tailscale/golink tailscale/golink

  • Stars
    star
    1,120
  • Rank 39,910 (Top 0.9 %)
  • Language
    Go
  • License
    BSD 3-Clause "New...
  • Created over 1 year ago
  • Updated about 1 month ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
tailscale/golink
github

tailscale

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A private shortlink service for tailnets

golink

status: experimental

golink is a private shortlink service for your tailnet. It lets you create short, memorable links for the websites you and your team use most. If you're new to golink, learn more in our announcement blog post. If you were looking for a SaaS go link service that doesn't use Tailscale, you might be thinking of golinks.io or trot.to

Screenshot of golink home screen

Building and running

To build from source and run in dev mode:

go run ./cmd/golink -dev-listen :8080

golink will be available at http://localhost:8080/, storing links in a temporary database, and will not attempt to join a tailnet.

The equivalent using the pre-built docker image:

docker run -it --rm -p 8080:8080 ghcr.io/tailscale/golink:main -dev-listen :8080

If you receive the docker error unable to open database file: out of memory (14), use a persistent volume as documented in Running in production.

Updating Dependencies

After updating dependencies and making changes to go.mod and go.sum, flake.nix needs to be updated to reflect the new SHA256 of the go dependencies. This can be done by running:

./update-flake.sh

Joining a tailnet

Create an auth key for your tailnet at https://login.tailscale.com/admin/settings/keys. Configure the auth key to your preferences, but at a minimum we generally recommend:

  • add a tag (maybe something like tag:golink) to make it easier to set ACLs for controlling access and to ensure the node doesn't expires.
  • don't set "ephemeral" so the node isn't removed if it goes offline

Once you have a key, set it as the TS_AUTHKEY environment variable when starting golink. You will also need to specify your sqlite database file:

TS_AUTHKEY="tskey-auth-<key>" go run ./cmd/golink -sqlitedb golink.db

golink stores its tailscale data files in a tsnet-golink directory inside os.UserConfigDir. As long as this is on a persistent volume, the auth key only needs to be provided on first run.

MagicDNS

When golink joins your tailnet, it will attempt to use "go" as its node name, and will be available at http://go.tailnet0000.ts.net/ (or whatever your tailnet name is). To make it accessible simply as http://go/, enable MagicDNS for your tailnet. With MagicDNS enabled, no special configuration or browser extensions are needed on client devices. Users just need to have Tailscale installed and connected to the tailnet.

Running in production

golink compiles as a single static binary (including the frontend) and can be deployed and run like any other binary. Two pieces of data should be on persistent volumes:

  • tailscale data files in the tsnet-golink directory inside os.UserConfigDir
  • the sqlite database file where links are stored

In the docker image, both are stored in /home/nonroot, so you can mount a persistent volume:

docker run -v /persistent/data:/home/nonroot ghcr.io/tailscale/golink:main

The mounted directory will need to be writable by the nonroot user (uid: 65532, gid: 65532), for example by calling sudo chown 65532 /persistent/data. Alternatively, you can run golink as root using docker run -u root.

No ports need to be exposed, whether running as a binary or in docker. golink will listen on port 80 on the tailscale interface, so can be accessed at http://go/.

Deploy on Fly

See https://fly.io/docs/ for full instructions for deploying apps on Fly, but this should give you a good start. Replace FLY_APP_NAME and FLY_VOLUME_NAME with your app and volume names.

Create a fly.toml file:

app = "FLY_APP_NAME"

[build]
image = "ghcr.io/tailscale/golink:main"

[deploy]
strategy = "immediate"

[mounts]
source="FLY_VOLUME_NAME"
destination="/home/nonroot"

Then run the commands with the flyctl CLI.

$ flyctl apps create FLY_APP_NAME
$ flyctl volumes create FLY_VOLUME_NAME
$ flyctl secrets set TS_AUTHKEY=tskey-auth-<key>
$ flyctl deploy

Backups

Once you have golink running, you can backup all of your links in JSON lines format from http://go/.export. At Tailscale, we snapshot our links weekly and store them in git.

To restore links, specify the snapshot file on startup. Only links that don't already exist in the database will be added.

golink -snapshot links.json

You can also resolve links locally using a snapshot file:

golink -resolve-from-backup links.json go/link

Firefox configuration

If you're using Firefox, you might want to configure two options to make it easy to load links:

  • to prevent go/ page loads from the address bar being treated as searches, navigate to about:config and add a boolean setting browser.fixup.domainwhitelist.go with a value of true

  • if you use HTTPS-Only Mode, add an exception

More Repositories

1

tailscale

The easiest, most secure way to use WireGuard and 2FA.
Go
16,304
star
2

tailscale-synology

Synology packages for tailscale.com
833
star
3

tailscale-android

Tailscale Android Client
Kotlin
812
star
4

hujson

HuJSON: JSON for Humans (JWCC: JSON w/ comments and trailing commas)
Go
561
star
5

github-action

A GitHub Action to connect your workflow to your Tailscale network.
472
star
6

tailscale-qpkg

Package Tailscale client in QPKG
Shell
439
star
7

depaware

depaware makes you aware of your Go dependencies
Go
427
star
8

caddy-tailscale

A highly experimental exploration of integrating Tailscale and Caddy.
Go
238
star
9

terraform-provider-tailscale

Terraform provider for Tailscale
Go
236
star
10

security-policies

Security policies for Tailscale
234
star
11

sqlite

work in progress
Go
184
star
12

libtailscale

Tailscale C library
Go
153
star
13

pam

An experimental, work-in-progress PAM module for Tailscale
Rust
139
star
14

tailetc

total-memory-cache etcd v3 client
Go
135
star
15

ToBeReviewedBot

GitHub App to watch for PRs merged without a reviewer approving.
Go
111
star
16

cpc

a copy tool
Go
98
star
17

go-mod-archiver

go.mod git archiver
Go
88
star
18

wf

Package for controlling the Windows firewall (aka Windows Filtering Platform, WFP)
Go
75
star
19

gitops-acl-action

GitOps for your Tailscale ACLs
70
star
20

setec

Go
70
star
21

codespace

Experimenting with codespaces
Shell
68
star
22

mkctr

mkctr: cross platform container builder for go
Go
59
star
23

docker-extension

Docker Desktop extension adding Tailscale networking.
TypeScript
58
star
24

wireguard-go

Tailscale's temporary fork of https://git.zx2c4.com/wireguard-go
Go
50
star
25

tailscale-client-go

A client implementation for the Tailscale HTTP API
Go
49
star
26

tailsql

A SQL playground service over Tailscale.
Go
43
star
27

art

implementation of the Allotment Routing Table (ART) algorithm by Donald Knuth, as described in the paper by Yoichi Hariguchi
Go
41
star
28

tmemes

A meme generator for your tailnet!
Go
32
star
29

scertec

ACME client daemon that puts fresh HTTPS certs in setec, and client to get them out of at serving time
Go
29
star
30

squibble

A lightweight schema manager for SQLite databases.
Go
24
star
31

tscert

Minimal package for just the HTTPS cert fetching part of the Tailscale client API
Go
19
star
32

tailscale-chocolatey

Chocolatey packaging for Tailscale IPN
PowerShell
16
star
33

gitpod

Investigation into gitpod.io
Shell
11
star
34

tailscale-aws-host-acl-updater

Update Hosts list in Tailscale ACL file as AWS resources move about.
Go
11
star
35

wintun

Fork of https://git.zx2c4.com/wintun
C
10
star
36

peercred

Go
9
star
37

terms-and-conditions

Terms and conditions for Tailscale
9
star
38

winipcfg-go

old fork of https://git.zx2c4.com/winipcfg-go, from before it moved to the wireguard-windows repo; no longer used by Tailscale
Go
6
star
39

ts-webhook-adapter

Adapter for Tailscale Webhooks for Microsoft Teams and Discord.
Go
6
star
40

go-mod-tidy-broken

demo showing a go mod tidy bug
Go
4
star
41

tb

Go
4
star
42

issue-status

Tailscale's status page
JavaScript
2
star
43

bradtest

Brad's GitHub automation test repo
Go
2
star
44

web-client-prebuilt

Prebuilt assets for the Tailscale web client
HTML
2
star
45

quis-custodiet

quis custodiet ipsos custodes: a service to check whether someone is assigned to oncall on each calendar at squadcast.com.
Go
1
star
46

active-directory-sites-subnets

Populate Active Directory Sites & Subnets table for Tailscale clients
Go
1
star