Update

2026-02-19 10:07:43 +00:00
parent 007438e372
commit 6e637ecf77
1763 changed files with 60820 additions and 279516 deletions
--- a/vendor/tailscale.com/flake.nix
+++ b/vendor/tailscale.com/flake.nix
@@ -32,7 +32,7 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
-    flake-utils.url = "github:numtide/flake-utils";
+    systems.url = "github:nix-systems/default";
    # Used by shell.nix as a compat shim.
    flake-compat = {
      url = "github:edolstra/flake-compat";
@@ -43,13 +43,32 @@
  outputs = {
    self,
    nixpkgs,
-    flake-utils,
+    systems,
    flake-compat,
  }: let
-    # tailscaleRev is the git commit at which this flake was imported,
-    # or the empty string when building from a local checkout of the
-    # tailscale repo.
+    goVersion = nixpkgs.lib.fileContents ./go.toolchain.version;
+    toolChainRev = nixpkgs.lib.fileContents ./go.toolchain.rev;
+    gitHash = nixpkgs.lib.fileContents ./go.toolchain.rev.sri;
+    eachSystem = f:
+      nixpkgs.lib.genAttrs (import systems) (system:
+        f (import nixpkgs {
+          system = system;
+          overlays = [
+            (final: prev: {
+              go_1_25 = prev.go_1_25.overrideAttrs {
+                version = goVersion;
+                src = prev.fetchFromGitHub {
+                  owner = "tailscale";
+                  repo = "go";
+                  rev = toolChainRev;
+                  sha256 = gitHash;
+                };
+              };
+            })
+          ];
+        }));
    tailscaleRev = self.rev or "";
+  in {
    # tailscale takes a nixpkgs package set, and builds Tailscale from
    # the same commit as this flake. IOW, it provides "tailscale built
    # from HEAD", where HEAD is "whatever commit you imported the
@@ -67,16 +86,20 @@
    # So really, this flake is for tailscale devs to dogfood with, if
    # you're an end user you should be prepared for this flake to not
    # build periodically.
-    tailscale = pkgs:
-      pkgs.buildGo123Module rec {
+    packages = eachSystem (pkgs: rec {
+      default = pkgs.buildGo125Module {
        name = "tailscale";
-
+        pname = "tailscale";
        src = ./.;
        vendorHash = pkgs.lib.fileContents ./go.mod.sri;
-        nativeBuildInputs = pkgs.lib.optionals pkgs.stdenv.isLinux [pkgs.makeWrapper];
+        nativeBuildInputs = [pkgs.makeWrapper pkgs.installShellFiles];
        ldflags = ["-X tailscale.com/version.gitCommitStamp=${tailscaleRev}"];
-        CGO_ENABLED = 0;
-        subPackages = ["cmd/tailscale" "cmd/tailscaled"];
+        env.CGO_ENABLED = 0;
+        subPackages = [
+          "cmd/tailscale"
+          "cmd/tailscaled"
+          "cmd/tsidp"
+        ];
        doCheck = false;

        # NOTE: We strip the ${PORT} and $FLAGS because they are unset in the
@@ -84,32 +107,31 @@
        # point, there should be a NixOS module that allows configuration of these
        # things, but for now, we hardcode the default of port 41641 (taken from
        # ./cmd/tailscaled/tailscaled.defaults).
-        postInstall = pkgs.lib.optionalString pkgs.stdenv.isLinux ''
-          wrapProgram $out/bin/tailscaled --prefix PATH : ${pkgs.lib.makeBinPath [pkgs.iproute2 pkgs.iptables pkgs.getent pkgs.shadow]}
-          wrapProgram $out/bin/tailscale --suffix PATH : ${pkgs.lib.makeBinPath [pkgs.procps]}
+        postInstall =
+          pkgs.lib.optionalString pkgs.stdenv.isLinux ''
+            wrapProgram $out/bin/tailscaled --prefix PATH : ${pkgs.lib.makeBinPath [pkgs.iproute2 pkgs.iptables pkgs.getent pkgs.shadow]}
+            wrapProgram $out/bin/tailscale --suffix PATH : ${pkgs.lib.makeBinPath [pkgs.procps]}

-          sed -i \
-            -e "s#/usr/sbin#$out/bin#" \
-            -e "/^EnvironmentFile/d" \
-            -e 's/''${PORT}/41641/' \
-            -e 's/$FLAGS//' \
-            ./cmd/tailscaled/tailscaled.service
+            sed -i \
+              -e "s#/usr/sbin#$out/bin#" \
+              -e "/^EnvironmentFile/d" \
+              -e 's/''${PORT}/41641/' \
+              -e 's/$FLAGS//' \
+              ./cmd/tailscaled/tailscaled.service

-          install -D -m0444 -t $out/lib/systemd/system ./cmd/tailscaled/tailscaled.service
-        '';
+            install -D -m0444 -t $out/lib/systemd/system ./cmd/tailscaled/tailscaled.service
+          ''
+          + pkgs.lib.optionalString (pkgs.stdenv.buildPlatform.canExecute pkgs.stdenv.hostPlatform) ''
+            installShellCompletion --cmd tailscale \
+              --bash <($out/bin/tailscale completion bash) \
+              --fish <($out/bin/tailscale completion fish) \
+              --zsh <($out/bin/tailscale completion zsh)
+          '';
      };
+      tailscale = default;
+    });

-    # This whole blob makes the tailscale package available for all
-    # OS/CPU combos that nix supports, as well as a dev shell so that
-    # "nix develop" and "nix-shell" give you a dev env.
-    flakeForSystem = nixpkgs: system: let
-      pkgs = nixpkgs.legacyPackages.${system};
-      ts = tailscale pkgs;
-    in {
-      packages = {
-        default = ts;
-        tailscale = ts;
-      };
+    devShells = eachSystem (pkgs: {
      devShell = pkgs.mkShell {
        packages = with pkgs; [
          curl
@@ -118,7 +140,7 @@
          gotools
          graphviz
          perl
-          go_1_23
+          go_1_25
          yarn

          # qemu and e2fsprogs are needed for natlab
@@ -126,8 +148,7 @@
          e2fsprogs
        ];
      };
-    };
-  in
-    flake-utils.lib.eachDefaultSystem (system: flakeForSystem nixpkgs system);
+    });
+  };
 }
-# nix-direnv cache busting line: sha256-xO1DuLWi6/lpA9ubA2ZYVJM+CkVNA5IaVGZxX9my0j0=
+# nix-direnv cache busting line: sha256-WeMTOkERj4hvdg4yPaZ1gRgKnhRIBXX55kUVbX/k/xM=