control/keyfallback: add baked-in fallback for control keyandrew/keyfallback

Similar to how we bake in the DERPMap to ensure that we can reach the
DERP servers if DNS isn't working, also bake in the control key for the
default control server that we use if the control server is down.

Updates #13890

Signed-off-by: Andrew Dunham <andrew@du.nham.ca>
Change-Id: I18ef0381e266bd3db10063685993bc3cb76b2f42

1 files changed, 32 insertions, 0 deletions

diff --git a/control/keyfallback/keyfallback.go b/control/keyfallback/keyfallback.go
new file mode 100644
index 000000000..44a190f69
--- /dev/null
+++ b/control/keyfallback/keyfallback.go
@@ -0,0 +1,32 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Package keyfallback contains a fallback mechanism for starting up Tailscale
+// when the control server cannot be reached to obtain the primary Noise key.
+//
+// The data is backed by a JSON file `control-key.json` that is updated by
+// `update.go`:
+//
+//	(cd control/keyfallback; go run update.go)
+package keyfallback
+
+import (
+	_ "embed"
+	"encoding/json"
+
+	"tailscale.com/tailcfg"
+)
+
+// Get returns the fallback control server public key that was baked into the
+// binary at compile time. It is only valid for the main Tailscale control
+// server instance.
+func Get() (*tailcfg.OverTLSPublicKeyResponse, error) {
+	out := &tailcfg.OverTLSPublicKeyResponse{}
+	if err := json.Unmarshal(controlKeyJSON, out); err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+//go:embed control-key.json
+var controlKeyJSON []byte