feat: Add Tailscale networking (#3505)

* fix: Add coder user to docker group on installation

This makes for a simpler setup, and reduces the likelihood
a user runs into a strange issue.

* Add wgnet

* Add ping

* Add listening

* Finish refactor to make this work

* Add interface for swapping

* Fix conncache with interface

* chore: update gvisor

* fix tailscale types

* linting

* more linting

* Add coordinator

* Add coordinator tests

* Fix coordination

* It compiles!

* Move all connection negotiation in-memory

* Migrate coordinator to use net.conn

* Add closed func

* Fix close listener func

* Make reconnecting PTY work

* Fix reconnecting PTY

* Update CI to Go 1.19

* Add CLI flags for DERP mapping

* Fix Tailnet test

* Rename ConnCoordinator to TailnetCoordinator

* Remove print statement from workspace agent test

* Refactor wsconncache to use tailnet

* Remove STUN from unit tests

* Add migrate back to dump

* chore: Upgrade to Go 1.19

This is required as part of #3505.

* Fix reconnecting PTY tests

* fix: update wireguard-go to fix devtunnel

* fix migration numbers

* linting

* Return early for status if endpoints are empty

* Update cli/server.go

Co-authored-by: Colin Adler <colin1adler@gmail.com>

* Update cli/server.go

Co-authored-by: Colin Adler <colin1adler@gmail.com>

* Fix frontend entites

* Fix agent bicopy

* Fix race condition for the last node

* Fix down migration

* Fix connection RBAC

* Fix migration numbers

* Fix forwarding TCP to a local port

* Implement ping for tailnet

* Rename to ForceHTTP

* Add external derpmapping

* Expose DERP region names to the API

* Add global option to enable Tailscale networking for web

* Mark DERP flags hidden while testing

* Update DERP map on reconnect

* Add close func to workspace agents

* Fix race condition in upstream dependency

* Fix feature columns race condition

Co-authored-by: Colin Adler <colin1adler@gmail.com>

coderd/coderd_test.go

@@ -2,13 +2,21 @@ package coderd_test
 
 import (
 	"context"
+	"net/netip"
+	"strconv"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
+	"tailscale.com/tailcfg"
+
+	"cdr.dev/slog"
+	"cdr.dev/slog/sloggers/slogtest"
 
 	"github.com/coder/coder/buildinfo"
 	"github.com/coder/coder/coderd/coderdtest"
+	"github.com/coder/coder/tailnet"
 	"github.com/coder/coder/testutil"
 )
 
@@ -38,3 +46,71 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
 	skipRoutes, assertRoute := coderdtest.AGPLRoutes(a)
 	a.Test(ctx, assertRoute, skipRoutes)
 }
+
+func TestDERP(t *testing.T) {
+	t.Parallel()
+	client := coderdtest.New(t, nil)
+
+	logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
+
+	derpPort, err := strconv.Atoi(client.URL.Port())
+	require.NoError(t, err)
+	derpMap := &tailcfg.DERPMap{
+		Regions: map[int]*tailcfg.DERPRegion{
+			1: {
+				RegionID:   1,
+				RegionCode: "cdr",
+				RegionName: "Coder",
+				Nodes: []*tailcfg.DERPNode{{
+					Name:      "1a",
+					RegionID:  1,
+					HostName:  client.URL.Hostname(),
+					DERPPort:  derpPort,
+					STUNPort:  -1,
+					ForceHTTP: true,
+				}},
+			},
+		},
+	}
+	w1IP := tailnet.IP()
+	w1, err := tailnet.NewConn(&tailnet.Options{
+		Addresses: []netip.Prefix{netip.PrefixFrom(w1IP, 128)},
+		Logger:    logger.Named("w1"),
+		DERPMap:   derpMap,
+	})
+	require.NoError(t, err)
+
+	w2, err := tailnet.NewConn(&tailnet.Options{
+		Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
+		Logger:    logger.Named("w2"),
+		DERPMap:   derpMap,
+	})
+	require.NoError(t, err)
+	w1.SetNodeCallback(func(node *tailnet.Node) {
+		w2.UpdateNodes([]*tailnet.Node{node})
+	})
+	w2.SetNodeCallback(func(node *tailnet.Node) {
+		w1.UpdateNodes([]*tailnet.Node{node})
+	})
+
+	conn := make(chan struct{})
+	go func() {
+		listener, err := w1.Listen("tcp", ":35565")
+		assert.NoError(t, err)
+		defer listener.Close()
+		conn <- struct{}{}
+		nc, err := listener.Accept()
+		assert.NoError(t, err)
+		_ = nc.Close()
+		conn <- struct{}{}
+	}()
+
+	<-conn
+	nc, err := w2.DialContextTCP(context.Background(), netip.AddrPortFrom(w1IP, 35565))
+	require.NoError(t, err)
+	_ = nc.Close()
+	<-conn
+
+	w1.Close()
+	w2.Close()
+}