-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsetup-tailscale.sh
More file actions
executable file
·147 lines (127 loc) · 4.1 KB
/
setup-tailscale.sh
File metadata and controls
executable file
·147 lines (127 loc) · 4.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/usr/bin/env bash
set -euo pipefail
FORCE=0
for arg in "$@"; do
case "$arg" in
--force) FORCE=1 ;;
esac
done
log() { echo "[setup-tailscale] $*"; }
die() { log "ERROR: $*"; exit 1; }
trap 'die "failed at line ${LINENO} (exit $?)"' ERR
if [[ "${EUID}" -eq 0 ]]; then
log "refusing to run as root/sudo. Run as a normal user; this step will use sudo internally as needed."
exit 1
fi
if [[ ! -t 0 ]]; then
log "stdin is not a TTY; skipping interactive tailscale setup."
exit 0
fi
have_tailscale=0
if command -v tailscale >/dev/null 2>&1; then
have_tailscale=1
fi
if [[ "$FORCE" -eq 1 ]] || [[ "$have_tailscale" -ne 1 ]]; then
if ! command -v curl >/dev/null 2>&1; then
die "missing 'curl'. Run ./setup.sh (or install curl) and try again."
fi
log "configuring Tailscale apt repository"
. /etc/os-release
sudo install -m 0755 -d /usr/share/keyrings
# Official packages: write keyring + sources list without temp files.
curl -fsSL "https://pkgs.tailscale.com/stable/ubuntu/${VERSION_CODENAME}.noarmor.gpg" \
| sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL "https://pkgs.tailscale.com/stable/ubuntu/${VERSION_CODENAME}.tailscale-keyring.list" \
| sudo tee /etc/apt/sources.list.d/tailscale.list >/dev/null
log "installing tailscale"
sudo apt-get update -y
if [[ "$FORCE" -eq 1 ]]; then
sudo apt-get install -y --reinstall tailscale
else
sudo apt-get install -y tailscale
fi
else
log "tailscale already present at: $(command -v tailscale)"
fi
log "enabling and starting tailscaled"
sudo systemctl enable --now tailscaled
sudo systemctl status --no-pager tailscaled >/dev/null
log "checking current tailscale state"
status_ec=0
if sudo tailscale status >/dev/null 2>&1; then
status_ec=0
else
status_ec=$?
fi
already_up=0
if [[ "$status_ec" -eq 0 ]]; then
# Best-effort: if an IP is assigned, we consider it up.
ts_ip=""
ts_ip_out=""
if ts_ip_out="$(sudo tailscale ip -4 2>/dev/null)"; then
ts_ip="${ts_ip_out%%$'\n'*}"
fi
if [[ -n "$ts_ip" ]]; then
already_up=1
log "tailscale appears up. IPv4: $ts_ip"
fi
fi
if [[ "$FORCE" -eq 1 ]] || [[ "$already_up" -ne 1 ]]; then
log "tailscale is not up yet (or --force). We'll run 'tailscale up'."
echo
echo "Tailscale will open a login URL in the output if needed."
echo "If you need special options (e.g. --ssh, --accept-routes), enter them now."
read -r -p "Extra args for 'tailscale up' (or press Enter for none): " ts_up_args
if [[ -n "${ts_up_args}" ]]; then
# shellcheck disable=SC2086
sudo tailscale up ${ts_up_args}
else
sudo tailscale up
fi
fi
ts_ip=""
ts_ip_out=""
if ts_ip_out="$(sudo tailscale ip -4 2>/dev/null)"; then
ts_ip="${ts_ip_out%%$'\n'*}"
fi
if [[ -z "$ts_ip" ]]; then
log "tailscale did not report an IPv4 address. You may still be logged out."
else
log "tailscale IPv4: $ts_ip"
fi
read -r -p "Test tailscale access by SSH'ing to this machine over its tailscale IP? [y/N] " do_test
case "${do_test,,}" in
y|yes)
if [[ -z "$ts_ip" ]]; then
die "cannot run self-SSH test: tailscale IPv4 is empty"
fi
if ! command -v ssh >/dev/null 2>&1; then
die "cannot run self-SSH test: 'ssh' is not installed (install openssh-client)"
fi
default_user="${USER}"
read -r -p "SSH username (default: ${default_user}): " ssh_user
ssh_user="${ssh_user:-$default_user}"
read -r -p "SSH port (default: 22; you can use 2222): " ssh_port
ssh_port="${ssh_port:-22}"
log "attempting: ssh -p ${ssh_port} ${ssh_user}@${ts_ip} 'echo ok'"
ssh_ec=0
if ssh -p "$ssh_port" \
-o StrictHostKeyChecking=accept-new \
-o ConnectTimeout=10 \
"${ssh_user}@${ts_ip}" \
"echo 'tailscale-ssh-ok from $(hostname)'"; then
ssh_ec=0
else
ssh_ec=$?
fi
if [[ "$ssh_ec" -eq 0 ]]; then
log "self-SSH over tailscale succeeded"
else
log "self-SSH over tailscale failed (exit $ssh_ec)."
log "If you were prompted for a password/key and it failed, ensure sshd is running and the firewall allows port ${ssh_port}."
fi
;;
*)
log "skipping self-SSH test"
;;
esac