5ba78886d2
- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
1.7 KiB
1.7 KiB
Tailscale Client
Tailscale clients connect to the self-hosted Headscale server to join the mesh VPN.
References
Setup
Generate Auth Key
On the Headscale server (cryodev-main):
sudo headscale preauthkeys create --expiration 99y --reusable --user default
Add to Secrets
sops hosts/<hostname>/secrets.yaml
tailscale:
auth-key: "your-preauth-key"
Configuration
# In your host configuration
{ config, ... }:
{
sops.secrets."tailscale/auth-key" = { };
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/auth-key".path;
extraUpFlags = [
"--login-server=https://headscale.cryodev.xyz"
];
};
}
Usage
Check Status
tailscale status
View IP Address
tailscale ip
Ping Another Node
tailscale ping <hostname>
SSH to Another Node
ssh user@<hostname>
# or using Tailscale IP
ssh user@100.64.0.X
MagicDNS
With Headscale's MagicDNS enabled, you can reach nodes by hostname:
ping cryodev-pi
ssh steffen@cryodev-main
Troubleshooting
Check Service Status
sudo systemctl status tailscaled
View Logs
sudo journalctl -u tailscaled -f
Re-authenticate
If the node is not connecting:
sudo tailscale up --login-server=https://headscale.cryodev.xyz --force-reauth
Node Not Appearing in Headscale
Check the auth key is valid:
# On Headscale server
sudo headscale preauthkeys list --user default
Verify the login server URL is correct in the client configuration.