From d359afdae1cd0b503d2dcdacb73079fec81318df Mon Sep 17 00:00:00 2001 From: "Community Hass.io Add-ons Bot" Date: Mon, 23 Oct 2023 20:46:31 +0000 Subject: [PATCH] :tada: Release of add-on Tailscale 0.13.0 --- README.md | 6 +-- tailscale/CHANGELOG.md | 69 ++++-------------------- tailscale/DOCS.md | 95 +++++++++++++++------------------- tailscale/README.md | 4 +- tailscale/config.yaml | 4 +- tailscale/translations/en.yaml | 8 +-- 6 files changed, 62 insertions(+), 124 deletions(-) diff --git a/README.md b/README.md index a7afedaa..04aa4ebd 100644 --- a/README.md +++ b/README.md @@ -921,10 +921,10 @@ SOFTWARE. [vscode-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg [vscode-armv7-shield]: https://img.shields.io/badge/armv7-no-red.svg [vscode-i386-shield]: https://img.shields.io/badge/i386-no-red.svg -[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/v0.12.0 -[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/v0.12.0/README.md +[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/v0.13.0 +[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/v0.13.0/README.md [tailscale-issue]: https://github.com/hassio-addons/addon-tailscale/issues -[tailscale-version-shield]: https://img.shields.io/badge/version-v0.12.0-blue.svg +[tailscale-version-shield]: https://img.shields.io/badge/version-v0.13.0-blue.svg [tailscale-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg [tailscale-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg [tailscale-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg diff --git a/tailscale/CHANGELOG.md b/tailscale/CHANGELOG.md index c007f0d8..7e3f34fc 100644 --- a/tailscale/CHANGELOG.md +++ b/tailscale/CHANGELOG.md @@ -1,75 +1,24 @@ ## What’s changed -Major updates and tons of new features! +## 🚨 Breaking changes -Special thanks to @lmagyar, @willnorris, @reey and @bitfliq for their contributions and work on this ❤️ - -## ✨ New features - -- Make exit node advertisement configurable @frenck ([#183](https://github.com/hassio-addons/addon-tailscale/pull/183)) -- Make Taildrop configurable @frenck ([#185](https://github.com/hassio-addons/addon-tailscale/pull/185)) -- Drop userspace networking @frenck ([#181](https://github.com/hassio-addons/addon-tailscale/pull/181)) -- Make accepting magicDNS optional @frenck ([#194](https://github.com/hassio-addons/addon-tailscale/pull/194)) -- Enable Tailscale's builtin inbound HTTPS proxy @lmagyar ([#137](https://github.com/hassio-addons/addon-tailscale/pull/137)) -- Enable Tailscale's Funnel feature @lmagyar ([#197](https://github.com/hassio-addons/addon-tailscale/pull/197)) -- make accepting subnet routes optional @willnorris ([#252](https://github.com/hassio-addons/addon-tailscale/pull/252)) -- Make userspace networking configurable @lmagyar ([#199](https://github.com/hassio-addons/addon-tailscale/pull/199)) -- Make advertise routes configurable @lmagyar ([#253](https://github.com/hassio-addons/addon-tailscale/pull/253)) -- Clamp the MSS to the MTU for all advertised subnet's interface @lmagyar ([#222](https://github.com/hassio-addons/addon-tailscale/pull/222)) -- Make subnet source NAT configurable @lmagyar ([#223](https://github.com/hassio-addons/addon-tailscale/pull/223)) +- Proxy and Funnel are disabled by default @lmagyar ([#273](https://github.com/hassio-addons/addon-tailscale/pull/273)) +- Drop support for armhf & i386 @frenck ([#282](https://github.com/hassio-addons/addon-tailscale/pull/282)) ## 🐛 Bug fixes -- Fix login-server option @reey ([#184](https://github.com/hassio-addons/addon-tailscale/pull/184)) -- Remove duplicate status checks from dependent S6 services @lmagyar ([#196](https://github.com/hassio-addons/addon-tailscale/pull/196)) +- Fix local subnet protection @lmagyar ([#275](https://github.com/hassio-addons/addon-tailscale/pull/275)) ## 🚀 Enhancements -- Create fallback page for iOS browsers failing to open Tailscale login page @bitfliq ([#198](https://github.com/hassio-addons/addon-tailscale/pull/198)) -- Do not opt out of client log upload in debug log level @lmagyar ([#212](https://github.com/hassio-addons/addon-tailscale/pull/212)) -- Warn about key expiration @lmagyar ([#255](https://github.com/hassio-addons/addon-tailscale/pull/255)) -- Use new .Self.CapMap in status JSON for HTTPS support check @lmagyar ([#260](https://github.com/hassio-addons/addon-tailscale/pull/260)) -- Protect local subnets from being routed toward Tailscale subnets if they collide @lmagyar ([#201](https://github.com/hassio-addons/addon-tailscale/pull/201)) +- Test Home Assistant's HTTP reverse proxy configuration on add-on startup @lmagyar ([#254](https://github.com/hassio-addons/addon-tailscale/pull/254)) +- Protect local subnets only if accepting routes are enabled @lmagyar ([#283](https://github.com/hassio-addons/addon-tailscale/pull/283)) ## 📚 Documentation -- Add taildrop to example configuration @lmagyar ([#188](https://github.com/hassio-addons/addon-tailscale/pull/188)) -- Device limit update in DOCS.md @lmagyar ([#192](https://github.com/hassio-addons/addon-tailscale/pull/192)) -- Add docs for accept_dns @frenck ([#195](https://github.com/hassio-addons/addon-tailscale/pull/195)) -- Fix CONTRIBUTING Link in README.md @senden9 ([#232](https://github.com/hassio-addons/addon-tailscale/pull/232)) -- Rearrange proxy documentation into alphabetical order @lmagyar ([#240](https://github.com/hassio-addons/addon-tailscale/pull/240)) -- Update Installation section in documentation @lmagyar ([#242](https://github.com/hassio-addons/addon-tailscale/pull/242)) +- Documentation improvements @lmagyar ([#274](https://github.com/hassio-addons/addon-tailscale/pull/274)) ## ⬆️ Dependency updates -- ⬆️ Update Add-on base image to v13.2.2 @renovate ([#189](https://github.com/hassio-addons/addon-tailscale/pull/189)) -- ⬆️ Update tailscale/tailscale to v1.40.0 @renovate ([#191](https://github.com/hassio-addons/addon-tailscale/pull/191)) -- ⬆️ Update tailscale/tailscale to v1.40.1 @renovate ([#200](https://github.com/hassio-addons/addon-tailscale/pull/200)) -- ⬆️ Update Add-on base image to v14 (major) @renovate ([#202](https://github.com/hassio-addons/addon-tailscale/pull/202)) -- ⬆️ Update alpine_3_18/nginx to v1.24.0-r4 @renovate ([#205](https://github.com/hassio-addons/addon-tailscale/pull/205)) -- ⬆️ Update alpine_3_18/nginx to v1.24.0-r5 @renovate ([#206](https://github.com/hassio-addons/addon-tailscale/pull/206)) -- ⬆️ Update tailscale/tailscale to v1.42.0 @renovate ([#207](https://github.com/hassio-addons/addon-tailscale/pull/207)) -- ⬆️ Update alpine_3_18/nginx to v1.24.0-r6 @renovate ([#208](https://github.com/hassio-addons/addon-tailscale/pull/208)) -- ⬆️ Update Add-on base image to v14.0.1 @renovate ([#215](https://github.com/hassio-addons/addon-tailscale/pull/215)) -- ⬆️ Update Add-on base image to v14.0.2 @renovate ([#217](https://github.com/hassio-addons/addon-tailscale/pull/217)) -- ⬆️ Update tailscale/tailscale to v1.44.0 @renovate ([#218](https://github.com/hassio-addons/addon-tailscale/pull/218)) -- ⬆️ Update Add-on base image to v14.0.3 @renovate ([#228](https://github.com/hassio-addons/addon-tailscale/pull/228)) -- ⬆️ Update tailscale/tailscale to v1.44.2 @renovate ([#230](https://github.com/hassio-addons/addon-tailscale/pull/230)) -- ⬆️ Update tailscale/tailscale to v1.46.0 @renovate ([#231](https://github.com/hassio-addons/addon-tailscale/pull/231)) -- ⬆️ Update tailscale/tailscale to v1.46.1 @renovate ([#234](https://github.com/hassio-addons/addon-tailscale/pull/234)) -- ⬆️ Update Add-on base image to v14.0.5 @renovate ([#233](https://github.com/hassio-addons/addon-tailscale/pull/233)) -- ⬆️ Update Add-on base image to v14.0.6 @renovate ([#235](https://github.com/hassio-addons/addon-tailscale/pull/235)) -- ⬆️ Update Add-on base image to v14.0.7 @renovate ([#237](https://github.com/hassio-addons/addon-tailscale/pull/237)) -- ⬆️ Update Add-on base image to v14.0.8 @renovate ([#238](https://github.com/hassio-addons/addon-tailscale/pull/238)) -- ⬆️ Update Add-on base image to v14.1.0 @renovate ([#241](https://github.com/hassio-addons/addon-tailscale/pull/241)) -- ⬆️ Update tailscale/tailscale to v1.48.0 @renovate ([#243](https://github.com/hassio-addons/addon-tailscale/pull/243)) -- ⬆️ Update tailscale/tailscale to v1.48.1 @renovate ([#245](https://github.com/hassio-addons/addon-tailscale/pull/245)) -- ⬆️ Update tailscale/tailscale to v1.48.2 @renovate ([#256](https://github.com/hassio-addons/addon-tailscale/pull/256)) -- ⬆️ Update Add-on base image to v14.1.1 @renovate ([#257](https://github.com/hassio-addons/addon-tailscale/pull/257)) -- ⬆️ Update tailscale/tailscale to v1.50.0 @renovate ([#259](https://github.com/hassio-addons/addon-tailscale/pull/259)) -- ⬆️ Update ghcr.io/hassio-addons/base/i386 Docker tag to v14.1.3 @renovate ([#261](https://github.com/hassio-addons/addon-tailscale/pull/261)) -- ⬆️ Update Add-on base image to v14.1.3 @renovate ([#262](https://github.com/hassio-addons/addon-tailscale/pull/262)) -- ⬆️ Update Add-on base image to v14.2.0 @renovate ([#263](https://github.com/hassio-addons/addon-tailscale/pull/263)) -- ⬆️ Update tailscale/tailscale to v1.50.1 @renovate ([#264](https://github.com/hassio-addons/addon-tailscale/pull/264)) -- ⬆️ Update Add-on base image to v14.2.1 @renovate ([#267](https://github.com/hassio-addons/addon-tailscale/pull/267)) -- ⬆️ Update Add-on base image to v14.2.2 @renovate ([#270](https://github.com/hassio-addons/addon-tailscale/pull/270)) +- ⬆️ Update alpine_3_18/nginx to v1.24.0-r7 @renovate ([#271](https://github.com/hassio-addons/addon-tailscale/pull/271)) +- ⬆️ Update Add-on base image to v14.3.0 @renovate ([#281](https://github.com/hassio-addons/addon-tailscale/pull/281)) diff --git a/tailscale/DOCS.md b/tailscale/DOCS.md index 55c9b7a6..4b92b372 100644 --- a/tailscale/DOCS.md +++ b/tailscale/DOCS.md @@ -28,8 +28,6 @@ however, it is nice to know where you need to go later on. [![Open this add-on in your Home Assistant instance.][addon-badge]][addon] 1. Click the "Install" button to install the add-on. -1. **See the "Option: `proxy`" section of this documentation for the necessary - configuration changes in Home Assistant!** 1. Start the "Tailscale" add-on. 1. Check the logs of the "Tailscale" add-on to see if everything went well. 1. Open the Web UI of the "Tailscale" add-on to complete authentication and @@ -51,9 +49,9 @@ network right from their interface. The add-on exposes "Exit Node" capabilities that you can enable from your -Tailscale account. Additionally, if the Supervisor managed your network ( -which is the default), the add-on will also advertise routes to your -subnets on all supported interfaces to Tailscale. +Tailscale account. Additionally, if the Supervisor managed your network (which +is the default), the add-on will also advertise routes to your subnets on all +supported interfaces to Tailscale. Consider disabling key expiry to avoid losing connection to your Home Assistant device. See [Key expiry][tailscale_info_key_expiry] for more information. @@ -62,13 +60,13 @@ device. See [Key expiry][tailscale_info_key_expiry] for more information. accept_dns: true accept_routes: true advertise_exit_node: true -funnel: true advertise_routes: - 192.168.1.0/24 - fd12:3456:abcd::/64 +funnel: false log_level: info login_server: "https://controlplane.tailscale.com" -proxy: true +proxy: false snat_subnet_routes: true tags: - tag:example @@ -94,7 +92,7 @@ by adding `100.100.100.100` as a DNS server in your Pi-hole or AdGuard Home. This option allows you to accept subnet routes advertised by other nodes in your tailnet. -More information: +More information: [Subnet routers][tailscale_info_subnets] When not set, this option is enabled by default. @@ -105,7 +103,7 @@ This option allows you to advertise this Tailscale instance as an exit node. By setting a device on your network as an exit node, you can use it to route all your public internet traffic as needed, like a consumer VPN. -More information: +More information: [Exit nodes][tailscale_info_exit_nodes] When not set, this option is enabled by default. @@ -132,7 +130,7 @@ This requires Tailscale Proxy to be enabled. **Important:** See also the "Option: `proxy`" section of this documentation for the necessary configuration changes in Home Assistant! -When not set, this option is enabled by default. +When not set, this option is disabled by default. With the Tailscale Funnel feature, you can access your Home Assistant instance from the wider internet using your Tailscale domain (like @@ -149,20 +147,11 @@ proxying for HTTPS communication. More information: [Tailscale Funnel][tailscale_info_funnel] -1. Navigate to the [Access controls page][tailscale_acls] of the admin console, - and add the below policy entries to the policy file. See [Server role - accounts using ACL tags][tailscale_info_acls] for more information. +1. Navigate to the [Access controls page][tailscale_acls] of the admin console: - ```json - { - "nodeAttrs": [ - { - "target": ["autogroup:members"], - "attr": ["funnel"] - } - ] - } - ``` + - Add the required `funnel` node attribute to the tailnet policy file. See + [Tailnet policy file requirement][tailscale_info_funnel_policy_requirement] + for more information. 1. Restart the add-on. @@ -202,36 +191,13 @@ you are troubleshooting. ### Option: `login_server` -This option lets you specify you to specify a custom control server instead of -the default (`https://controlplane.tailscale.com`). This is useful if you -are running your own Tailscale control server, for example, a self-hosted -[Headscale] instance. - -### Option: `userspace_networking` - -The add-on uses [userspace networking mode][tailscale_info_userspace_networking] -to make your Home Assistant instance (and optionally the local subnets) -accessible within your tailnet. - -When not set, this option is enabled by default. - -If you need to access other clients on your tailnet from your Home Assistant -instance, disable userspace networking mode, which will create a `tailscale0` -network interface on your host. - -If you want to access other clients on your tailnet even from your local subnet, -execute steps 2 and 3 as described on [Site-to-site -networking][tailscale_info_site_to_site]. - -In case your local subnets collide with subnet routes within your tailnet, your -local network access has priority, and these addresses won't be routed toward -your tailnet. This will prevent your Home Assistant instance from losing network -connection. This also means that using the same subnet on multiple nodes for load -balancing and failover is impossible with the current add-on behavior. +This option lets you to specify a custom control server instead of the default +(`https://controlplane.tailscale.com`). This is useful if you are running your +own Tailscale control server, for example, a self-hosted [Headscale] instance. ### Option: `proxy` -When not set, this option is enabled by default. +When not set, this option is disabled by default. Tailscale can provide a TLS certificate for your Home Assistant instance within your tailnet domain. @@ -260,7 +226,7 @@ More information: [Enabling HTTPS][tailscale_info_https] 1. Navigate to the [DNS page][tailscale_dns] of the admin console: - - Choose a Tailnet name. + - Choose a tailnet name. - Enable MagicDNS if not already enabled. @@ -288,7 +254,7 @@ only when you really understand why you need this. This option allows you to specify specific ACL tags for this Tailscale instance. They need to start with `tag:`. -More information: +More information: [ACL tags][tailscale_info_acls] ### Option: `taildrop` @@ -300,6 +266,28 @@ When not set, this option is enabled by default. Received files are stored in the `/share/taildrop` directory. +### Option: `userspace_networking` + +The add-on uses [userspace networking mode][tailscale_info_userspace_networking] +to make your Home Assistant instance (and optionally the local subnets) +accessible within your tailnet. + +When not set, this option is enabled by default. + +If you need to access other clients on your tailnet from your Home Assistant +instance, disable userspace networking mode, which will create a `tailscale0` +network interface on your host. + +If you want to access other clients on your tailnet even from your local subnet, +execute steps 2 and 3 as described on [Site-to-site +networking][tailscale_info_site_to_site]. + +In case your local subnets collide with subnet routes within your tailnet, your +local network access has priority, and these addresses won't be routed toward +your tailnet. This will prevent your Home Assistant instance from losing network +connection. This also means that using the same subnet on multiple nodes for load +balancing and failover is impossible with the current add-on behavior. + ## Changelog & Releases This repository keeps a change log using [GitHub's releases][releases] @@ -376,8 +364,11 @@ SOFTWARE. [tailscale_acls]: https://login.tailscale.com/admin/acls [tailscale_dns]: https://login.tailscale.com/admin/dns [tailscale_info_acls]: https://tailscale.com/kb/1068/acl-tags/ +[tailscale_info_exit_nodes]: https://tailscale.com/kb/1103/exit-nodes/ [tailscale_info_funnel]: https://tailscale.com/kb/1223/tailscale-funnel/ +[tailscale_info_funnel_policy_requirement]: https://tailscale.com/kb/1223/tailscale-funnel/#tailnet-policy-file-requirement [tailscale_info_https]: https://tailscale.com/kb/1153/enabling-https/ [tailscale_info_key_expiry]: https://tailscale.com/kb/1028/key-expiry/ [tailscale_info_site_to_site]: https://tailscale.com/kb/1214/site-to-site/ +[tailscale_info_subnets]: https://tailscale.com/kb/1019/subnets/ [tailscale_info_userspace_networking]: https://tailscale.com/kb/1112/userspace-networking/ diff --git a/tailscale/README.md b/tailscale/README.md index 3624a930..3a4692fd 100644 --- a/tailscale/README.md +++ b/tailscale/README.md @@ -45,5 +45,5 @@ If you are more interested in stable releases of our add-ons: [patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png [patreon]: https://www.patreon.com/frenck [project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg -[release-shield]: https://img.shields.io/badge/version-v0.12.0-blue.svg -[release]: https://github.com/hassio-addons/addon-tailscale/tree/v0.12.0 \ No newline at end of file +[release-shield]: https://img.shields.io/badge/version-v0.13.0-blue.svg +[release]: https://github.com/hassio-addons/addon-tailscale/tree/v0.13.0 \ No newline at end of file diff --git a/tailscale/config.yaml b/tailscale/config.yaml index c5147ff6..712918c6 100644 --- a/tailscale/config.yaml +++ b/tailscale/config.yaml @@ -1,5 +1,5 @@ name: Tailscale -version: 0.12.0 +version: 0.13.0 slug: tailscale description: Zero config VPN for building secure networks url: https://github.com/hassio-addons/addon-tailscale @@ -12,9 +12,7 @@ panel_icon: mdi:vpn arch: - aarch64 - amd64 -- armhf - armv7 -- i386 init: false hassio_api: true host_network: true diff --git a/tailscale/translations/en.yaml b/tailscale/translations/en.yaml index 9e583c2a..1c01595c 100644 --- a/tailscale/translations/en.yaml +++ b/tailscale/translations/en.yaml @@ -7,7 +7,7 @@ configuration: disable, you can do so using this option. When not set, this option is enabled by default. accept_routes: - name: Accept Routes + name: Accept routes description: >- This option allows you to accept subnet routes advertised by other nodes in your tailnet. @@ -32,7 +32,7 @@ configuration: This option allows you to enable Tailscale's Funnel feature to present your Home Assistant instance on the wider internet using your Tailscale domain. This requires Tailscale Proxy to be enabled. - When not set, this option is enabled by default. + When not set, this option is disabled by default. log_level: name: Log level description: >- @@ -49,7 +49,7 @@ configuration: description: >- This option allows you to enable Tailscale's Proxy feature to present your Home Assistant instance on your tailnet with a valid certificate. - When not set, this option is enabled by default. + When not set, this option is disabled by default. snat_subnet_routes: name: Source NAT subnet routes description: >- @@ -73,7 +73,7 @@ configuration: name: Userspace networking mode description: >- This option allows you to enable userspace networking mode. - If you need to access other clients on your Tailnet from your Home + If you need to access other clients on your tailnet from your Home Assistant instance, disable userspace networking mode, which will create a `tailscale0` network interface on your host. When not set, this option is enabled by default.