refactor: use direct tailscale auth-key enrollment
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 18s
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 18s
Stop writing auth keys to guest files and enroll nodes by running tailscale up directly via Proxmox guest agent with VM-name hostnames.
This commit is contained in:
@@ -199,14 +199,12 @@ jobs:
|
|||||||
safe_hostname = hostname.replace("'", "'\"'\"'")
|
safe_hostname = hostname.replace("'", "'\"'\"'")
|
||||||
cmd = (
|
cmd = (
|
||||||
"set -e; "
|
"set -e; "
|
||||||
"install -d -m 700 /etc/tailscale; "
|
|
||||||
f"printf '%s' '{safe_key}' > /etc/tailscale/authkey; "
|
|
||||||
f"printf '%s' '{safe_hostname}' > /etc/tailscale/hostname; "
|
|
||||||
"chmod 600 /etc/tailscale/authkey; "
|
|
||||||
f"hostnamectl set-hostname '{safe_hostname}' || true; "
|
f"hostnamectl set-hostname '{safe_hostname}' || true; "
|
||||||
|
"install -d -m 700 /var/lib/tailscale; "
|
||||||
|
"rm -f /var/lib/tailscale/tailscaled.state; "
|
||||||
"systemctl restart tailscaled; "
|
"systemctl restart tailscaled; "
|
||||||
"systemctl start tailscale-firstboot.service; "
|
f"/run/current-system/sw/bin/tailscale up --reset --auth-key='{safe_key}' --hostname='{safe_hostname}'; "
|
||||||
"tailscale status || true"
|
"/run/current-system/sw/bin/tailscale status || true"
|
||||||
)
|
)
|
||||||
|
|
||||||
exitcode, stdout, stderr = exec_guest(vmid, cmd)
|
exitcode, stdout, stderr = exec_guest(vmid, cmd)
|
||||||
|
|||||||
@@ -39,37 +39,6 @@
|
|||||||
|
|
||||||
security.sudo.wheelNeedsPassword = false;
|
security.sudo.wheelNeedsPassword = false;
|
||||||
|
|
||||||
systemd.services.tailscale-firstboot = {
|
|
||||||
description = "One-time Tailscale enrollment";
|
|
||||||
after = [ "network-online.target" "tailscaled.service" ];
|
|
||||||
wants = [ "network-online.target" "tailscaled.service" ];
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
};
|
|
||||||
script = ''
|
|
||||||
install -d -m 0700 /etc/tailscale
|
|
||||||
|
|
||||||
if [ ! -s /etc/tailscale/authkey ]; then
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
key="$(cat /etc/tailscale/authkey)"
|
|
||||||
ts_hostname=""
|
|
||||||
if [ -s /etc/tailscale/hostname ]; then
|
|
||||||
ts_hostname="--hostname=$(cat /etc/tailscale/hostname)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
install -d -m 0700 /var/lib/tailscale
|
|
||||||
rm -f /var/lib/tailscale/tailscaled.state
|
|
||||||
${pkgs.tailscale}/bin/tailscale up --reset --auth-key="$key" $ts_hostname
|
|
||||||
|
|
||||||
rm -f /etc/tailscale/authkey
|
|
||||||
rm -f /etc/tailscale/hostname
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
btop
|
btop
|
||||||
curl
|
curl
|
||||||
|
|||||||
Reference in New Issue
Block a user