From 5d4b96b8f25a46f406af2c752e40b5ec7b140739 Mon Sep 17 00:00:00 2001
From: David Anderson <dave@natulte.net>
Date: Tue, 18 Feb 2020 13:30:54 -0800
Subject: [PATCH] tailscaled: add a systemd unit.

Signed-off-by: David Anderson <dave@natulte.net>
---
 cmd/tailscaled/tailscaled.defaults |  8 ++++++++
 cmd/tailscaled/tailscaled.service  | 23 +++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 cmd/tailscaled/tailscaled.defaults
 create mode 100644 cmd/tailscaled/tailscaled.service

diff --git a/cmd/tailscaled/tailscaled.defaults b/cmd/tailscaled/tailscaled.defaults
new file mode 100644
index 000000000..144ddd51c
--- /dev/null
+++ b/cmd/tailscaled/tailscaled.defaults
@@ -0,0 +1,8 @@
+# Set the port to listen on for incoming VPN packets.
+# Remote nodes will automatically be informed about the new port number,
+# but you might want to configure this in order to set external firewall
+# settings.
+PORT="41641"
+
+# Extra flags you might want to pass to relaynode.
+FLAGS=""
diff --git a/cmd/tailscaled/tailscaled.service b/cmd/tailscaled/tailscaled.service
new file mode 100644
index 000000000..809977dbd
--- /dev/null
+++ b/cmd/tailscaled/tailscaled.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Tailscale node agent
+Documentation=https://tailscale.com/kb/
+Wants=network-pre.target
+After=network-pre.target
+
+[Service]
+EnvironmentFile=/etc/default/tailscaled
+ExecStart=/usr/sbin/tailscaled --state=/var/lib/tailscale/tailscaled.state --socket=/run/tailscale/tailscaled.sock --port=$PORT $FLAGS
+
+Restart=on-failure
+StartLimitIntervalSec=0
+
+RuntimeDirectory=tailscale
+RuntimeDirectoryMode=0755
+StateDirectory=tailscale
+StateDirectoryMode=0750
+# TODO(danderson): make a less privileged user and grant pinhole CAP_*.
+User=root
+Group=root
+
+[Install]
+WantedBy=multi-user.target