Merge pull request #46 from agentsea/feature-support_tailscale_and_headscale_for_vpn

Feature: support tailscale and headscale for vpn

Author: philippschroeppel

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "nebulous"
-version = "0.1.89"
+version = "0.1.90"
 edition = "2021"
 description = "A globally distributed container orchestrator"
 license = "MIT"
@@ -76,6 +76,7 @@ ed25519-dalek = "2"
 openai-api-rs = "6.0.3"
 async-ssh2-tokio = "0.8.14"
 tailscale-client = "0.1.5"
+headscale-client = { git = "https://github.com/philippschroeppel/headscale.rs.git" }
 http-body = "1.0.1"
 hickory-server = "0.25.1"
 warp = "0.3.7"

src/config.rs

@@ -152,15 +152,11 @@ pub struct ServerConfig {
     pub message_queue_type: String,
     pub redis: RedisConfig,
     pub kafka: KafkaConfig,
-
-    pub tailscale: Option<TailscaleConfig>,
-
+    pub vpn: VpnConfig,
     pub auth: ServerAuthConfig,
-
     pub bucket_name: String,
     pub bucket_region: String,
     pub root_owner: String,
-
     pub publish_url: Option<String>,
 }
 
@@ -251,12 +247,6 @@ impl KafkaConfig {
     }
 }
 
-#[derive(Debug, Clone)]
-pub struct TailscaleConfig {
-    pub api_key: String,
-    pub tailnet: String,
-}
-
 #[derive(Debug, Clone)]
 pub struct ServerAuthConfig {
     pub internal: bool,
@@ -280,6 +270,33 @@ impl ServerAuthConfig {
     }
 }
 
+#[derive(Debug, Clone)]
+pub struct VpnConfig {
+    pub provider: String,
+    pub api_key: Option<String>,
+    pub tailnet: Option<String>,
+    pub login_server: Option<String>,
+    pub organization: Option<String>,
+}
+
+impl VpnConfig {
+    pub fn new() -> Self {
+        dotenv().ok();
+        let provider = env::var("VPN_PROVIDER").unwrap_or_else(|_| "tailscale".to_string());
+        let api_key = env::var("TS_APIKEY").ok();
+        let tailnet = env::var("TS_TAILNET").ok();
+        let organization = env::var("TS_ORGANIZATION").ok();
+        let login_server = env::var("TS_LOGIN_SERVER").ok();
+        Self {
+            provider,
+            api_key,
+            tailnet,
+            login_server,
+            organization,
+        }
+    }
+}
+
 impl ServerConfig {
     pub fn new() -> Self {
         dotenv().ok();
@@ -307,25 +324,19 @@ impl ServerConfig {
             Err(_) => "redis".to_string(),
         };
 
-
         let redis = RedisConfig::new();
         let kafka = KafkaConfig::new();
-
-        let tailscale = match (env::var("TS_API_KEY"), env::var("TS_TAILNET")) {
-            (Ok(api_key), Ok(tailnet)) => Some(TailscaleConfig { api_key, tailnet }),
-            _ => None,
-        };
-
+        let vpn = VpnConfig::new();
+        
         let auth = ServerAuthConfig::new();
 
         Self {
             database_url,
             message_queue_type,
             redis,
             kafka,
-            tailscale,
+            vpn,
             auth,
-            // TODO: Move this to dedicated config
             bucket_name: env::var("NEBU_BUCKET_NAME")
                 .unwrap_or_else(|_| panic!("NEBU_BUCKET_NAME environment variable must be set")),
             bucket_region: env::var("NEBU_BUCKET_REGION")
@@ -339,4 +350,4 @@ impl ServerConfig {
     }
 }
 // Global static CONFIG instance
-pub static SERVER_CONFIG: Lazy<ServerConfig> = Lazy::new(ServerConfig::new);
+pub static SERVER_CONFIG: Lazy<ServerConfig> = Lazy::new(ServerConfig::new);

src/lib.rs

@@ -29,6 +29,7 @@ pub mod streams;
 pub mod utils;
 pub mod validate;
 pub mod volumes;
+pub mod vpn;
 
 use crate::config::SERVER_CONFIG;
 use crate::handlers::v1::namespaces::ensure_namespace;

src/main.rs

@@ -21,6 +21,11 @@ async fn main() -> Result<(), Box<dyn Error>> {
     // Initialize tracing
     tracing_subscriber::fmt::init();
 
+    // Initialize VPN client
+    if let Err(e) = nebulous::vpn::init_vpn_from_config().await {
+        eprintln!("Failed to initialize VPN client: {}", e);
+    }
+
     // Parse command-line arguments
     let cli = Cli::parse();
 

src/proxy/containers.rs

@@ -3,7 +3,7 @@ use crate::models::V1UserProfile;
 use crate::proxy::authz::evaluate_authorization_rules;
 use crate::proxy::meters::{send_request_metrics, send_response_metrics};
 use crate::query::Query;
-use crate::resources::v1::containers::base::get_tailscale_device_name;
+use crate::resources::v1::containers::base::get_vpn_device_name;
 use crate::AppState;
 use axum::body::Body;
 use axum::http::Uri;
@@ -128,7 +128,7 @@ pub async fn forward_container(
 
     let hostname = match container_model.tailnet_ip {
         Some(ip) => ip,
-        None => get_tailscale_device_name(&container_model).await,
+        None => get_vpn_device_name(&container_model).await,
     };
 
     debug!("[PROXY] Hostname: {hostname}");