feat(collabora): add second tailscale instance #35

Internally for Freshly we use Tailscale to access hosts, but Collabora
now also use Tailscale to access hosts. For a while, I've been using
'tailscale switch' to move back/forth but this takes some time and
doesn't allow me to use multiple nets at once.

I evaluated what I wanted to use my own personal tailscale for, and it
was the following things:
- https://files.freshly.space (I have a mounted webdav drive which is
only available over tailscale, and the web interface auto-logs-in over
tailscale which is very nice...)
- https://silverbullet.clicks.codes (All of my notes are here. I would
need to switch notetaking app for work stuff if I were to stop using
my own tailnet)
- https://silverbullet.starrysky.fyi (Actually, some work stuff is also
here because I have some things which I am contractually obliged not
to make public - even to my friends. This one does tailscale auth to
check that I am my own tailscale user)
- My own devices (which I could put on to the work tailnet, although I
would either forgo nice device names or manage my own /etc/hosts and I
would need to manage switching back/forth (potentially making any
/etc/hosts editing pretty fraught...))

While some of this could be put on the work tailnet, by no means all of
it could be.

In contrast, I need the work tailnet to access SSH/web interfaces for
several internal services. These can't be used without it, but I only
really need to use them from redhead.

The cleanest solution is to have multiple tailnets at once - and select
which one I'm using such that the collabora tailnet is only used for the
things it's needed for.

Here's how I'm proxying SSH hosts through the tailnet

Host collabora-foo foo
ProxyCommand nc -X 5 -x localhost:1055 %h %p
Hostname <some tailnet hostname>
...

And I'm using the "FoxyProxy" extension in Firefox to do the same for
specific URL matches. I'm hoping this'll be enough to let me neatly
access everything I want to all of the time...

Internally for Freshly we use Tailscale to access hosts, but Collabora
now also use Tailscale to access hosts. For a while, I've been using
'tailscale switch' to move back/forth but this takes some time and
doesn't allow me to use multiple nets at once.

I evaluated what I wanted to use my own personal tailscale for, and it
was the following things:
- https://files.freshly.space (I have a mounted webdav drive which is
only available over tailscale, and the web interface auto-logs-in over
tailscale which is very nice...)
- https://silverbullet.clicks.codes (All of my notes are here. I would
need to switch notetaking app for work stuff if I were to stop using
my own tailnet)
- https://silverbullet.starrysky.fyi (Actually, some work stuff is also
here because I have some things which I am contractually obliged not
to make public - even to my friends. This one does tailscale auth to
check that I am my own tailscale user)
- My own devices (which I could put on to the work tailnet, although I
would either forgo nice device names or manage my own /etc/hosts and I
would need to manage switching back/forth (potentially making any
/etc/hosts editing pretty fraught...))

While some of this could be put on the work tailnet, by no means all of
it could be.

In contrast, I need the work tailnet to access SSH/web interfaces for
several internal services. These can't be used without it, but I only
really need to use them from redhead.

The cleanest solution is to have multiple tailnets at once - and select
which one I'm using such that the collabora tailnet is only used for the
things it's needed for.

Here's how I'm proxying SSH hosts through the tailnet

Host collabora-foo foo
ProxyCommand nc -X 5 -x localhost:1055 %h %p
Hostname <some tailnet hostname>
...

And I'm using the "FoxyProxy" extension in Firefox to do the same for
specific URL matches. I'm hoping this'll be enough to let me neatly
access everything I want to all of the time...