2023-02-23 05:44:27 +00:00
|
|
|
#!/bin/bash
|
2022-11-01 08:51:57 +00:00
|
|
|
CONTAINER=tailscale
|
|
|
|
|
|
|
|
# Starts a container for the tailscale agent.
|
|
|
|
# There are no configuration files, and the daemon stores its state in memory
|
|
|
|
start() {
|
|
|
|
if podman container exists ${CONTAINER}; then
|
|
|
|
podman start ${CONTAINER}
|
|
|
|
else
|
|
|
|
podman run -d --rm \
|
|
|
|
--net=podman \
|
|
|
|
--name=${CONTAINER} \
|
|
|
|
--privileged \
|
|
|
|
-v "/dev/net/tun:/dev/net/tun" \
|
|
|
|
tailscale/tailscale \
|
|
|
|
tailscaled --state=mem:
|
|
|
|
# Changing sysctls inside the container to support running an exit node
|
|
|
|
cat <<'INIT' | podman exec --privileged ${CONTAINER} /bin/sh
|
|
|
|
echo '1' > /proc/sys/net/ipv4/ip_forward ;
|
|
|
|
echo '1' > /proc/sys/net/ipv6/conf/all/forwarding ;
|
|
|
|
INIT
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Print the status of the tailscale connection, as well as the network status
|
|
|
|
status() {
|
|
|
|
if podman container exists ${CONTAINER}; then
|
|
|
|
podman exec -it --privileged ${CONTAINER} tailscale status
|
|
|
|
podman exec -it --privileged ${CONTAINER} tailscale netcheck
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
# Because daemon state is in memory, stopping the container removes the node
|
|
|
|
# from the network.
|
|
|
|
stop() {
|
|
|
|
podman stop ${CONTAINER}
|
|
|
|
}
|
|
|
|
|
|
|
|
# Really only useful during debugging, saves some typing at the cost of
|
|
|
|
# additional container creation.
|
|
|
|
clean() {
|
|
|
|
podman rm ${CONTAINER} --force
|
|
|
|
}
|
|
|
|
|
|
|
|
# Print an alias to stdout to make interacting with tailscale easier, post-start
|
|
|
|
# in case debugging needs to happen
|
|
|
|
alias() {
|
|
|
|
echo "# alias tailscale='podman exec -it --privileged ${CONTAINER} tailscale '"
|
|
|
|
}
|
|
|
|
|
|
|
|
# This function shows a usage message, in case something unexpected happened
|
|
|
|
usage() {
|
|
|
|
echo "Usage: $0 OPERATION"
|
|
|
|
echo ""
|
|
|
|
echo "This script manages the lifecycle of a Tailscale agent container."
|
|
|
|
echo "OPERATION can be one of the following commands:"
|
|
|
|
echo " start start the Tailscale agent container"
|
|
|
|
echo " stop stop the container"
|
|
|
|
echo " status get the auth status and network status of the Tailscale container"
|
|
|
|
echo " clean stop and delete the container, helpful when making config changes"
|
|
|
|
echo " alias print a helpful shell alias which can be used to interact with tailscale from the host"
|
|
|
|
echo " help show this help"
|
|
|
|
echo ""
|
|
|
|
}
|
|
|
|
|
|
|
|
case $1 in
|
|
|
|
start)
|
|
|
|
start
|
|
|
|
;;
|
|
|
|
status)
|
|
|
|
status
|
|
|
|
;;
|
|
|
|
stop)
|
|
|
|
stop
|
|
|
|
;;
|
|
|
|
clean)
|
|
|
|
stop
|
|
|
|
clean
|
|
|
|
;;
|
|
|
|
alias)
|
|
|
|
alias
|
|
|
|
;;
|
|
|
|
[hH-]*)
|
|
|
|
# This is supposed to match 'help', 'Help', '-h', etc
|
|
|
|
usage
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
# If the script is called with no arguments, such as on startup,
|
|
|
|
# start the container
|
|
|
|
start
|
|
|
|
;;
|
|
|
|
esac
|