security/tailscale: make login timeout (tailscale up --timeout parameter) configurable (#4490)

security/tailscale/src/opnsense/mvc/app/controllers/OPNsense/Tailscale/forms/settings.xml

@@ -5,10 +5,17 @@
         <type>checkbox</type>
         <help>This will activate the Tailscale service.</help>
     </field>
+    <field>
+        <id>settings.loginTimeout</id>
+        <label>Login timeout</label>
+        <type>text</type>
+        <advanced>true</advanced>
+        <help>Maximum time to wait for successful login, in seconds. Set to 0 to wait indefinitely, however this may prevent OPNsense booting completely if the Tailscale control plane is unavailable. Default is 10 seconds.</help>
+    </field>
     <field>
         <id>settings.listenPort</id>
         <label>Listen Port</label>
-	<type>text</type>
+        <type>text</type>
         <help>UDP port to listen on for WireGuard and peer-to-peer traffic.</help>
     </field>
     <field>

security/tailscale/src/opnsense/mvc/app/models/OPNsense/Tailscale/Settings.xml

@@ -6,6 +6,10 @@
             <default>0</default>
             <Required>Y</Required>
         </enabled>
+        <loginTimeout type="IntegerField">
+            <default>10</default>
+            <Required>Y</Required>
+        </loginTimeout>
         <listenPort type="PortField">
             <default>41641</default>
             <Required>Y</Required>

security/tailscale/src/opnsense/service/templates/OPNsense/Tailscale/rc.conf.d

@@ -10,6 +10,7 @@ tailscaled_enable="YES"
 tailscaled_port="{{ OPNsense.tailscale.settings.listenPort }}"
 {%    endif %}
 {%    set up_args = [] %}
+{%      do up_args.append("--timeout=" + OPNsense.tailscale.settings.loginTimeout + "s") %}
 {%    if helpers.exists('OPNsense.tailscale.settings.advertiseExitNode') and OPNsense.tailscale.settings.advertiseExitNode|default("0") == "1" %}
 {%      do up_args.append("--advertise-exit-node") %}
 {%    else %}