Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Tailscale-rs: Official Rust library for embedding Tailscale(tailscale.com)
101 points by phantomathkg 5 days ago | 5 comments
mintflow 5 days ago | parent [-]

Finally a tailscale rust port is coming, i think it's will make build app with builtin tailscale connectivity more easily compared to libtailscale

rirze 5 days ago | parent [-]

I'm completely new to this space, but how are applications using tailscale as a library?

Are they creating their own mesh networks for internal or user use?

aseipp 5 days ago | parent | next [-]

Imagine something like writing a server with an /metrics HTTP endpoint that Prometheus can then scrape -- but you bind it on separate port only inside a tailnet, with an ephemeral tailnet key and name it "metrics-service-blahblah".

Now you can simply write a script that uses the tailscale API to find all "metrics-service-*" nodes in your tailnet, and then adds their IP/DNS to your prometheus scraping list. Run it every 60 seconds. Done, now you can just deploy your app anywhere on any cloud and it will get scraped and that route will never be exposed to the outer internet.

This will basically just let you attach bespoke applications and not just "computers" to your network. I suspect I will get a lot of use from it.

dovholuknf 4 days ago | parent [-]

Tailscale and Wireguard are great. I'm an OpenZiti maintainer and I've written/spoken about application embedded zero trust for many, many years. Still it seems most devs don't think it's important for whatever reason... It'll make me happy if Tailscale is successful here and can spread the word out to get more devs interested in embedding the secure connectivity directly into the apps instead of relying on the classic underlay network and bolting on security. If that sort of thing interests you, you could check out OpenZiti. It's not Wireguard-based for better or for worse you can decide (if you do end up checking it out)

tracker1 5 days ago | parent | prev [-]

Just speculating, but that it's an option to open/listen to a port, but that port is on a Tailscale network. So the app is largely unaware of the encryption over the top. Similarly, you could do similar for a client app. Where the Tailscale connectivity options are inside the app, instead of a proxy to the app that lives outside the apps.

Likely more transparent than explicit/implicit TLS.