Lumpiasty
43f913cffc
Merge pull request 'Don't rebuild image on paths not included in image' ( #25 ) from fix/skip-builds into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
Reviewed-on: #25
2026-06-12 01:17:34 +00:00
Lumpiasty
43698b733d
Merge pull request 'Add restart policy' ( #24 ) from feat/restart-policy into main
...
ci/woodpecker/push/pr-build Pipeline was canceled
ci/woodpecker/push/release-tag Pipeline was canceled
Reviewed-on: #24
2026-06-12 01:11:38 +00:00
Lumpiasty
ee5ca68fc3
Don't rebuild image on non-included paths
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-12 03:06:58 +02:00
Lumpiasty
8a550f23d8
Add restart policy
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-12 03:02:50 +02:00
Renovate
a34f30483b
Merge pull request 'chore(deps): update golang:1.26.4-alpine docker digest to 7a3e500' ( #23 ) from renovate/golang-1.26.4-alpine into main
ci/woodpecker/push/pr-build Pipeline is running
ci/woodpecker/push/release-tag Pipeline failed
2026-06-12 00:51:22 +00:00
Renovate
26debfaf30
chore(deps): update golang:1.26.4-alpine docker digest to 7a3e500
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-12 00:41:13 +00:00
Lumpiasty
cae5aca3b3
Merge pull request 'Fix renovate identity' ( #22 ) from fix/renovate-identity into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
Reviewed-on: #22
2026-06-12 00:37:23 +00:00
Lumpiasty
16fd2170db
Merge pull request 'chore(deps): update busybox docker tag to v1.38.0' ( #17 ) from renovate/busybox-1.x into main
...
ci/woodpecker/push/pr-build Pipeline was canceled
ci/woodpecker/push/release-tag Pipeline was canceled
Reviewed-on: #17
2026-06-12 00:30:20 +00:00
Lumpiasty
b7f3bdbbc6
Merge pull request 'chore(deps): update alpine docker tag to v3.24.0' ( #18 ) from renovate/alpine-3.x into main
...
ci/woodpecker/push/release-tag Pipeline is pending
ci/woodpecker/push/pr-build Pipeline was canceled
Reviewed-on: #18
2026-06-12 00:30:12 +00:00
Lumpiasty
c2fee4d239
Merge pull request 'chore(deps): update renovate/renovate docker tag to v43.220.0' ( #12 ) from renovate/renovate-renovate-43.x into main
...
ci/woodpecker/push/release-tag Pipeline is pending
ci/woodpecker/push/pr-build Pipeline was canceled
Reviewed-on: #12
2026-06-12 00:30:02 +00:00
Lumpiasty
cb70afb345
Fix renovate identity
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-12 02:27:47 +02:00
Lumpiasty
568f114c6e
Merge pull request 'State dir clarifications' ( #21 ) from feat/state-dir-docs into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
Reviewed-on: #21
2026-06-12 00:17:57 +00:00
Lumpiasty
6ba07dd23b
State dir clarifications
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-12 02:09:51 +02:00
Lumpiasty
3ae0ab3075
Merge pull request 'Log verbosity filtering feature' ( #20 ) from feat/verbosity-filter into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/tag/release Pipeline was successful
Reviewed-on: #20
2026-06-11 23:34:17 +00:00
Lumpiasty
ebf011908a
Log verbosity filtering feature
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-12 01:25:44 +02:00
Renovate
6c166066a6
Merge pull request 'chore(deps): update golang:1.26.4-alpine docker digest to a6a091e' ( #19 ) from renovate/golang-1.26.4-alpine into main
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
2026-06-11 02:14:06 +00:00
75b95fe4c4
chore(deps): update renovate/renovate docker tag to v43.220.0
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-11 02:00:59 +00:00
c8b5101416
chore(deps): update alpine docker tag to v3.24.0
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-11 02:00:57 +00:00
11d12737f7
chore(deps): update golang:1.26.4-alpine docker digest to a6a091e
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-11 02:00:55 +00:00
cba8447fa7
chore(deps): update busybox docker tag to v1.38.0
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-04 02:01:01 +00:00
Renovate
6b69bd7492
Merge pull request 'chore(deps): update golang docker tag to v1.26.4' ( #16 ) from renovate/golang-1.x into main
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
2026-06-03 02:13:10 +00:00
d085d3120e
chore(deps): update golang docker tag to v1.26.4
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-03 02:01:01 +00:00
Renovate
f576dc6f1f
Merge pull request 'chore(deps): update dependency tailscale to v1.98.5' ( #14 ) from renovate/tailscale-1.x into main
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/tag/release Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
2026-06-02 22:10:28 +00:00
e7dcdba8aa
chore(deps): update dependency tailscale to v1.98.5
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-02 21:57:48 +00:00
Lumpiasty
bd6c6cf4b2
Merge pull request 'fix: preserve v prefix for tailscale version' ( #15 ) from fix/renovate-datasource into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
Reviewed-on: #15
2026-06-02 21:47:13 +00:00
Lumpiasty
1a8b065283
fix: preserve v prefix for tailscale version
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-02 23:46:51 +02:00
Lumpiasty
7dacdccc01
Merge pull request 'make renovate recognise Tailscale version' ( #13 ) from fix/renovate-datasource into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
Reviewed-on: #13
2026-06-02 21:33:31 +00:00
Lumpiasty
8a34988dd4
make renovate recognise Tailscale version
ci/woodpecker/pr/pr-build Pipeline was canceled
2026-06-02 23:33:05 +02:00
Lumpiasty
6e5004aa0e
Merge pull request 'chore(deps): update renovate/renovate docker tag to v43.207.4' ( #10 ) from renovate/renovate-renovate-43.x into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
Reviewed-on: #10
2026-06-02 15:25:55 +00:00
Lumpiasty
57df037137
Merge pull request 'Fix tailscale up by building ipnbus and enable ip forwarding in entrypoint' ( #11 ) from fix/forwarding-and-ipnbus into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/tag/release Pipeline was successful
Reviewed-on: #11
2026-06-02 14:15:40 +00:00
Lumpiasty
315fd630e3
enable IP forwarding via entrypoint (fixes IPv6 subnet routes)
...
ci/woodpecker/pr/pr-build Pipeline was successful
tailscaled does not reliably enable IPv6 forwarding inside a container
network namespace ('IPv6 forwarding is disabled'), so advertised IPv6
subnet routes silently fail. Add a tiny entrypoint.sh that sets
net.ipv4.ip_forward and net.ipv6.conf.all.forwarding (writable inside a
RouterOS container netns), then exec's tailscaled. Built in the builder
stage so it stays in the single /usr/local/bin COPY layer.
Verified: privileged run flips v6 forwarding 0->1 and exec's tailscaled
with CMD args intact.
2026-06-02 16:06:10 +02:00
Lumpiasty
1bc10bcb6e
include ipnbus so 'tailscale up' waits and prints login URL
...
Without ipnbus, 'tailscale up' fires config at the daemon and returns
immediately ('built with ts_omit_ipnbus; not waiting for completion')
without printing the auth URL or confirming success. Add it to the
allowlist so interactive 'up' behaves normally.
2026-06-02 15:54:52 +02:00
745075f38c
chore(deps): update renovate/renovate docker tag to v43.207.4
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-02 02:01:04 +00:00
Lumpiasty
9ff1623958
Merge pull request 'Refactor of docs' ( #9 ) from refac/readme-cleanup into main
...
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
Reviewed-on: #9
2026-06-01 18:41:46 +00:00
Lumpiasty
94427bd3f4
Merge pull request 'chore(deps): update renovate/renovate docker tag to v43.205.3' ( #7 ) from renovate/renovate-renovate-43.x into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
Reviewed-on: #7
2026-06-01 18:27:32 +00:00
Lumpiasty
37938ac471
Merge pull request 'chore(deps): update alpine/git docker tag to v2.52.0' ( #6 ) from renovate/alpine-git-2.x into main
...
ci/woodpecker/push/release-tag Pipeline is pending
ci/woodpecker/push/pr-build Pipeline was canceled
Reviewed-on: #6
2026-06-01 18:27:24 +00:00
Lumpiasty
2ce364ea15
Merge pull request 'chore(deps): update alpine docker tag to v3.23.4' ( #5 ) from renovate/alpine-3.x into main
...
ci/woodpecker/push/release-tag Pipeline is pending
ci/woodpecker/push/pr-build Pipeline was canceled
Reviewed-on: #5
2026-06-01 18:27:07 +00:00
Lumpiasty
3057685588
Merge pull request 'chore(deps): update woodpeckerci/plugin-docker-buildx docker tag to v6' ( #8 ) from renovate/woodpeckerci-plugin-docker-buildx-6.x into main
...
ci/woodpecker/push/release-tag Pipeline is pending
ci/woodpecker/push/pr-build Pipeline was canceled
Reviewed-on: #8
2026-06-01 18:27:02 +00:00
Lumpiasty
3cf6a1faab
Manual refactor of docs
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-01 20:23:28 +02:00
43ed7efe98
chore(deps): update renovate/renovate docker tag to v43.205.3
ci/woodpecker/pr/pr-build Pipeline was successful
2026-06-01 02:01:06 +00:00
d45799a314
chore(deps): update woodpeckerci/plugin-docker-buildx docker tag to v6
ci/woodpecker/pr/pr-build Pipeline was successful
2026-05-30 02:04:22 +00:00
a1da2564fd
chore(deps): update alpine/git docker tag to v2.52.0
ci/woodpecker/pr/pr-build Pipeline was successful
2026-05-29 14:30:02 +00:00
9788fe146b
chore(deps): update alpine docker tag to v3.23.4
ci/woodpecker/pr/pr-build Pipeline was successful
2026-05-29 14:29:59 +00:00
Lumpiasty
f69263c480
Merge pull request 'test pr-build' ( #4 ) from test/pr-build-trigger into main
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
ci/woodpecker/cron/renovate Pipeline was successful
Reviewed-on: #4
2026-05-29 14:25:00 +00:00
Lumpiasty
ae8c114109
trigger pr-build
ci/woodpecker/pr/pr-build Pipeline was successful
2026-05-29 16:11:03 +02:00
Lumpiasty
ea0d90d8f0
automerge tailscale + component patch updates behind a PR build
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/push/pr-build Pipeline was successful
Add .woodpecker/pr-build.yaml: builds all three arches (dry-run, no push)
on PRs and pushes to main, reporting status to Gitea. This is the gate
for automerge.
renovate.json automerge rules (platformAutomerge, merged only after the
PR build passes):
- tailscale stable patch AND minor
- Go/Alpine/busybox PATCH only
- base-image digest refreshes
Minor/major of build deps and tooling stay manual.
Move pinDigests into a dockerfile packageRule (top-level dockerfile.* is
deprecated). Document the automerge policy and its caveat (PR build proves
build-only, not runtime) in DESIGN.md.
2026-05-29 15:49:47 +02:00
Lumpiasty
7d1b9f99a5
correct extracted-size measurement guidance
...
ci/woodpecker/push/release-tag Pipeline was successful
The ~7 MB seen via 'du' inside the container is RouterOS block-allocation
rounding (a 3 MB file occupies ~6 MB of blocks), NOT layer duplication —
verified: the published image carries tailscale.combined in exactly one
layer, and the real flash cost is ~3.7 MiB (free-hdd-space delta).
Fix the docs to measure on-flash footprint via free-hdd-space delta, not
du; clarify the overlayfs section is about keeping the image clean (still
valid best practice) and explicitly decouple it from the du number.
2026-05-29 04:49:54 +02:00
Lumpiasty
7a6efb52ec
include unixsocketidentity feature (fixes CLI access denied)
...
ci/woodpecker/push/release-tag Pipeline was successful
ci/woodpecker/tag/release Pipeline was successful
The --extra-small baseline omits unixsocketidentity, but without it the
localapi cannot verify a request came over the trusted unix socket, so
PermitRead/PermitWrite are always false and every CLI call (status, up,
set, ...) returns 'access denied' (tailscale/tailscale#17873 ). Add it to
the opt-in allowlist. Negligible size cost (~3.55 MB unchanged); the CLI
is non-functional without it.
2026-05-29 04:33:02 +02:00
Lumpiasty
e0cbaee48b
split docs into README + USAGE/DEVELOPMENT/DESIGN
...
ci/woodpecker/push/release-tag Pipeline was successful
README shrinks to a repo intro with pointers. Separate the three
audiences:
- docs/USAGE.md deploy the prebuilt image on RouterOS + operate it
- docs/DEVELOPMENT.md build, local test, version bump, cut releases
- docs/DESIGN.md size optimizations, feature allowlist, why the
updater and netmap disk-cache are removed, flash-wear
protection, versioning/release architecture, the
overlayfs layer-duplication gotcha, dependency pinning
2026-05-29 04:24:12 +02:00
Lumpiasty
01057e78b8
add RouterOS auto-update script
...
Scheduled script that recreates the container only when the published
:stable image digest actually changed — no wasteful re-pulls. Compares
the registry manifest digest (anonymous Gitea token + :deserialize for
the token JSON) against a stored digest; recreates + records on change.
Verified end-to-end on RouterOS 7.21.2:
- token URL omits &service= (& is RouterOS's AND operator and breaks url=)
- header digest parsed case-insensitively from the flat http-headers string
- container identified by name; mounts via mountlists (list=, not name=)
- stop/start waits retry the operation (remove/start) rather than polling
a status string, which never matched and forced full timeouts
- no /container get ... status (status is a flag, not a gettable property)
- installed as a named /system/script (NOT /import, which only executes once)
2026-05-29 04:24:03 +02:00
Lumpiasty
Renovate
Renovate Bot