From 93bba9fbfc8f2a6652f78b4f390e6d2d8771ce1d Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 28 Feb 2026 13:24:24 +0000
Subject: [PATCH] fix: make cloud-init tailscale bootstrap resilient

Add retry loop for tailscale up during first boot and fallback without tag advertisement when tag auth is unavailable, so nodes still join tailnet.
---
 terraform/files/cloud_init_global.tpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/terraform/files/cloud_init_global.tpl b/terraform/files/cloud_init_global.tpl
index 633522d..a3134fc 100644
--- a/terraform/files/cloud_init_global.tpl
+++ b/terraform/files/cloud_init_global.tpl
@@ -13,5 +13,5 @@ users:
       - ${SSH_KEY_PUBLIC}
 
 runcmd:
-  - [ /run/current-system/sw/bin/sh, -lc, "install -d -m 700 /var/lib/tailscale && rm -f /var/lib/tailscale/tailscaled.state" ]
-  - [ /run/current-system/sw/bin/sh, -lc, "/run/current-system/sw/bin/tailscale up --reset --auth-key='${TS_AUTHKEY}' --hostname='$(hostname)' --advertise-tags='tag:k8s'" ]
+  - [ /run/current-system/sw/bin/sh, -lc, "set -eu; install -d -m 700 /var/lib/tailscale; rm -f /var/lib/tailscale/tailscaled.state" ]
+  - [ /run/current-system/sw/bin/sh, -lc, "set -eu; for i in 1 2 3 4 5; do /run/current-system/sw/bin/tailscale up --reset --auth-key='${TS_AUTHKEY}' --hostname='$(hostname)' --advertise-tags='tag:k8s' && exit 0; sleep 15; done; /run/current-system/sw/bin/tailscale up --reset --auth-key='${TS_AUTHKEY}' --hostname='$(hostname)'" ]