed via new bldr, pre-download Go dependencies in prepare step, improve Go cache Bump xen-guest-agent to make it build with current Alpine Rust Signed-off-by: Dmitry Sharshakov <dmitry.sharshakov@siderolabs.com>	2025-02-10 16:00:19 +01:00
Andrey Smirnov	e5544b5363	feat: update dependencies ... ``` | Package | Type | Update | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---|---|---| | cgr.dev/chainguard/wolfi-base | | digest | `8dd9cea` -> `3b271f8` | | | | | | [containerd/stargz-snapshotter](https://redirect.github.com/containerd/stargz-snapshotter) | | patch | `v0.16.2` -> `v0.16.3` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [containers/crun](https://redirect.github.com/containers/crun) | | minor | `1.18.2` -> `1.19.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | git://git.kernel.org/pub/scm/libs/libcap/libcap.git | | minor | `2.72` -> `2.73` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | golang.org/x/sys | require | minor | `v0.27.0` -> `v0.28.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [https://github.com/containerd/runwasi.git](https://redirect.github.com/containerd/runwasi) | | minor | `v0.4.0` -> `v0.5.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [https://github.com/qemu/qemu.git](https://redirect.github.com/qemu/qemu) | | minor | `9.1.2` -> `9.2.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [https://gitlab.gnome.org/GNOME/glib.git](https://gitlab.gnome.org/GNOME/glib) | | minor | `2.82.0` -> `2.83.2` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [kubernetes/cloud-provider-aws](https://redirect.github.com/kubernetes/cloud-provider-aws) | | patch | `v1.31.1` -> `v1.31.4` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [open-iscsi/open-isns](https://redirect.github.com/open-iscsi/open-isns) | | minor | `0.102` -> `0.103` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [siderolabs/talos-metal-agent](https://redirect.github.com/siderolabs/talos-metal-agent) | | patch | `v0.1.0-beta.0` -> `v0.1.0-beta.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [tailscale/tailscale](https://redirect.github.com/tailscale/tailscale) | | minor | `1.76.6` -> `1.78.1` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-12-26 16:20:59 +04:00
Andrey Smirnov	c5fa260bd8	feat: bump dependencies ... ``` | Package | Update | Change | |---|---|---| | [containerd/stargz-snapshotter](https://redirect.github.com/containerd/stargz-snapshotter) | minor | `v0.15.1` -> `v0.16.2` | | [containers/crun](https://redirect.github.com/containers/crun) | minor | `1.17` -> `1.18.2` | | git://git.kernel.org/pub/scm/libs/libcap/libcap.git | minor | `2.70` -> `2.72` | | git://sourceware.org/git/elfutils.git | minor | `0.191` -> `0.192` | | [google/gvisor](https://redirect.github.com/google/gvisor) | minor | `20241007.0` -> `20241118.0` | | [https://github.com/qemu/qemu.git](https://redirect.github.com/qemu/qemu) | patch | `9.1.0` -> `9.1.2` | | [https://github.com/spinkube/containerd-shim-spin.git](https://redirect.github.com/spinkube/containerd-shim-spin) | minor | `v0.16.0` -> `v0.17.0` | | [tailscale/tailscale](https://redirect.github.com/tailscale/tailscale) | patch | `1.76.0` -> `1.76.6` | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-11-28 17:52:13 +04:00
Andrey Smirnov	862d0ac63d	feat: update dependencies ... ``` | Package | Update | Change | |---|---|---| | [containers/crun](https://redirect.github.com/containers/crun) | minor | `1.16.1` -> `1.17` | | [google/gvisor](https://redirect.github.com/google/gvisor) | minor | `20240826.0` -> `20241007.0` | | [https://github.com/spinkube/containerd-shim-spin.git](https://redirect.github.com/spinkube/containerd-shim-spin) | minor | `v0.15.1` -> `v0.16.0` | | [kubernetes/cloud-provider-aws](https://redirect.github.com/kubernetes/cloud-provider-aws) | patch | `v1.31.0` -> `v1.31.1` | | [tailscale/tailscale](https://redirect.github.com/tailscale/tailscale) | minor | `1.72.1` -> `1.76.0` | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-10-18 15:32:24 +04:00
Andrey Smirnov	11f48c567f	fix: image reproducibility with finalize ... See https://github.com/tonistiigi/fsutil/issues/207 The result of this issue is that we can't use `finalize` steps where destination is a directory, so refactor things to pull in such steps into the `install` step. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-09-16 21:03:24 +04:00
Andrey Smirnov	4563de58b2	feat: bump dependencies ... Rekres, bump Go deps. ``` | Package | Update | Change | |---|---|---| | [containers/crun](https://togithub.com/containers/crun) | patch | `1.16` -> `1.16.1` | | [intel/Intel-Linux-Processor-Microcode-Data-Files](https://togithub.com/intel/Intel-Linux-Processor-Microcode-Data-Files) | minor | `20240531` -> `20240813` | | [kubernetes/cloud-provider-aws](https://togithub.com/kubernetes/cloud-provider-aws) | minor | `v1.30.3` -> `v1.31.0` | | [tailscale/tailscale](https://togithub.com/tailscale/tailscale) | minor | `1.70.0` -> `1.72.1` | | cgr.dev/chainguard/wolfi-base | | digest | `bf0547b` -> `72c8bfe` | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-08-29 18:49:30 +04:00
Dmitriy Matrenichev	d6c324dc1f	chore: bump deps ... - run rekres - siderolabs/pkgs to v1.8.0-alpha.0-41-ga97d58f - golang.org/x/sys to v0.23.0 - linux firmware to 20240709 - google/gvisor to 20240729.0 - cloud-provider-aws to v1.30.3 - containerd-shim-spin to v0.15.1 - qemu to 9.0.2 - glib to 2.81.1 - siderolabs/talos-vmtoolsd to v0.6.0 - tailscale/tailscale to 1.70.0 - util-linux to 2.40.2 Signed-off-by: Dmitriy Matrenichev <dmitry.matrenichev@siderolabs.com>	2024-08-06 22:34:19 +03:00
Noel Georgi	d6773dd25a	chore: bump deps ... Bump dependencies Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-07-05 16:07:09 +05:30
Mike Beaumont	f0b6082466	chore: bump tailscale to v1.68.1 ... To mitigate security vulnerability: https://tailscale.com/security-bulletins#ts-2024-005 Signed-off-by: Mike Beaumont <mjboamail@gmail.com> Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-06-21 19:54:17 +05:30
Noel Georgi	5904e12cec	chore: add cache paths for go builds ... Add cache paths for go based builds. Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-06-14 18:55:05 +08:00
Noel Georgi	d07caf7eed	chore: add extensions validator ... Add validation for extensions rootfs and names. Fixes: #379 Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-05-23 21:29:10 +05:30
Andrey Smirnov	2f97116a50	feat: update dependencies ... ``` | Package | Update | Change | |---|---|---| | [https://github.com/qemu/qemu.git](https://togithub.com/qemu/qemu) | patch | `8.2.2` -> `8.2.3` | | [kubernetes/cloud-provider-aws](https://togithub.com/kubernetes/cloud-provider-aws) | minor | `v1.28.1` -> `v1.30.0` | | [tailscale/tailscale](https://togithub.com/tailscale/tailscale) | minor | `1.62.1` -> `1.64.2` | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-05-09 21:28:23 +04:00
Mathieu Dallaire	69fe96ccc3	docs: improve ExtensionServiceConfig docs ... improve `ExtensionServiceConfig` docs. Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-04-25 18:42:54 +05:30
Noel Georgi	eb79cf81c2	chore: bump dependencies ... Bump dependencies and bring in stable pkgs. Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-04-02 19:17:14 +05:30
Andrey Smirnov	ba40f6e508	feat: update Go to 1.22.1, update releases ... ``` | Package | Update | Change | |---|---|---| | git://git.kernel.org/pub/scm/utils/mdadm/mdadm.git | minor | `4.2` -> `4.3` | | git://sourceware.org/git/elfutils.git | minor | `0.190` -> `0.191` | | [https://github.com/qemu/qemu.git](https://togithub.com/qemu/qemu) | patch | `8.2.1` -> `8.2.2` | | [tailscale/tailscale](https://togithub.com/tailscale/tailscale) | patch | `1.60.0` -> `1.60.1` | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-03-07 16:02:21 +04:00
Noel Georgi	9cdf805a5d	chore: bump dependencies ... Bump dependencies. Use [go1.20 for building nvidia stuff](https://github.com/NVIDIA/nvidia-container-toolkit/issues/372). Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-02-21 23:47:01 +05:30
Noel Georgi	c677b87c58	feat: use ExtensionServiceConfig document ... Use `ExtensionServiceConfig` document for extensions using `.machine.files` or `environmentFile`. Ref: https://github.com/siderolabs/talos/pull/8273 Signed-off-by: Noel Georgi <git@frezbo.dev>	2024-02-15 20:42:20 +05:30
Andrey Smirnov	056e5a831a	chore: bump dependencies ... * Linux Firmware: 20240115 * DRBD: 9.2.7 * gvisor: 20240109.0 * QEMU: 8.2.0 * Tailscale: 1.56.1 Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2024-01-17 19:21:05 +04:00
Andrey Smirnov	9a57c65d10	feat: bump dependencies ... Update pkgs. ``` | Package | Update | Change | |---|---|---| | [containerd/stargz-snapshotter](https://togithub.com/containerd/stargz-snapshotter) | minor | `v0.14.3` -> `v0.15.1` | | [https://github.com/qemu/qemu.git](https://togithub.com/qemu/qemu) | patch | `8.1.1` -> `8.1.2` | | [https://gitlab.gnome.org/GNOME/glib.git](https://gitlab.gnome.org/GNOME/glib) | patch | `2.78.0` -> `2.78.1` | | [networkupstools/nut](https://togithub.com/networkupstools/nut) | patch | `2.8.0` -> `v2.8.1` | | [tailscale/tailscale](https://togithub.com/tailscale/tailscale) | minor | `1.50.0` -> `1.54.0` | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2023-11-21 17:40:45 +04:00
Andrey Smirnov	0ba9f81043	docs: update documentation on installing extensions ... Remove deprecated `.machine.install.extensions`, point to Talos documentation. Once Image Factory is live, we can point to it. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2023-09-29 22:49:23 +04:00
Andrey Smirnov	ad30c330cd	feat: update releases ... ``` | Package | Update | Change | |---|---|---| | [https://github.com/qemu/qemu.git](https://togithub.com/qemu/qemu) | patch | `8.1.0` -> `8.1.1` | | [https://gitlab.gnome.org/GNOME/glib.git](https://gitlab.gnome.org/GNOME/glib) | minor | `2.77.3` -> `2.78.0` | | [nvidia/open-gpu-kernel-modules](https://togithub.com/nvidia/open-gpu-kernel-modules) | minor | `535.54.03` -> `535.113.01` | | [siderolabs/bldr](https://togithub.com/siderolabs/bldr) | patch | `v0.2.1` -> `v0.2.2` | | [tailscale/tailscale](https://togithub.com/tailscale/tailscale) | minor | `1.48.1` -> `1.50.0` | | [xenserver/xe-guest-utilities](https://togithub.com/xenserver/xe-guest-utilities) | patch | `8.3.0` -> `8.3.1` | ``` Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2023-09-27 21:15:47 +04:00
Noel Georgi	d9145f9b6b	chore: bump deps ... | Package | Update | Change | |---|---|---| | [https://github.com/qemu/qemu.git](https://togithub.com/qemu/qemu) | minor | `8.0.2` -> `v8.1.0` | | [https://gitlab.com/nvidia/container-toolkit/container-toolkit.git](https://gitlab.com/nvidia/container-toolkit/container-toolkit) | minor | `v1.13.5` -> `v1.14.0` | | [https://gitlab.com/nvidia/container-toolkit/libnvidia-container.git](https://gitlab.com/nvidia/container-toolkit/libnvidia-container) | minor | `v1.13.5` -> `v1.14.0` | | [https://gitlab.gnome.org/GNOME/glib.git](https://gitlab.gnome.org/GNOME/glib) | minor | `2.76.3` -> `2.77.3` | | [siderolabs/bldr](https://togithub.com/siderolabs/bldr) | patch | `v0.2.0` -> `v0.2.1` | | [tailscale/tailscale](https://togithub.com/tailscale/tailscale) | minor | `1.46.1` -> `1.48.1` | Also fix the wolfi-base variable to get renovate updates. Signed-off-by: Noel Georgi <git@frezbo.dev>	2023-09-04 23:37:48 +05:30
Andrey Smirnov	67ee9e3b3e	feat: microcode updates ... AMD ucode (via Linux firmware). Intel: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 Tailscale: 1.46.1 Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>	2023-08-09 16:18:38 +04:00
Caleb Woodbine	7ca8a0f04a	fix(docs): readability for Tailscale docs ... use list to highlight env vars Signed-off-by: Caleb Woodbine <calebwoodbine.public@gmail.com>	2023-08-03 14:03:53 +05:30
beau trepp	6c502e1095	feat: tailscale extension ... Tailscale as a system service extension. Creates network devices in the talos 'host' Requires: https://github.com/siderolabs/talos/pull/7408 Signed-off-by: Noel Georgi <git@frezbo.dev> Signed-off-by: beau trepp <beautrepp@gmail.com> Signed-off-by: Noel Georgi <git@frezbo.dev>	2023-06-28 21:01:27 +05:30