mirror of
https://github.com/siderolabs/extensions.git
synced 2026-05-05 12:16:46 +02:00
fb4eb042d7
Consolidate extension services to be self contained, don't pollute rootfs or mount up libraries from host unless absolutely needed. Fixes: #876 Fixes: https://github.com/siderolabs/talos/issues/12667 Signed-off-by: Noel Georgi <git@frezbo.dev>
48 lines
1020 B
YAML
48 lines
1020 B
YAML
name: tailscale
|
|
depends:
|
|
- service: cri
|
|
- network:
|
|
- addresses
|
|
- connectivity
|
|
- etcfiles
|
|
- configuration: true
|
|
container:
|
|
entrypoint: /usr/local/bin/containerboot
|
|
environment:
|
|
- PATH=/sbin:/usr/local/bin
|
|
- TS_SOCKET=/var/run/tailscale/tailscaled.sock
|
|
- TS_STATE_DIR=/var/lib/tailscale
|
|
- TS_USERSPACE=false
|
|
security:
|
|
writeableRootfs: false
|
|
writeableSysfs: true
|
|
mounts:
|
|
## Tailscale needs to write to this to create the interfaces
|
|
- source: /dev/net/tun
|
|
destination: /dev/net/tun
|
|
type: bind
|
|
options:
|
|
- bind
|
|
- rw
|
|
## Tailscale socket
|
|
- source: /var/run/tailscale
|
|
destination: /var/run/tailscale
|
|
type: bind
|
|
options:
|
|
- bind
|
|
- rw
|
|
## Tailscale state. Particularly its 'auth' state
|
|
- source: /var/lib/tailscale
|
|
destination: /var/lib/tailscale
|
|
type: bind
|
|
options:
|
|
- bind
|
|
- rw
|
|
- source: /etc/ssl/certs
|
|
destination: /etc/ssl/certs
|
|
type: bind
|
|
options:
|
|
- rbind
|
|
- ro
|
|
restart: always
|