Convert into Dev Container feature

.github/workflows/release.yaml

@@ -0,0 +1,18 @@
+name: Release Dev Container feature
+on:
+  workflow_dispatch:
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Publish Features
+        uses: devcontainers/action@v1
+        with:
+          publish-features: "true"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+permissions:
+  contents: read
+  packages: write

README.md

@@ -1,14 +1,27 @@
-# Codespace with Tailscale connectivity
-This repository contains a simple [codespace devcontainer](https://github.com/features/codespaces)
-which can connect the running VM to a [Tailscale network](https://tailscale.com). To use it
-you need to be a member of a GitHub Organization which has Codespaces enabled. When you
-click on the Code button you should see a second tab with an option to start up
-a new codespace.
+# Codespace feature for Tailscale connectivity
+
+This repository contains a feature for [GitHub Codespaces](https://github.com/features/codespaces)
+to connect the running VM to a [Tailscale network](https://tailscale.com).
 
 ![Start a new codespace](codespace.jpg)
 
-You need to create a [Reusable Authkey](https://login.tailscale.com/admin/settings/authkeys)
-for your Tailnet and add it as a [Codespaces Secret](https://github.com/settings/codespaces)
-named `TAILSCALE_AUTHKEY`.
+To get started, add the following [feature](https://docs.github.com/en/codespaces/setting-up-your-project-for-codespaces/adding-features-to-a-devcontainer-file)
+to your `devcontainer.json`:
+
+```json
+"runArgs": ["--device=/dev/net/tun"],
+"features": {
+  // ...
+  "ghcr.io/tailscale/codespace/tailscale": {}
+  // ...
+}
+```
+
+Then launch your Codespace. After it starts up, run [`tailscale up`](https://tailscale.com/kb/1080/cli/#up):
+
+```shell
+sudo tailscale up --accept-routes
+```
 
-Then launch your codespace!
+You'll only need to run `tailscale up` once per Codespace.
+The Tailscale state will be saved between rebuilds.

tailscale/devcontainer-feature.json

@@ -0,0 +1,16 @@
+{
+  "name": "Tailscale",
+  "id": "tailscale",
+  "description": "Connect to your tailnet in your development container",
+  "documentationURL": "https://tailscale.com/kb/1160/github-codespaces/",
+  "licenseURL": "https://github.com/tailscale/codespace/blob/main/LICENSE",
+  "entrypoint": "/usr/local/sbin/tailscaled-entrypoint",
+  "capAdd": ["NET_ADMIN", "NET_RAW"],
+  "options": {
+    "version": {
+      "type": "string",
+      "default": "1.34.0",
+      "description": "Version of Tailscale to download"
+    }
+  }
+}

tailscale/install.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+# Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+set -euo pipefail
+
+tailscale_url="https://pkgs.tailscale.com/stable/tailscale_${VERSION}_amd64.tgz"
+
+download() {
+  if command -v curl >& /dev/null; then
+    curl -fsSL "$1"
+  elif command -v wget >& /dev/null; then
+    wget -qO - "$1"
+  else
+    echo "Must install curl or wget to download $1" 1>&2
+    return 1
+  fi
+}
+
+script_dir="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+scratch_dir="/tmp/tailscale"
+mkdir -p "$scratch_dir"
+trap 'rm -rf "$scratch_dir"' EXIT
+
+download "$tailscale_url" |
+  tar -xzf - --strip-components=1 -C "$scratch_dir"
+install "$scratch_dir/tailscale" /usr/local/bin/tailscale
+install "$scratch_dir/tailscaled" /usr/local/sbin/tailscaled
+install "$script_dir/tailscaled-entrypoint.sh" /usr/local/sbin/tailscaled-entrypoint
+
+mkdir -p /var/lib/tailscale /var/run/tailscale
+
+if ! command -v iptables >& /dev/null; then
+  if command -v apt-get >& /dev/null; then
+    apt-get update
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends iptables
+    rm -rf /var/lib/apt/lists/*
+  else
+    echo "WARNING: iptables not installed. tailscaled might fail."
+  fi
+fi

tailscale/tailscaled-entrypoint.sh

@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+# Copyright (c) 2022 Tailscale Inc & AUTHORS All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+set -euxo pipefail
+
+if [[ "$(id -u)" -eq 0 ]]; then
+  mkdir -p /workspaces/.tailscale || true
+  /usr/local/sbin/tailscaled \
+    --statedir=/workspaces/.tailscale/ \
+    --socket=/var/run/tailscale/tailscaled.sock \
+    --port=41641 \
+    >& /dev/null &
+elif command -v sudo >& /dev/null; then
+  sudo --non-interactive sh -c 'mkdir -p /workspaces/.tailscale ; /usr/local/sbin/tailscaled \
+    --statedir=/workspaces/.tailscale/ \
+    --socket=/var/run/tailscale/tailscaled.sock \
+    --port=41641 >& /dev/null' &
+else
+  echo "tailscaled could not start as root." 1>&2
+fi
+
+exec "$@"