blob: 92f50c386e28ba4d759989dff36abfab94e39cdd (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
#!/usr/bin/env bash
set -e
CMD0="${0##*/}"
TS_HOSTNAME="${HOSTNAME}-initrd"
TS_AUTHKEY=""
TS_STATEDIR=/etc/initcpio/tailscale
PID=""
usage() {
cat <<EOF
usage: ${CMD0} [options]
Options:
-H Hostname to use when registering the node (default: '${TS_HOSTNAME}')
-k Node authorization key; if it begins with "file:", then it's a
path to a file containing the authkey. (default: '${TS_AUTHKEY}')
EOF
}
info() { printf >&2 "${CMD0} INFO : %s\n" "$1"; }
error() { printf >&2 "${CMD0} ERROR: %s\n" "$1"; }
die() { error "$@"; exit 1; }
cleanup() {
if [[ -n "${SETUPDIR}" ]]; then
rm -rf "${SETUPDIR}"
fi
if [[ -n "$PID" ]]; then
kill "$PID"
fi
exit 0
}
trap "cleanup" EXIT
while getopts H:k:d:t:h flag; do
case "$flag" in
H) TS_HOSTNAME="$OPTARG" ;;
k) TS_AUTHKEY="$OPTARG" ;;
?) usage; exit 0 ;;
esac
done
shift $(( OPTIND - 1 ))
SETUPDIR="$(mktemp -d)"
socket="${SETUPDIR}/tailscaled.sock"
state="${SETUPDIR}/tailscaled.state"
tailscaled \
-state="$state" \
-socket="$socket" \
-no-logs-no-support \
-tun=userspace-networking \
>"${SETUPDIR}/setup-tailscaled.log" 2>&1 &
PID="$!"
if ! tailscale -socket="$socket" up --qr --authkey="$TS_AUTHKEY" --hostname="$TS_HOSTNAME"; then
cp -f "${SETUPDIR}/setup-tailscaled.log" /tmp/
die "Failed to configure tailscale. Check daemon logs at /tmp/setup-tailscaled.log"
fi
[[ "$(id -u)" != 0 ]] && xsu=sudo || xsu=""
$xsu install -o root -g root -m600 -d "${TS_STATEDIR}"
$xsu install -o root -g root -m644 -t "${TS_STATEDIR}" "${SETUPDIR}/tailscaled.state"
$xsu tee "${TS_STATEDIR}/default.env" >/dev/null <<EOF
# Set the port to listen on for incoming VPN packets.
# Remote nodes will automatically be informed about the new port number,
# but you might want to configure this in order to set external firewall
# settings.
PORT="41641"
# Extra flags you might want to pass to tailscaled.
FLAGS=""
EOF
info "tailscale successfully configured.
Next steps:
* Disable key expiry for '${TS_HOSTNAME}' at https://login.tailscale.com/admin/machines
* Review ${TS_STATEDIR}/default.env (as root)
* Edit /etc/mkinitcpio.conf and add 'tailscale' hook for busybox init, or sd-tailscale' hook for systemd init.
* Run 'mkinitcpio -P' to rebuild initramfs
* Check the README at https://github.com/dangra/mkinitcpio-tailscale for security considerations
enjoy!
"
|