fix: add CODER_AGENT_TAILNET_LISTEN_PORT for specifying a static tailnet port (#6980)

Fixes #5175.
2025-07-06 15:41:45 +00:00 · 2023-04-03 11:20:19 -05:00
parent 4ee01dc95c
commit bc18f6c113
4 changed files with 35 additions and 17 deletions
--- a/agent/agent.go
+++ b/agent/agent.go
@ -82,6 +82,7 @@ type Options struct {
 	Logger                 slog.Logger
 	AgentPorts             map[int]string
 	SSHMaxTimeout          time.Duration
+	TailnetListenPort      uint16
 }

 type Client interface {
@ -118,6 +119,7 @@ func New(options Options) io.Closer {
 	}
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	a := &agent{
+		tailnetListenPort:      options.TailnetListenPort,
 		reconnectingPTYTimeout: options.ReconnectingPTYTimeout,
 		logger:                 options.Logger,
 		closeCancel:            cancelFunc,
@ -142,6 +144,7 @@ type agent struct {
 	logger            slog.Logger
 	client            Client
 	exchangeToken     func(ctx context.Context) (string, error)
+	tailnetListenPort uint16
 	filesystem        afero.Fs
 	logDir            string
 	tempDir           string
@ -609,6 +612,7 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (_
 		Addresses:  []netip.Prefix{netip.PrefixFrom(codersdk.WorkspaceAgentIP, 128)},
 		DERPMap:    derpMap,
 		Logger:     a.logger.Named("tailnet"),
+		ListenPort: a.tailnetListenPort,
 	})
 	if err != nil {
 		return nil, xerrors.Errorf("create tailnet: %w", err)
--- a/cli/agent.go
+++ b/cli/agent.go
@ -35,6 +35,7 @@ func (r *RootCmd) workspaceAgent() *clibase.Cmd {
 		pprofAddress      string
 		noReap            bool
 		sshMaxTimeout     time.Duration
+		tailnetListenPort int64
 	)
 	cmd := &clibase.Cmd{
 		Use:   "agent",
@ -190,6 +191,7 @@ func (r *RootCmd) workspaceAgent() *clibase.Cmd {
 				Client:            client,
 				Logger:            logger,
 				LogDir:            logDir,
+				TailnetListenPort: uint16(tailnetListenPort),
 				ExchangeToken: func(ctx context.Context) (string, error) {
 					if exchangeToken == nil {
 						return client.SDK.SessionToken(), nil
@ -248,6 +250,13 @@ func (r *RootCmd) workspaceAgent() *clibase.Cmd {
 			Description: "Specify the max timeout for a SSH connection.",
 			Value:       clibase.DurationOf(&sshMaxTimeout),
 		},
+		{
+			Flag:        "tailnet-listen-port",
+			Default:     "0",
+			Env:         "CODER_AGENT_TAILNET_LISTEN_PORT",
+			Description: "Specify a static port for Tailscale to use for listening.",
+			Value:       clibase.Int64Of(&tailnetListenPort),
+		},
 	}

 	return cmd
--- a/cli/testdata/coder_agent_--help.golden
+++ b/cli/testdata/coder_agent_--help.golden
@ -18,5 +18,8 @@ Starts the Coder workspace agent.
      --ssh-max-timeout duration, $CODER_AGENT_SSH_MAX_TIMEOUT (default: 0)
          Specify the max timeout for a SSH connection.

+      --tailnet-listen-port int, $CODER_AGENT_TAILNET_LISTEN_PORT (default: 0)
+          Specify a static port for Tailscale to use for listening.
+
 ---
 Run `coder --help` for a list of global options.
--- a/tailnet/conn.go
+++ b/tailnet/conn.go
@ -59,6 +59,7 @@ type Options struct {
 	// If so, only DERPs can establish connections.
 	BlockEndpoints bool
 	Logger         slog.Logger
+	ListenPort     uint16
 }

 // NewConn constructs a new Wireguard server that will accept connections from the addresses provided.
@ -137,6 +138,7 @@ func NewConn(options *Options) (conn *Conn, err error) {
 	wireguardEngine, err := wgengine.NewUserspaceEngine(Logger(options.Logger.Named("wgengine")), wgengine.Config{
 		LinkMonitor: wireguardMonitor,
 		Dialer:      dialer,
+		ListenPort:  options.ListenPort,
 	})
 	if err != nil {
 		return nil, xerrors.Errorf("create wgengine: %w", err)