micqdf/TerraHome
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: make tailscale enrollment clone-safe and hostname-aware #22

Merged
micqdf merged 1 commits from stage into master 2026-02-28 02:02:50 +00:00
Conversation 0 Commits 1 Files Changed 2 +24 -10
2 changed files with 24 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.gitea/workflows/terraform-apply.yml
View File

@@ -81,12 +81,25 @@ jobs:
exit 0 exit 0
fi fi
echo "Expected format: host or host=hostname (comma-separated)"
install -m 700 -d ~/.ssh install -m 700 -d ~/.ssh
printf '%s\n' "$VM_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa printf '%s\n' "$VM_SSH_PRIVATE_KEY" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
for host in $(printf '%s' "$TAILSCALE_ENROLL_HOSTS" | tr ',' ' '); do for target in $(printf '%s' "$TAILSCALE_ENROLL_HOSTS" | tr ',' ' '); do
host="${target%%=*}"
ts_hostname=""
if [ "$host" != "$target" ]; then
ts_hostname="${target#*=}"
fi
echo "Enrolling $host into Tailscale" echo "Enrolling $host into Tailscale"
if [ -n "$ts_hostname" ]; then
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \ ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \
"echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null && sudo chmod 600 /etc/tailscale/authkey && sudo systemctl start tailscale-firstboot.service" "set -e; echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null; echo '$ts_hostname' | sudo tee /etc/tailscale/hostname >/dev/null; sudo chmod 600 /etc/tailscale/authkey; sudo hostnamectl set-hostname '$ts_hostname' || true; sudo systemctl restart tailscaled; sudo systemctl start tailscale-firstboot.service"
else
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa "micqdf@$host" \
"set -e; echo '$TS_AUTHKEY' | sudo tee /etc/tailscale/authkey >/dev/null; sudo chmod 600 /etc/tailscale/authkey; sudo systemctl restart tailscaled; sudo systemctl start tailscale-firstboot.service"
fi
done done

15
nixos/template-base/configuration.nix
View File

@@ -49,20 +49,21 @@
RemainAfterExit = true; RemainAfterExit = true;
}; };
script = '' script = ''
if [ -f /var/lib/tailscale/.joined ]; then
exit 0
fi
if [ ! -s /etc/tailscale/authkey ]; then if [ ! -s /etc/tailscale/authkey ]; then
exit 0 exit 0
fi fi
key="$(cat /etc/tailscale/authkey)" key="$(cat /etc/tailscale/authkey)"
${pkgs.tailscale}/bin/tailscale up --auth-key="$key" --hostname="$(hostname)" ts_hostname=""
if [ -s /etc/tailscale/hostname ]; then
ts_hostname="--hostname=$(cat /etc/tailscale/hostname)"
fi
rm -f /var/lib/tailscale/tailscaled.state
${pkgs.tailscale}/bin/tailscale up --reset --auth-key="$key" $ts_hostname
install -d -m 0700 /var/lib/tailscale
touch /var/lib/tailscale/.joined
rm -f /etc/tailscale/authkey rm -f /etc/tailscale/authkey
rm -f /etc/tailscale/hostname
''; '';
}; };