From 4ff6f4de76d0158b87d399093b020a15666d265b Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 17:30:11 +0000
Subject: [PATCH 1/5] feat: add Tailscale operator and DaemonSet

---
 tailscale/namespace.yaml | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 tailscale/namespace.yaml

diff --git a/tailscale/namespace.yaml b/tailscale/namespace.yaml
new file mode 100644
index 0000000..2096bf5
--- /dev/null
+++ b/tailscale/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: tailscale
+  labels:
+    app: tailscale

From b5f7f2bd50933aa6085b702c8e58b6bedd2d2723 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 17:30:11 +0000
Subject: [PATCH 2/5] feat: add Tailscale operator and DaemonSet

---
 tailscale/rbac.yaml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 tailscale/rbac.yaml

diff --git a/tailscale/rbac.yaml b/tailscale/rbac.yaml
new file mode 100644
index 0000000..7a28dc1
--- /dev/null
+++ b/tailscale/rbac.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tailscale
+  namespace: tailscale
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: tailscale
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "services", "endpoints", "namespaces", "secrets"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["tailnet.tailscale.com"]
+    resources: ["*"]
+    verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tailscale
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: tailscale
+subjects:
+  - kind: ServiceAccount
+    name: tailscale
+    namespace: tailscale

From 81fc72b3eb11ca85bd208c0a0d4b290ad4f20be6 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 17:30:12 +0000
Subject: [PATCH 3/5] feat: add Tailscale operator and DaemonSet

---
 tailscale/daemonset.yaml | 56 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 tailscale/daemonset.yaml

diff --git a/tailscale/daemonset.yaml b/tailscale/daemonset.yaml
new file mode 100644
index 0000000..9f154e3
--- /dev/null
+++ b/tailscale/daemonset.yaml
@@ -0,0 +1,56 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: tailscaled
+  namespace: tailscale
+  labels:
+    app: tailscale
+spec:
+  selector:
+    matchLabels:
+      app: tailscale
+  template:
+    metadata:
+      labels:
+        app: tailscale
+    spec:
+      hostNetwork: true
+      serviceAccountName: tailscale
+      containers:
+        - name: tailscale
+          image: tailscale/tailscale:latest
+          env:
+            - name: TS_KUBE_SECRET
+              value: "tailscale-auth"
+            - name: TS_STATE_DIR
+              value: "/var/lib/tailscale"
+          envFrom:
+            - secretRef:
+                name: tailscale-auth
+          volumeMounts:
+            - name: var-lib-tailscale
+              mountPath: /var/lib/tailscale
+            - name: tailscale-tmp
+              mountPath: /tmp
+            - name: dev-tun
+              mountPath: /dev/net/tun
+              readOnly: true
+          securityContext:
+            privileged: true
+            capabilities:
+              add: ["NET_ADMIN", "NET_RAW"]
+          resources:
+            requests:
+              cpu: 50m
+              memory: 100Mi
+            limits:
+              memory: 200Mi
+      volumes:
+        - name: var-lib-tailscale
+          persistentVolumeClaim:
+            claimName: tailscale
+        - name: tailscale-tmp
+          emptyDir: {}
+        - name: dev-tun
+          hostPath:
+            path: /dev/net/tun

From 462eebad61e56ad733711e7aa211dc7d86121068 Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 17:30:12 +0000
Subject: [PATCH 4/5] feat: add Tailscale operator and DaemonSet

---
 tailscale/pvc.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 tailscale/pvc.yaml

diff --git a/tailscale/pvc.yaml b/tailscale/pvc.yaml
new file mode 100644
index 0000000..d931fe0
--- /dev/null
+++ b/tailscale/pvc.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: tailscale
+  namespace: tailscale
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 1Gi

From 5b8af9c5376d38d527f57ca8fa56748d4417a1ed Mon Sep 17 00:00:00 2001
From: gitea-admin <admin@local>
Date: Sat, 9 May 2026 17:30:12 +0000
Subject: [PATCH 5/5] feat: add Tailscale operator and DaemonSet

---
 tailscale/tailnet.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 tailscale/tailnet.yaml

diff --git a/tailscale/tailnet.yaml b/tailscale/tailnet.yaml
new file mode 100644
index 0000000..825cf49
--- /dev/null
+++ b/tailscale/tailnet.yaml
@@ -0,0 +1,13 @@
+apiVersion: tailnet.tailscale.com/v1alpha1
+kind: Tailnet
+metadata:
+  name: talos-cluster
+  namespace: tailscale
+spec:
+  tagExposes: []
+  dnsMode: "Split"
+  users:
+    - name: cluster-admin
+      selector:
+        matchLabels:
+          tailscale.com/managed: "true"