feat(issue-17): add Tailscale VPN setup script and documentation

- Add tailscale-setup.sh: - Multi-distro support (Debian/Ubuntu, Fedora) - Automatic OS detection - Systemd integration for tailscaled daemon - User choice: AUTHKEY or headless browser login - Configurable device name (defaults to hostname) - Verification steps after setup - Update SKILL.md: - Add Tailscale VPN section under Remote Access - Document benefits and setup commands - Link to full documentation - Update docs/kugetsu-setup.md: - Add Tailscale section before Security Notes - Compare Tailscale vs port forwarding - Document authentication methods - Add post-setup usage examples - Include uninstall instructions
2026-03-30 05:14:17 +00:00
parent 3650447f9c
commit 1b5cd56e66
3 changed files with 277 additions and 0 deletions
--- a/skills/kugetsu/scripts/tailscale-setup.sh
+++ b/skills/kugetsu/scripts/tailscale-setup.sh
@@ -0,0 +1,164 @@
+#!/bin/bash
+set -euo pipefail
+
+USERNAME="${1:-$(whoami)}"
+HOSTNAME="${2:-$(hostname)}"
+
+echo "=== kugetsu Tailscale Setup ==="
+echo "Target user: $USERNAME"
+echo "Device name: $HOSTNAME"
+echo ""
+
+detect_os() {
+    if [ -f /etc/os-release ]; then
+        . /etc/os-release
+        case "$ID" in
+            debian|ubuntu|"noble"|"jammy"|"focal"|"bionic"|"bullseye"|"bookworm"|"trixie"|"sid")
+                echo "debian"
+                ;;
+            fedora|rhel|centos|rocky|alma)
+                echo "fedora"
+                ;;
+            *)
+                echo "unknown"
+                ;;
+        esac
+    else
+        echo "unknown"
+    fi
+}
+
+OS_TYPE=$(detect_os)
+echo "Detected OS: $OS_TYPE"
+
+echo ""
+echo "=== Step 1: Installing Tailscale ==="
+
+install_tailscale() {
+    case "$OS_TYPE" in
+        debian)
+            echo "Installing Tailscale via apt (Debian/Ubuntu)..."
+            curl -fsSL https://tailscale.com/install.sh | sh
+            ;;
+        fedora)
+            echo "Installing Tailscale via dnf (Fedora/RHEL)..."
+            # Add Tailscale repo
+            dnf config-manager --add-repo https://pkgs.tailscale.com/stable/tailscale.repo
+            dnf install -y tailscale
+            ;;
+        *)
+            echo "ERROR: Unsupported OS. Please install Tailscale manually."
+            echo "See: https://tailscale.com/download"
+            exit 1
+            ;;
+    esac
+}
+
+if command -v tailscale &> /dev/null; then
+    echo "Tailscale is already installed: $(tailscale --version)"
+else
+    install_tailscale
+fi
+
+echo ""
+echo "=== Step 2: Verify Tailscale installation ==="
+if ! command -v tailscale &> /dev/null; then
+    echo "ERROR: Tailscale installation failed."
+    exit 1
+fi
+echo "Tailscale binary: $(which tailscale)"
+echo "Tailscale version: $(tailscale --version)"
+
+echo ""
+echo "=== Step 3: Start tailscaled daemon ==="
+systemctl enable --now tailscaled
+sleep 2
+
+if systemctl is-active --quiet tailscaled; then
+    echo "SUCCESS: tailscaled is running."
+else
+    echo "ERROR: tailscaled failed to start."
+    echo "Debug: systemctl status tailscaled"
+    exit 1
+fi
+
+echo ""
+echo "=== Step 4: Authentication ==="
+
+auth_method() {
+    echo "Choose authentication method:"
+    echo "  1) AUTHKEY - Use a pre-generated auth key (headless/scripted)"
+    echo "  2) Headless - Get a login URL to click in browser"
+    echo ""
+    read -p "Enter choice [1/2]: " choice
+    
+    case "$choice" in
+        1)
+            echo ""
+            echo "To generate an AUTHKEY:"
+            echo "  1. Go to: https://login.tailscale.com/admin/settings/keys"
+            echo "  2. Click 'Generate auth key'"
+            echo "  3. Copy the key (starts with 'tskey-auth-')"
+            echo ""
+            read -p "Paste your AUTHKEY (or press Enter to cancel): " AUTHKEY
+            
+            if [ -z "$AUTHKEY" ]; then
+                echo "Cancelled."
+                exit 0
+            fi
+            
+            if [[ ! "$AUTHKEY" =~ ^tskey-auth ]]; then
+                echo "ERROR: AUTHKEY should start with 'tskey-auth-'. Please check and try again."
+                exit 1
+            fi
+            
+            echo ""
+            echo "Connecting with AUTHKEY..."
+            tailscale up --authkey="$AUTHKEY" --hostname="$HOSTNAME" --operator="$USERNAME"
+            ;;
+        2|"")
+            echo ""
+            echo "Getting login URL..."
+            echo "After you click the URL and authenticate in browser, this script will continue."
+            echo ""
+            tailscale up --hostname="$HOSTNAME" --operator="$USERNAME"
+            ;;
+        *)
+            echo "Invalid choice. Please enter 1 or 2."
+            exit 1
+            ;;
+    esac
+}
+
+auth_method
+
+echo ""
+echo "=== Step 5: Verify Tailscale connection ==="
+sleep 2
+
+if tailscale status &> /dev/null; then
+    echo "SUCCESS: Connected to Tailscale!"
+    echo ""
+    echo "Your Tailscale IP:"
+    tailscale ip -4
+    echo ""
+    echo "Your Tailscale hostname: $HOSTNAME"
+    echo ""
+    echo "To connect from another Tailscale device:"
+    echo "  ssh $USERNAME@$HOSTNAME"
+    echo ""
+    echo "Or directly via IP:"
+    echo "  ssh $USERNAME@$(tailscale ip -4)"
+else
+    echo "WARNING: Tailscale may not be fully connected yet."
+    echo "Check status with: tailscale status"
+fi
+
+echo ""
+echo "=== Setup Complete ==="
+echo ""
+echo "Next steps:"
+echo "  - Install Tailscale on your other devices: https://tailscale.com/download"
+echo "  - Add this device to your tailnet"
+echo "  - SSH from anywhere using: ssh $USERNAME@$HOSTNAME"
+echo ""