feat(issue-17): add Tailscale VPN setup script and documentation
- Add tailscale-setup.sh: - Multi-distro support (Debian/Ubuntu, Fedora) - Automatic OS detection - Systemd integration for tailscaled daemon - User choice: AUTHKEY or headless browser login - Configurable device name (defaults to hostname) - Verification steps after setup - Update SKILL.md: - Add Tailscale VPN section under Remote Access - Document benefits and setup commands - Link to full documentation - Update docs/kugetsu-setup.md: - Add Tailscale section before Security Notes - Compare Tailscale vs port forwarding - Document authentication methods - Add post-setup usage examples - Include uninstall instructions
This commit is contained in:
shokollm
@@ -284,6 +284,90 @@ scp -P 2222 ./local-file <username>@<host-ip>:/path/in/container
|
||||
|
||||
---
|
||||
|
||||
## Remote Access via Tailscale (Optional)
|
||||
|
||||
Tailscale provides VPN access without requiring a public IP on the host. Each container gets its own unique Tailscale IP and can be accessed from any device on your Tailscale network.
|
||||
|
||||
### Why Tailscale?
|
||||
|
||||
| | Port Forwarding | Tailscale |
|
||||
|--|-----------------|-----------|
|
||||
| Public IP required | Yes | No |
|
||||
| Firewall config | Needed | Not needed |
|
||||
| Cross-network access | Limited | Full |
|
||||
| Setup complexity | Higher | Lower |
|
||||
|
||||
### Automated Setup
|
||||
|
||||
Run the Tailscale setup script inside your container:
|
||||
|
||||
```bash
|
||||
chmod +x skills/kugetsu/scripts/tailscale-setup.sh
|
||||
bash skills/kugetsu/scripts/tailscale-setup.sh <username> <device-name>
|
||||
```
|
||||
|
||||
Arguments:
|
||||
- `<username>`: SSH user that will be created (defaults to current user)
|
||||
- `<device-name>`: Tailscale hostname (defaults to current hostname)
|
||||
|
||||
### Authentication Methods
|
||||
|
||||
The script will prompt you to choose:
|
||||
|
||||
**1. AUTHKEY (Recommended for automation)**
|
||||
- Pre-generate an auth key from: https://login.tailscale.com/admin/settings/keys
|
||||
- Click "Generate auth key", copy the key (starts with `tskey-auth-`)
|
||||
- Paste it when prompted
|
||||
|
||||
**2. Headless (Browser-based)**
|
||||
- Script will show a login URL
|
||||
- Open the URL in your browser and authenticate
|
||||
- Return to complete setup
|
||||
|
||||
### After Setup
|
||||
|
||||
1. Install Tailscale on your other devices: https://tailscale.com/download
|
||||
2. Log in with the same Tailscale account
|
||||
3. Connect via SSH using your device name:
|
||||
```bash
|
||||
ssh <username>@<device-name>
|
||||
```
|
||||
|
||||
Or use the Tailscale IP directly:
|
||||
```bash
|
||||
ssh <username>@<tailscale-ip>
|
||||
```
|
||||
|
||||
### Verify Connection
|
||||
|
||||
Inside the container:
|
||||
```bash
|
||||
tailscale status
|
||||
tailscale ip -4
|
||||
```
|
||||
|
||||
### Tailscale + SSH
|
||||
|
||||
Tailscale handles the network connection. Once connected via Tailscale, you can SSH normally and use kugetsu:
|
||||
|
||||
```bash
|
||||
ssh <username>@<device-name>
|
||||
kugetsu list
|
||||
kugetsu start github.com/shoko/kugetsu#11 "Fix bug"
|
||||
```
|
||||
|
||||
### Uninstall Tailscale
|
||||
|
||||
```bash
|
||||
sudo systemctl stop tailscaled
|
||||
sudo systemctl disable tailscaled
|
||||
sudo dnf remove tailscale # Fedora
|
||||
# or
|
||||
sudo apt remove tailscale # Debian/Ubuntu
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Security Notes
|
||||
|
||||
- **Key-only authentication**: Password authentication is disabled
|
||||
|
||||
Reference in New Issue
Block a user