Add SD image pipeline, documentation overhaul, and fix module issues
- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
This commit is contained in:
steffen
parent
a5261d8ff0
commit
5ba78886d2
44 changed files with 3570 additions and 609 deletions
117
docs/services/tailscale.md
Normal file
117
docs/services/tailscale.md
Normal file
|
|
@ -0,0 +1,117 @@
|
|||
# Tailscale Client
|
||||
|
||||
Tailscale clients connect to the self-hosted Headscale server to join the mesh VPN.
|
||||
|
||||
## References
|
||||
|
||||
- [Tailscale Documentation](https://tailscale.com/kb)
|
||||
- [Headscale Client Setup](https://headscale.net/running-headscale-linux/)
|
||||
|
||||
## Setup
|
||||
|
||||
### Generate Auth Key
|
||||
|
||||
On the Headscale server (cryodev-main):
|
||||
|
||||
```bash
|
||||
sudo headscale preauthkeys create --expiration 99y --reusable --user default
|
||||
```
|
||||
|
||||
### Add to Secrets
|
||||
|
||||
```bash
|
||||
sops hosts/<hostname>/secrets.yaml
|
||||
```
|
||||
|
||||
```yaml
|
||||
tailscale:
|
||||
auth-key: "your-preauth-key"
|
||||
```
|
||||
|
||||
### Configuration
|
||||
|
||||
```nix
|
||||
# In your host configuration
|
||||
{ config, ... }:
|
||||
{
|
||||
sops.secrets."tailscale/auth-key" = { };
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
authKeyFile = config.sops.secrets."tailscale/auth-key".path;
|
||||
extraUpFlags = [
|
||||
"--login-server=https://headscale.cryodev.xyz"
|
||||
];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
||||
### Check Status
|
||||
|
||||
```bash
|
||||
tailscale status
|
||||
```
|
||||
|
||||
### View IP Address
|
||||
|
||||
```bash
|
||||
tailscale ip
|
||||
```
|
||||
|
||||
### Ping Another Node
|
||||
|
||||
```bash
|
||||
tailscale ping <hostname>
|
||||
```
|
||||
|
||||
### SSH to Another Node
|
||||
|
||||
```bash
|
||||
ssh user@<hostname>
|
||||
# or using Tailscale IP
|
||||
ssh user@100.64.0.X
|
||||
```
|
||||
|
||||
## MagicDNS
|
||||
|
||||
With Headscale's MagicDNS enabled, you can reach nodes by hostname:
|
||||
|
||||
```bash
|
||||
ping cryodev-pi
|
||||
ssh steffen@cryodev-main
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Check Service Status
|
||||
|
||||
```bash
|
||||
sudo systemctl status tailscaled
|
||||
```
|
||||
|
||||
### View Logs
|
||||
|
||||
```bash
|
||||
sudo journalctl -u tailscaled -f
|
||||
```
|
||||
|
||||
### Re-authenticate
|
||||
|
||||
If the node is not connecting:
|
||||
|
||||
```bash
|
||||
sudo tailscale up --login-server=https://headscale.cryodev.xyz --force-reauth
|
||||
```
|
||||
|
||||
### Node Not Appearing in Headscale
|
||||
|
||||
Check the auth key is valid:
|
||||
|
||||
```bash
|
||||
# On Headscale server
|
||||
sudo headscale preauthkeys list --user default
|
||||
```
|
||||
|
||||
Verify the login server URL is correct in the client configuration.
|
||||
Loading…
Add table
Add a link
Reference in a new issue