hassio-addons/repository-beta
1
0
Fork 0
mirror of https://github.com/hassio-addons/repository-beta.git synced 2025-05-05 03:21:28 +00:00
Code Issues Projects Releases Packages Wiki Activity

🎉 Release of add-on Tailscale 0.13.0

Browse source
This commit is contained in:
Community Hass.io Add-ons Bot 2023-10-23 20:46:31 +00:00
parent 9f0d93926a
commit d359afdae1
6 changed files with 62 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -921,10 +921,10 @@ SOFTWARE.
[vscode-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg
[vscode-armv7-shield]: https://img.shields.io/badge/armv7-no-red.svg
[vscode-i386-shield]: https://img.shields.io/badge/i386-no-red.svg
[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/v0.12.0
[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/v0.12.0/README.md
[addon-tailscale]: https://github.com/hassio-addons/addon-tailscale/tree/v0.13.0
[addon-doc-tailscale]: https://github.com/hassio-addons/addon-tailscale/blob/v0.13.0/README.md
[tailscale-issue]: https://github.com/hassio-addons/addon-tailscale/issues
[tailscale-version-shield]: https://img.shields.io/badge/version-v0.12.0-blue.svg
[tailscale-version-shield]: https://img.shields.io/badge/version-v0.13.0-blue.svg
[tailscale-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg
[tailscale-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg
[tailscale-armhf-shield]: https://img.shields.io/badge/armhf-no-red.svg

69
tailscale/CHANGELOG.md
View file

@ -1,75 +1,24 @@
## Whats changed
Major updates and tons of new features!
## 🚨 Breaking changes
Special thanks to @lmagyar, @willnorris, @reey and @bitfliq for their contributions and work on this ❤️
## ✨ New features
- Make exit node advertisement configurable @frenck ([#183](https://github.com/hassio-addons/addon-tailscale/pull/183))
- Make Taildrop configurable @frenck ([#185](https://github.com/hassio-addons/addon-tailscale/pull/185))
- Drop userspace networking @frenck ([#181](https://github.com/hassio-addons/addon-tailscale/pull/181))
- Make accepting magicDNS optional @frenck ([#194](https://github.com/hassio-addons/addon-tailscale/pull/194))
- Enable Tailscale's builtin inbound HTTPS proxy @lmagyar ([#137](https://github.com/hassio-addons/addon-tailscale/pull/137))
- Enable Tailscale's Funnel feature @lmagyar ([#197](https://github.com/hassio-addons/addon-tailscale/pull/197))
- make accepting subnet routes optional @willnorris ([#252](https://github.com/hassio-addons/addon-tailscale/pull/252))
- Make userspace networking configurable @lmagyar ([#199](https://github.com/hassio-addons/addon-tailscale/pull/199))
- Make advertise routes configurable @lmagyar ([#253](https://github.com/hassio-addons/addon-tailscale/pull/253))
- Clamp the MSS to the MTU for all advertised subnet's interface @lmagyar ([#222](https://github.com/hassio-addons/addon-tailscale/pull/222))
- Make subnet source NAT configurable @lmagyar ([#223](https://github.com/hassio-addons/addon-tailscale/pull/223))
- Proxy and Funnel are disabled by default @lmagyar ([#273](https://github.com/hassio-addons/addon-tailscale/pull/273))
- Drop support for armhf & i386 @frenck ([#282](https://github.com/hassio-addons/addon-tailscale/pull/282))
## 🐛 Bug fixes
- Fix login-server option @reey ([#184](https://github.com/hassio-addons/addon-tailscale/pull/184))
- Remove duplicate status checks from dependent S6 services @lmagyar ([#196](https://github.com/hassio-addons/addon-tailscale/pull/196))
- Fix local subnet protection @lmagyar ([#275](https://github.com/hassio-addons/addon-tailscale/pull/275))
## 🚀 Enhancements
- Create fallback page for iOS browsers failing to open Tailscale login page @bitfliq ([#198](https://github.com/hassio-addons/addon-tailscale/pull/198))
- Do not opt out of client log upload in debug log level @lmagyar ([#212](https://github.com/hassio-addons/addon-tailscale/pull/212))
- Warn about key expiration @lmagyar ([#255](https://github.com/hassio-addons/addon-tailscale/pull/255))
- Use new .Self.CapMap in status JSON for HTTPS support check @lmagyar ([#260](https://github.com/hassio-addons/addon-tailscale/pull/260))
- Protect local subnets from being routed toward Tailscale subnets if they collide @lmagyar ([#201](https://github.com/hassio-addons/addon-tailscale/pull/201))
- Test Home Assistant's HTTP reverse proxy configuration on add-on startup @lmagyar ([#254](https://github.com/hassio-addons/addon-tailscale/pull/254))
- Protect local subnets only if accepting routes are enabled @lmagyar ([#283](https://github.com/hassio-addons/addon-tailscale/pull/283))
## 📚 Documentation
- Add taildrop to example configuration @lmagyar ([#188](https://github.com/hassio-addons/addon-tailscale/pull/188))
- Device limit update in DOCS.md @lmagyar ([#192](https://github.com/hassio-addons/addon-tailscale/pull/192))
- Add docs for accept_dns @frenck ([#195](https://github.com/hassio-addons/addon-tailscale/pull/195))
- Fix CONTRIBUTING Link in README.md @senden9 ([#232](https://github.com/hassio-addons/addon-tailscale/pull/232))
- Rearrange proxy documentation into alphabetical order @lmagyar ([#240](https://github.com/hassio-addons/addon-tailscale/pull/240))
- Update Installation section in documentation @lmagyar ([#242](https://github.com/hassio-addons/addon-tailscale/pull/242))
- Documentation improvements @lmagyar ([#274](https://github.com/hassio-addons/addon-tailscale/pull/274))
## ⬆️ Dependency updates
- ⬆️ Update Add-on base image to v13.2.2 @renovate ([#189](https://github.com/hassio-addons/addon-tailscale/pull/189))
- ⬆️ Update tailscale/tailscale to v1.40.0 @renovate ([#191](https://github.com/hassio-addons/addon-tailscale/pull/191))
- ⬆️ Update tailscale/tailscale to v1.40.1 @renovate ([#200](https://github.com/hassio-addons/addon-tailscale/pull/200))
- ⬆️ Update Add-on base image to v14 (major) @renovate ([#202](https://github.com/hassio-addons/addon-tailscale/pull/202))
- ⬆️ Update alpine_3_18/nginx to v1.24.0-r4 @renovate ([#205](https://github.com/hassio-addons/addon-tailscale/pull/205))
- ⬆️ Update alpine_3_18/nginx to v1.24.0-r5 @renovate ([#206](https://github.com/hassio-addons/addon-tailscale/pull/206))
- ⬆️ Update tailscale/tailscale to v1.42.0 @renovate ([#207](https://github.com/hassio-addons/addon-tailscale/pull/207))
- ⬆️ Update alpine_3_18/nginx to v1.24.0-r6 @renovate ([#208](https://github.com/hassio-addons/addon-tailscale/pull/208))
- ⬆️ Update Add-on base image to v14.0.1 @renovate ([#215](https://github.com/hassio-addons/addon-tailscale/pull/215))
- ⬆️ Update Add-on base image to v14.0.2 @renovate ([#217](https://github.com/hassio-addons/addon-tailscale/pull/217))
- ⬆️ Update tailscale/tailscale to v1.44.0 @renovate ([#218](https://github.com/hassio-addons/addon-tailscale/pull/218))
- ⬆️ Update Add-on base image to v14.0.3 @renovate ([#228](https://github.com/hassio-addons/addon-tailscale/pull/228))
- ⬆️ Update tailscale/tailscale to v1.44.2 @renovate ([#230](https://github.com/hassio-addons/addon-tailscale/pull/230))
- ⬆️ Update tailscale/tailscale to v1.46.0 @renovate ([#231](https://github.com/hassio-addons/addon-tailscale/pull/231))
- ⬆️ Update tailscale/tailscale to v1.46.1 @renovate ([#234](https://github.com/hassio-addons/addon-tailscale/pull/234))
- ⬆️ Update Add-on base image to v14.0.5 @renovate ([#233](https://github.com/hassio-addons/addon-tailscale/pull/233))
- ⬆️ Update Add-on base image to v14.0.6 @renovate ([#235](https://github.com/hassio-addons/addon-tailscale/pull/235))
- ⬆️ Update Add-on base image to v14.0.7 @renovate ([#237](https://github.com/hassio-addons/addon-tailscale/pull/237))
- ⬆️ Update Add-on base image to v14.0.8 @renovate ([#238](https://github.com/hassio-addons/addon-tailscale/pull/238))
- ⬆️ Update Add-on base image to v14.1.0 @renovate ([#241](https://github.com/hassio-addons/addon-tailscale/pull/241))
- ⬆️ Update tailscale/tailscale to v1.48.0 @renovate ([#243](https://github.com/hassio-addons/addon-tailscale/pull/243))
- ⬆️ Update tailscale/tailscale to v1.48.1 @renovate ([#245](https://github.com/hassio-addons/addon-tailscale/pull/245))
- ⬆️ Update tailscale/tailscale to v1.48.2 @renovate ([#256](https://github.com/hassio-addons/addon-tailscale/pull/256))
- ⬆️ Update Add-on base image to v14.1.1 @renovate ([#257](https://github.com/hassio-addons/addon-tailscale/pull/257))
- ⬆️ Update tailscale/tailscale to v1.50.0 @renovate ([#259](https://github.com/hassio-addons/addon-tailscale/pull/259))
- ⬆️ Update ghcr.io/hassio-addons/base/i386 Docker tag to v14.1.3 @renovate ([#261](https://github.com/hassio-addons/addon-tailscale/pull/261))
- ⬆️ Update Add-on base image to v14.1.3 @renovate ([#262](https://github.com/hassio-addons/addon-tailscale/pull/262))
- ⬆️ Update Add-on base image to v14.2.0 @renovate ([#263](https://github.com/hassio-addons/addon-tailscale/pull/263))
- ⬆️ Update tailscale/tailscale to v1.50.1 @renovate ([#264](https://github.com/hassio-addons/addon-tailscale/pull/264))
- ⬆️ Update Add-on base image to v14.2.1 @renovate ([#267](https://github.com/hassio-addons/addon-tailscale/pull/267))
- ⬆️ Update Add-on base image to v14.2.2 @renovate ([#270](https://github.com/hassio-addons/addon-tailscale/pull/270))
- ⬆️ Update alpine_3_18/nginx to v1.24.0-r7 @renovate ([#271](https://github.com/hassio-addons/addon-tailscale/pull/271))
- ⬆️ Update Add-on base image to v14.3.0 @renovate ([#281](https://github.com/hassio-addons/addon-tailscale/pull/281))

95
tailscale/DOCS.md
View file

@ -28,8 +28,6 @@ however, it is nice to know where you need to go later on.
[![Open this add-on in your Home Assistant instance.][addon-badge]][addon]
1. Click the "Install" button to install the add-on.
1. **See the "Option: `proxy`" section of this documentation for the necessary
configuration changes in Home Assistant!**
1. Start the "Tailscale" add-on.
1. Check the logs of the "Tailscale" add-on to see if everything went well.
1. Open the Web UI of the "Tailscale" add-on to complete authentication and
@ -51,9 +49,9 @@ network right from their interface.
<https://login.tailscale.com/>
The add-on exposes "Exit Node" capabilities that you can enable from your
Tailscale account. Additionally, if the Supervisor managed your network (
which is the default), the add-on will also advertise routes to your
subnets on all supported interfaces to Tailscale.
Tailscale account. Additionally, if the Supervisor managed your network (which
is the default), the add-on will also advertise routes to your subnets on all
supported interfaces to Tailscale.
Consider disabling key expiry to avoid losing connection to your Home Assistant
device. See [Key expiry][tailscale_info_key_expiry] for more information.
@ -62,13 +60,13 @@ device. See [Key expiry][tailscale_info_key_expiry] for more information.
accept_dns: true
accept_routes: true
advertise_exit_node: true
funnel: true
advertise_routes:
- 192.168.1.0/24
- fd12:3456:abcd::/64
funnel: false
log_level: info
login_server: "https://controlplane.tailscale.com"
proxy: true
proxy: false
snat_subnet_routes: true
tags:
- tag:example
@ -94,7 +92,7 @@ by adding `100.100.100.100` as a DNS server in your Pi-hole or AdGuard Home.
This option allows you to accept subnet routes advertised by other nodes in
your tailnet.
More information: <https://tailscale.com/kb/1019/subnets/>
More information: [Subnet routers][tailscale_info_subnets]
When not set, this option is enabled by default.
@ -105,7 +103,7 @@ This option allows you to advertise this Tailscale instance as an exit node.
By setting a device on your network as an exit node, you can use it to
route all your public internet traffic as needed, like a consumer VPN.
More information: <https://tailscale.com/kb/1103/exit-nodes/>
More information: [Exit nodes][tailscale_info_exit_nodes]
When not set, this option is enabled by default.
@ -132,7 +130,7 @@ This requires Tailscale Proxy to be enabled.
**Important:** See also the "Option: `proxy`" section of this documentation for the
necessary configuration changes in Home Assistant!
When not set, this option is enabled by default.
When not set, this option is disabled by default.
With the Tailscale Funnel feature, you can access your Home Assistant instance
from the wider internet using your Tailscale domain (like
@ -149,20 +147,11 @@ proxying for HTTPS communication.
More information: [Tailscale Funnel][tailscale_info_funnel]
1. Navigate to the [Access controls page][tailscale_acls] of the admin console,
and add the below policy entries to the policy file. See [Server role
accounts using ACL tags][tailscale_info_acls] for more information.
1. Navigate to the [Access controls page][tailscale_acls] of the admin console:
```json
{
"nodeAttrs": [
{
"target": ["autogroup:members"],
"attr": ["funnel"]
}
]
}
```
- Add the required `funnel` node attribute to the tailnet policy file. See
[Tailnet policy file requirement][tailscale_info_funnel_policy_requirement]
for more information.
1. Restart the add-on.
@ -202,36 +191,13 @@ you are troubleshooting.
### Option: `login_server`
This option lets you specify you to specify a custom control server instead of
the default (`https://controlplane.tailscale.com`). This is useful if you
are running your own Tailscale control server, for example, a self-hosted
[Headscale] instance.
### Option: `userspace_networking`
The add-on uses [userspace networking mode][tailscale_info_userspace_networking]
to make your Home Assistant instance (and optionally the local subnets)
accessible within your tailnet.
When not set, this option is enabled by default.
If you need to access other clients on your tailnet from your Home Assistant
instance, disable userspace networking mode, which will create a `tailscale0`
network interface on your host.
If you want to access other clients on your tailnet even from your local subnet,
execute steps 2 and 3 as described on [Site-to-site
networking][tailscale_info_site_to_site].
In case your local subnets collide with subnet routes within your tailnet, your
local network access has priority, and these addresses won't be routed toward
your tailnet. This will prevent your Home Assistant instance from losing network
connection. This also means that using the same subnet on multiple nodes for load
balancing and failover is impossible with the current add-on behavior.
This option lets you to specify a custom control server instead of the default
(`https://controlplane.tailscale.com`). This is useful if you are running your
own Tailscale control server, for example, a self-hosted [Headscale] instance.
### Option: `proxy`
When not set, this option is enabled by default.
When not set, this option is disabled by default.
Tailscale can provide a TLS certificate for your Home Assistant instance within
your tailnet domain.
@ -260,7 +226,7 @@ More information: [Enabling HTTPS][tailscale_info_https]
1. Navigate to the [DNS page][tailscale_dns] of the admin console:
- Choose a Tailnet name.
- Choose a tailnet name.
- Enable MagicDNS if not already enabled.
@ -288,7 +254,7 @@ only when you really understand why you need this.
This option allows you to specify specific ACL tags for this Tailscale
instance. They need to start with `tag:`.
More information: <https://tailscale.com/kb/1068/acl-tags/>
More information: [ACL tags][tailscale_info_acls]
### Option: `taildrop`
@ -300,6 +266,28 @@ When not set, this option is enabled by default.
Received files are stored in the `/share/taildrop` directory.
### Option: `userspace_networking`
The add-on uses [userspace networking mode][tailscale_info_userspace_networking]
to make your Home Assistant instance (and optionally the local subnets)
accessible within your tailnet.
When not set, this option is enabled by default.
If you need to access other clients on your tailnet from your Home Assistant
instance, disable userspace networking mode, which will create a `tailscale0`
network interface on your host.
If you want to access other clients on your tailnet even from your local subnet,
execute steps 2 and 3 as described on [Site-to-site
networking][tailscale_info_site_to_site].
In case your local subnets collide with subnet routes within your tailnet, your
local network access has priority, and these addresses won't be routed toward
your tailnet. This will prevent your Home Assistant instance from losing network
connection. This also means that using the same subnet on multiple nodes for load
balancing and failover is impossible with the current add-on behavior.
## Changelog & Releases
This repository keeps a change log using [GitHub's releases][releases]
@ -376,8 +364,11 @@ SOFTWARE.
[tailscale_acls]: https://login.tailscale.com/admin/acls
[tailscale_dns]: https://login.tailscale.com/admin/dns
[tailscale_info_acls]: https://tailscale.com/kb/1068/acl-tags/
[tailscale_info_exit_nodes]: https://tailscale.com/kb/1103/exit-nodes/
[tailscale_info_funnel]: https://tailscale.com/kb/1223/tailscale-funnel/
[tailscale_info_funnel_policy_requirement]: https://tailscale.com/kb/1223/tailscale-funnel/#tailnet-policy-file-requirement
[tailscale_info_https]: https://tailscale.com/kb/1153/enabling-https/
[tailscale_info_key_expiry]: https://tailscale.com/kb/1028/key-expiry/
[tailscale_info_site_to_site]: https://tailscale.com/kb/1214/site-to-site/
[tailscale_info_subnets]: https://tailscale.com/kb/1019/subnets/
[tailscale_info_userspace_networking]: https://tailscale.com/kb/1112/userspace-networking/

4
tailscale/README.md
View file

@ -45,5 +45,5 @@ If you are more interested in stable releases of our add-ons:
[patreon-shield]: https://frenck.dev/wp-content/uploads/2019/12/patreon.png
[patreon]: https://www.patreon.com/frenck
[project-stage-shield]: https://img.shields.io/badge/project%20stage-experimental-yellow.svg
[release-shield]: https://img.shields.io/badge/version-v0.12.0-blue.svg
[release]: https://github.com/hassio-addons/addon-tailscale/tree/v0.12.0
[release-shield]: https://img.shields.io/badge/version-v0.13.0-blue.svg
[release]: https://github.com/hassio-addons/addon-tailscale/tree/v0.13.0

4
tailscale/config.yaml
View file

@ -1,5 +1,5 @@
name: Tailscale
version: 0.12.0
version: 0.13.0
slug: tailscale
description: Zero config VPN for building secure networks
url: https://github.com/hassio-addons/addon-tailscale
@ -12,9 +12,7 @@ panel_icon: mdi:vpn
arch:
- aarch64
- amd64
- armhf
- armv7
- i386
init: false
hassio_api: true
host_network: true

8
tailscale/translations/en.yaml
View file

@ -7,7 +7,7 @@ configuration:
disable, you can do so using this option.
When not set, this option is enabled by default.
accept_routes:
name: Accept Routes
name: Accept routes
description: >-
This option allows you to accept subnet routes advertised by other nodes
in your tailnet.
@ -32,7 +32,7 @@ configuration:
This option allows you to enable Tailscale's Funnel feature to present your
Home Assistant instance on the wider internet using your Tailscale domain.
This requires Tailscale Proxy to be enabled.
When not set, this option is enabled by default.
When not set, this option is disabled by default.
log_level:
name: Log level
description: >-
@ -49,7 +49,7 @@ configuration:
description: >-
This option allows you to enable Tailscale's Proxy feature to present your
Home Assistant instance on your tailnet with a valid certificate.
When not set, this option is enabled by default.
When not set, this option is disabled by default.
snat_subnet_routes:
name: Source NAT subnet routes
description: >-
@ -73,7 +73,7 @@ configuration:
name: Userspace networking mode
description: >-
This option allows you to enable userspace networking mode.
If you need to access other clients on your Tailnet from your Home
If you need to access other clients on your tailnet from your Home
Assistant instance, disable userspace networking mode, which will create a
`tailscale0` network interface on your host.
When not set, this option is enabled by default.