feat: tailscale

install.sh

@@ -7,7 +7,7 @@ set -euo pipefail
 cd /srv
 # Clone if not yet cloned
 if [ ! -d .git ]; then
-  git clone https://code.tjo.space/tjo-cloud/ingress.git .
+  git clone --depth 1 https://code.tjo.space/tjo-cloud/ingress.git .
 else
   git pull
 fi
@@ -35,14 +35,20 @@ apt install -y \
 
 # Grafana Alloy
 mkdir -p /etc/apt/keyrings/
-wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | tee /etc/apt/keyrings/grafana.gpg >/dev/null
+wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor >/etc/apt/keyrings/grafana.gpg
-echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | tee /etc/apt/sources.list.d/grafana.list
+echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" >/etc/apt/sources.list.d/grafana.list
 apt update -y
 apt install -y alloy
 
+# Tailscale
+curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg >/usr/share/keyrings/tailscale-archive-keyring.gpg
+curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list >/etc/apt/sources.list.d/tailscale.list
+apt update -y
+apt install -y tailscale
+
 ##
 # Ensure services are enabled
-systemctl enable --now nginx alloy
+systemctl enable --now nginx alloy tailscaled
 
 ##
 # Configure Alloy
@@ -61,6 +67,15 @@ echo "OTEL_RESOURCE_ATTRIBUTES=${ATTRIBUTES}" >>/etc/default/alloy
 } >>/etc/default/alloy
 systemctl reload alloy
 
+##
+# Configure Tailscale
+tailscale up \
+  --ssh=true \
+  --accept-routes=true \
+  --accept-dns=false \
+  --advertise-tags="tag:ingress-tjo-cloud" \
+  --hostname="$(hostname -f | sed 's/\./-/g')"
+
 ##
 # Configure NGINX
 cp assets/dbip-city-lite-2023-07.mmdb /var/geoip.mmdb