shoko/kugetsu
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases 3 Wiki Activity

feat(kugetsu): Add Tailscale VPN support for container remote access #17

New Issue
Closed
opened 2026-03-30 07:00:32 +02:00 by shoko · 0 comments
shoko commented 2026-03-30 07:00:32 +02:00
Owner
Copy Link

Context

Not all hosts have public IPs, making remote SSH access difficult. Tailscale provides an easy VPN solution that:

  • Does not require public IP on host or container
  • Allows connection across different networks
  • Each container gets its own unique Tailscale IP
  • Traffic is encrypted via Tailscale relay
  • Normal internet access is still preserved (not limited to Tailscale network only)

Goal

Enable Tailscale installation in container for network-independent SSH access.

Implementation Plan

Script: tailscale-setup.sh

Location: skills/kugetsu/scripts/tailscale-setup.sh

Features:

  • Multi-distro support (Debian/Ubuntu, Fedora)
  • Automatic OS detection and package installation
  • Systemd integration for tailscaled daemon
  • Non-root user management via --operator flag
  • Auth key support for headless/scripted auth

User prompts:

  1. AUTHKEY or headless login (with guidance where to get AUTHKEY)
  2. Device name (defaults to current hostname)

Flow:

1. Detect OS
2. Install tailscale (add repo if needed for Fedora)
3. Start tailscaled via systemd
4. Prompt: Use AUTHKEY or headless login?
   - AUTHKEY: prompt for key, run tailscale up --authkey=<key> --operator=<user>
   - Headless: show URL, wait for user click, run tailscale up --operator=<user>
5. Prompt: Device name [current-hostname]:
6. Verify: show Tailscale IP and hostname

Documentation

  • docs/kugetsu-setup.md: Add "Remote Access via Tailscale (Optional)" section
  • skills/kugetsu/SKILL.md: Add Tailscale option in "Remote Access via SSH" section

Related

  • Issue #11: Support remote agent control (Phase 1b)
  • PR for implementation: TBD
## Context Not all hosts have public IPs, making remote SSH access difficult. Tailscale provides an easy VPN solution that: - Does not require public IP on host or container - Allows connection across different networks - Each container gets its own unique Tailscale IP - Traffic is encrypted via Tailscale relay - Normal internet access is still preserved (not limited to Tailscale network only) ## Goal Enable Tailscale installation in container for network-independent SSH access. ## Implementation Plan ### Script: `tailscale-setup.sh` Location: `skills/kugetsu/scripts/tailscale-setup.sh` **Features:** - Multi-distro support (Debian/Ubuntu, Fedora) - Automatic OS detection and package installation - Systemd integration for tailscaled daemon - Non-root user management via `--operator` flag - Auth key support for headless/scripted auth **User prompts:** 1. AUTHKEY or headless login (with guidance where to get AUTHKEY) 2. Device name (defaults to current hostname) **Flow:** ``` 1. Detect OS 2. Install tailscale (add repo if needed for Fedora) 3. Start tailscaled via systemd 4. Prompt: Use AUTHKEY or headless login? - AUTHKEY: prompt for key, run tailscale up --authkey=<key> --operator=<user> - Headless: show URL, wait for user click, run tailscale up --operator=<user> 5. Prompt: Device name [current-hostname]: 6. Verify: show Tailscale IP and hostname ``` ### Documentation - `docs/kugetsu-setup.md`: Add "Remote Access via Tailscale (Optional)" section - `skills/kugetsu/SKILL.md`: Add Tailscale option in "Remote Access via SSH" section ## Related - Issue #11: Support remote agent control (Phase 1b) - PR for implementation: TBD
shoko closed this issue 2026-03-30 08:29:57 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
0.2.x-only
Available only in 0.2.x, not backportable
 0.3.x-only
Available only in 0.3.x, not backportable
 backport
Backport compatible - can merge to 0.1.x
 blocked
Issue needs clarification/discussion before it can be worked on
 bug
Bug report
 critical
Critical - blocking parallel work
 feature
New feature
 foundation
Foundation work for 0.2.x
 high
High priority - workflow improvements
 meta
Meta issue tracking multiple issues
 need-review
PR needs review before merge
 parallelization
Issues related to parallelization
 ready
Issue is clear and ready to be implemented/delegated
 ready-to-merge
PR approved and ready to merge
 task-delegation
Issues related to task-delegation
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
shoko
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: shoko/kugetsu#17
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?