From 37c475a496260ff1ddc5ef608c2a5cb05de81598 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Sun, 1 Sep 2024 08:35:25 +0300 Subject: [PATCH] add tailscale install script (#4712) * add tailscale install script from the official source * add on - off options * provision tailscale on recover * modify systemd service, make delete-data optional * move tailscale data to disk for users who installed with external script * add CHANGES.md entry --------- Co-authored-by: rootzoll --- CHANGES.md | 1 + home.admin/_provision_.sh | 9 + home.admin/config.scripts/bonus.tailscale.sh | 654 +++++++++++++++++++ 3 files changed, 664 insertions(+) create mode 100644 home.admin/config.scripts/bonus.tailscale.sh diff --git a/CHANGES.md b/CHANGES.md index 9bcd74b9e..e0cae4a8b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,5 +1,6 @@ ## What's new in Version 1.11.3 of RaspiBlitz? +- New: Tailscale (basic install script) [details](https://en.wikipedia.org/wiki/Tailscale) - Update: Helipad (Podcasting 2.0 Boostagram reader) v0.2.0 [details](https://github.com/Podcastindex-org/helipad/releases/tag/v0.2.0) ## What's new in Version 1.11.2 of RaspiBlitz? diff --git a/home.admin/_provision_.sh b/home.admin/_provision_.sh index b41c2cecc..24104ab43 100755 --- a/home.admin/_provision_.sh +++ b/home.admin/_provision_.sh @@ -723,6 +723,15 @@ else echo "Provisioning FinTS - keep default" >> ${logFile} fi +# Tailscale +if [ "${tailscale}" = "on" ]; then + echo "Provisioning Tailscale - run config script" >> ${logFile} + /home/admin/_cache.sh set message "Setup Tailscale" + sudo -u admin /home/admin/config.scripts/bonus.tailscale.sh on >> ${logFile} 2>&1 +else + echo "Provisioning Tailscale - keep default" >> ${logFile} +fi + # custom install script from user customInstallAvailable=$(ls /mnt/hdd/app-data/custom-installs.sh 2>/dev/null | grep -c "custom-installs.sh") if [ ${customInstallAvailable} -gt 0 ]; then diff --git a/home.admin/config.scripts/bonus.tailscale.sh b/home.admin/config.scripts/bonus.tailscale.sh new file mode 100644 index 000000000..791f5da57 --- /dev/null +++ b/home.admin/config.scripts/bonus.tailscale.sh @@ -0,0 +1,654 @@ +#!/bin/sh + +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "config script to install Tailscale" + echo "bonus.tailscale.sh on" + echo "bonus.tailscale.sh off <--delete-data|--keep-data>" + exit 1 +fi + +# --- Sourced from https://tailscale.com/install.sh on 2024-08-29 --- +# Copyright (c) Tailscale Inc & AUTHORS +# SPDX-License-Identifier: BSD-3-Clause +# +# This script detects the current operating system, and installs +# Tailscale according to that OS's conventions. + +set -e + +# All the code is wrapped in a main function that gets called at the +# bottom of the file, so that a truncated partial download doesn't end +# up executing half a script. +installTailscale() { + # Step 1: detect the current linux distro, version, and packaging system. + # + # We rely on a combination of 'uname' and /etc/os-release to find + # an OS name and version, and from there work out what + # installation method we should be using. + # + # The end result of this step is that the following three + # variables are populated, if detection was successful. + OS="" + VERSION="" + PACKAGETYPE="" + APT_KEY_TYPE="" # Only for apt-based distros + APT_SYSTEMCTL_START=false # Only needs to be true for Kali + TRACK="${TRACK:-stable}" + + case "$TRACK" in + stable | unstable) ;; + *) + echo "unsupported track $TRACK" + exit 1 + ;; + esac + + if [ -f /etc/os-release ]; then + # /etc/os-release populates a number of shell variables. We care about the following: + # - ID: the short name of the OS (e.g. "debian", "freebsd") + # - VERSION_ID: the numeric release version for the OS, if any (e.g. "18.04") + # - VERSION_CODENAME: the codename of the OS release, if any (e.g. "buster") + # - UBUNTU_CODENAME: if it exists, use instead of VERSION_CODENAME + . /etc/os-release + case "$ID" in + ubuntu | pop | neon | zorin | tuxedo) + OS="ubuntu" + if [ "${UBUNTU_CODENAME:-}" != "" ]; then + VERSION="$UBUNTU_CODENAME" + else + VERSION="$VERSION_CODENAME" + fi + PACKAGETYPE="apt" + # Third-party keyrings became the preferred method of + # installation in Ubuntu 20.04. + if expr "$VERSION_ID" : "2.*" >/dev/null; then + APT_KEY_TYPE="keyring" + else + APT_KEY_TYPE="legacy" + fi + ;; + debian) + OS="$ID" + VERSION="$VERSION_CODENAME" + PACKAGETYPE="apt" + # Third-party keyrings became the preferred method of + # installation in Debian 11 (Bullseye). + if [ -z "${VERSION_ID:-}" ]; then + # rolling release. If you haven't kept current, that's on you. + APT_KEY_TYPE="keyring" + elif [ "$VERSION_ID" -lt 11 ]; then + APT_KEY_TYPE="legacy" + else + APT_KEY_TYPE="keyring" + fi + ;; + linuxmint) + if [ "${UBUNTU_CODENAME:-}" != "" ]; then + OS="ubuntu" + VERSION="$UBUNTU_CODENAME" + elif [ "${DEBIAN_CODENAME:-}" != "" ]; then + OS="debian" + VERSION="$DEBIAN_CODENAME" + else + OS="ubuntu" + VERSION="$VERSION_CODENAME" + fi + PACKAGETYPE="apt" + if [ "$VERSION_ID" -lt 5 ]; then + APT_KEY_TYPE="legacy" + else + APT_KEY_TYPE="keyring" + fi + ;; + elementary) + OS="ubuntu" + VERSION="$UBUNTU_CODENAME" + PACKAGETYPE="apt" + if [ "$VERSION_ID" -lt 6 ]; then + APT_KEY_TYPE="legacy" + else + APT_KEY_TYPE="keyring" + fi + ;; + parrot | mendel) + OS="debian" + PACKAGETYPE="apt" + if [ "$VERSION_ID" -lt 5 ]; then + VERSION="buster" + APT_KEY_TYPE="legacy" + else + VERSION="bullseye" + APT_KEY_TYPE="keyring" + fi + ;; + galliumos) + OS="ubuntu" + PACKAGETYPE="apt" + VERSION="bionic" + APT_KEY_TYPE="legacy" + ;; + pureos | kaisen) + OS="debian" + PACKAGETYPE="apt" + VERSION="bullseye" + APT_KEY_TYPE="keyring" + ;; + raspbian) + OS="$ID" + VERSION="$VERSION_CODENAME" + PACKAGETYPE="apt" + # Third-party keyrings became the preferred method of + # installation in Raspbian 11 (Bullseye). + if [ "$VERSION_ID" -lt 11 ]; then + APT_KEY_TYPE="legacy" + else + APT_KEY_TYPE="keyring" + fi + ;; + kali) + OS="debian" + PACKAGETYPE="apt" + YEAR="$(echo "$VERSION_ID" | cut -f1 -d.)" + APT_SYSTEMCTL_START=true + # Third-party keyrings became the preferred method of + # installation in Debian 11 (Bullseye), which Kali switched + # to in roughly 2021.x releases + if [ "$YEAR" -lt 2021 ]; then + # Kali VERSION_ID is "kali-rolling", which isn't distinguishing + VERSION="buster" + APT_KEY_TYPE="legacy" + else + VERSION="bullseye" + APT_KEY_TYPE="keyring" + fi + ;; + Deepin) # https://github.com/tailscale/tailscale/issues/7862 + OS="debian" + PACKAGETYPE="apt" + if [ "$VERSION_ID" -lt 20 ]; then + APT_KEY_TYPE="legacy" + VERSION="buster" + else + APT_KEY_TYPE="keyring" + VERSION="bullseye" + fi + ;; + centos) + OS="$ID" + VERSION="$VERSION_ID" + PACKAGETYPE="dnf" + if [ "$VERSION" = "7" ]; then + PACKAGETYPE="yum" + fi + ;; + ol) + OS="oracle" + VERSION="$(echo "$VERSION_ID" | cut -f1 -d.)" + PACKAGETYPE="dnf" + if [ "$VERSION" = "7" ]; then + PACKAGETYPE="yum" + fi + ;; + rhel) + OS="$ID" + VERSION="$(echo "$VERSION_ID" | cut -f1 -d.)" + PACKAGETYPE="dnf" + if [ "$VERSION" = "7" ]; then + PACKAGETYPE="yum" + fi + ;; + fedora) + OS="$ID" + VERSION="" + PACKAGETYPE="dnf" + ;; + rocky | almalinux | nobara | openmandriva | sangoma | risios | cloudlinux | alinux | fedora-asahi-remix) + OS="fedora" + VERSION="" + PACKAGETYPE="dnf" + ;; + amzn) + OS="amazon-linux" + VERSION="$VERSION_ID" + PACKAGETYPE="yum" + ;; + xenenterprise) + OS="centos" + VERSION="$(echo "$VERSION_ID" | cut -f1 -d.)" + PACKAGETYPE="yum" + ;; + opensuse-leap | sles) + OS="opensuse" + VERSION="leap/$VERSION_ID" + PACKAGETYPE="zypper" + ;; + opensuse-tumbleweed) + OS="opensuse" + VERSION="tumbleweed" + PACKAGETYPE="zypper" + ;; + sle-micro-rancher) + OS="opensuse" + VERSION="leap/15.4" + PACKAGETYPE="zypper" + ;; + arch | archarm | endeavouros | blendos | garuda) + OS="arch" + VERSION="" # rolling release + PACKAGETYPE="pacman" + ;; + manjaro | manjaro-arm) + OS="manjaro" + VERSION="" # rolling release + PACKAGETYPE="pacman" + ;; + alpine) + OS="$ID" + VERSION="$VERSION_ID" + PACKAGETYPE="apk" + ;; + postmarketos) + OS="alpine" + VERSION="$VERSION_ID" + PACKAGETYPE="apk" + ;; + nixos) + echo "Please add Tailscale to your NixOS configuration directly:" + echo + echo "services.tailscale.enable = true;" + exit 1 + ;; + void) + OS="$ID" + VERSION="" # rolling release + PACKAGETYPE="xbps" + ;; + gentoo) + OS="$ID" + VERSION="" # rolling release + PACKAGETYPE="emerge" + ;; + freebsd) + OS="$ID" + VERSION="$(echo "$VERSION_ID" | cut -f1 -d.)" + PACKAGETYPE="pkg" + ;; + osmc) + OS="debian" + PACKAGETYPE="apt" + VERSION="bullseye" + APT_KEY_TYPE="keyring" + ;; + photon) + OS="photon" + VERSION="$(echo "$VERSION_ID" | cut -f1 -d.)" + PACKAGETYPE="tdnf" + ;; + + # TODO: wsl? + # TODO: synology? qnap? + esac + fi + + # If we failed to detect something through os-release, consult + # uname and try to infer things from that. + if [ -z "$OS" ]; then + if type uname >/dev/null 2>&1; then + case "$(uname)" in + FreeBSD) + # FreeBSD before 12.2 doesn't have + # /etc/os-release, so we wouldn't have found it in + # the os-release probing above. + OS="freebsd" + VERSION="$(freebsd-version | cut -f1 -d.)" + PACKAGETYPE="pkg" + ;; + OpenBSD) + OS="openbsd" + VERSION="$(uname -r)" + PACKAGETYPE="" + ;; + Darwin) + OS="macos" + VERSION="$(sw_vers -productVersion | cut -f1-2 -d.)" + PACKAGETYPE="appstore" + ;; + Linux) + OS="other-linux" + VERSION="" + PACKAGETYPE="" + ;; + esac + fi + fi + + # Ideally we want to use curl, but on some installs we + # only have wget. Detect and use what's available. + CURL= + if type curl >/dev/null; then + CURL="curl -fsSL" + elif type wget >/dev/null; then + CURL="wget -q -O-" + fi + if [ -z "$CURL" ]; then + echo "The installer needs either curl or wget to download files." + echo "Please install either curl or wget to proceed." + exit 1 + fi + + TEST_URL="https://pkgs.tailscale.com/" + RC=0 + TEST_OUT=$($CURL "$TEST_URL" 2>&1) || RC=$? + if [ $RC != 0 ]; then + echo "The installer cannot reach $TEST_URL" + echo "Please make sure that your machine has internet access." + echo "Test output:" + echo $TEST_OUT + exit 1 + fi + + # Step 2: having detected an OS we support, is it one of the + # versions we support? + OS_UNSUPPORTED= + case "$OS" in + ubuntu | debian | raspbian | centos | oracle | rhel | amazon-linux | opensuse | photon) + # Check with the package server whether a given version is supported. + URL="https://pkgs.tailscale.com/$TRACK/$OS/$VERSION/installer-supported" + $CURL "$URL" 2>/dev/null | grep -q OK || OS_UNSUPPORTED=1 + ;; + fedora) + # All versions supported, no version checking required. + ;; + arch) + # Rolling release, no version checking needed. + ;; + manjaro) + # Rolling release, no version checking needed. + ;; + alpine) + # All versions supported, no version checking needed. + # TODO: is that true? When was tailscale packaged? + ;; + void) + # Rolling release, no version checking needed. + ;; + gentoo) + # Rolling release, no version checking needed. + ;; + freebsd) + if [ "$VERSION" != "12" ] && + [ "$VERSION" != "13" ]; then + OS_UNSUPPORTED=1 + fi + ;; + openbsd) + OS_UNSUPPORTED=1 + ;; + macos) + # We delegate macOS installation to the app store, it will + # perform version checks for us. + ;; + other-linux) + OS_UNSUPPORTED=1 + ;; + *) + OS_UNSUPPORTED=1 + ;; + esac + if [ "$OS_UNSUPPORTED" = "1" ]; then + case "$OS" in + other-linux) + echo "Couldn't determine what kind of Linux is running." + echo "You could try the static binaries at:" + echo "https://pkgs.tailscale.com/$TRACK/#static" + ;; + "") + echo "Couldn't determine what operating system you're running." + ;; + *) + echo "$OS $VERSION isn't supported by this script yet." + ;; + esac + echo + echo "If you'd like us to support your system better, please email support@tailscale.com" + echo "and tell us what OS you're running." + echo + echo "Please include the following information we gathered from your system:" + echo + echo "OS=$OS" + echo "VERSION=$VERSION" + echo "PACKAGETYPE=$PACKAGETYPE" + if type uname >/dev/null 2>&1; then + echo "UNAME=$(uname -a)" + else + echo "UNAME=" + fi + echo + if [ -f /etc/os-release ]; then + cat /etc/os-release + else + echo "No /etc/os-release" + fi + exit 1 + fi + + # Step 3: work out if we can run privileged commands, and if so, + # how. + CAN_ROOT= + SUDO= + if [ "$(id -u)" = 0 ]; then + CAN_ROOT=1 + SUDO="" + elif type sudo >/dev/null; then + CAN_ROOT=1 + SUDO="sudo" + elif type doas >/dev/null; then + CAN_ROOT=1 + SUDO="doas" + fi + if [ "$CAN_ROOT" != "1" ]; then + echo "This installer needs to run commands as root." + echo "We tried looking for 'sudo' and 'doas', but couldn't find them." + echo "Either re-run this script as root, or set up sudo/doas." + exit 1 + fi + + # Step 4: run the installation. + OSVERSION="$OS" + [ "$VERSION" != "" ] && OSVERSION="$OSVERSION $VERSION" + echo "Installing Tailscale for $OSVERSION, using method $PACKAGETYPE" + case "$PACKAGETYPE" in + apt) + export DEBIAN_FRONTEND=noninteractive + if [ "$APT_KEY_TYPE" = "legacy" ] && ! type gpg >/dev/null; then + $SUDO apt-get update + $SUDO apt-get install -y gnupg + fi + + set -x + $SUDO mkdir -p --mode=0755 /usr/share/keyrings + case "$APT_KEY_TYPE" in + legacy) + $CURL "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION.asc" | $SUDO apt-key add - + $CURL "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION.list" | $SUDO tee /etc/apt/sources.list.d/tailscale.list + ;; + keyring) + $CURL "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION.noarmor.gpg" | $SUDO tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null + $CURL "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION.tailscale-keyring.list" | $SUDO tee /etc/apt/sources.list.d/tailscale.list + ;; + esac + $SUDO apt-get update + $SUDO apt-get install -y tailscale tailscale-archive-keyring + if [ "$APT_SYSTEMCTL_START" = "true" ]; then + $SUDO systemctl enable --now tailscaled + $SUDO systemctl start tailscaled + fi + set +x + ;; + yum) + set -x + $SUDO yum install yum-utils -y + $SUDO yum-config-manager -y --add-repo "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION/tailscale.repo" + $SUDO yum install tailscale -y + $SUDO systemctl enable --now tailscaled + set +x + ;; + dnf) + set -x + $SUDO dnf install -y 'dnf-command(config-manager)' + $SUDO dnf config-manager --add-repo "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION/tailscale.repo" + $SUDO dnf install -y tailscale + $SUDO systemctl enable --now tailscaled + set +x + ;; + tdnf) + set -x + curl -fsSL "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION/tailscale.repo" >/etc/yum.repos.d/tailscale.repo + $SUDO tdnf install -y tailscale + $SUDO systemctl enable --now tailscaled + set +x + ;; + zypper) + set -x + $SUDO rpm --import "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION/repo.gpg" + $SUDO zypper --non-interactive ar -g -r "https://pkgs.tailscale.com/$TRACK/$OS/$VERSION/tailscale.repo" + $SUDO zypper --non-interactive --gpg-auto-import-keys refresh + $SUDO zypper --non-interactive install tailscale + $SUDO systemctl enable --now tailscaled + set +x + ;; + pacman) + set -x + $SUDO pacman -S tailscale --noconfirm + $SUDO systemctl enable --now tailscaled + set +x + ;; + pkg) + set -x + $SUDO pkg install tailscale + $SUDO service tailscaled enable + $SUDO service tailscaled start + set +x + ;; + apk) + set -x + if ! grep -Eq '^http.*/community$' /etc/apk/repositories; then + if type setup-apkrepos >/dev/null; then + $SUDO setup-apkrepos -c -1 + else + echo "installing tailscale requires the community repo to be enabled in /etc/apk/repositories" + exit 1 + fi + fi + $SUDO apk add tailscale + $SUDO rc-update add tailscale + $SUDO rc-service tailscale start + set +x + ;; + xbps) + set -x + $SUDO xbps-install tailscale -y + set +x + ;; + emerge) + set -x + $SUDO emerge --ask=n net-vpn/tailscale + set +x + ;; + appstore) + set -x + open "https://apps.apple.com/us/app/tailscale/id1475387142" + set +x + ;; + *) + echo "unexpected: unknown package type $PACKAGETYPE" + exit 1 + ;; + esac +} +# --- End of part from https://tailscale.com/install.sh on 2024-08-29 --- + +if [ "$1" = "on" ]; then + if ! systemctl is-active tailscaled; then + + echo "# Installing Tailscale" + + # backup tailscale library if exists + if [ -d /var/lib/tailscale ]; then + if [ ! -d /mnt/hdd/app-data/tailscale ]; then + echo "# Moving the Tailscale data to disk" + sudo mv /var/lib/tailscale /mnt/hdd/app-data/tailscale + else + echo "# Backing up /var/lib/tailscale to /var/lib/tailscale.backup" + sudo mv /var/lib/tailscale /var/lib/tailscale.backup + fi + fi + + installTailscale + + # move tailscale state to HDD + sudo systemctl stop tailscaled + sudo systemctl disable tailscaled + sudo rm -rf /var/lib/tailscale + sudo mkdir -p /mnt/hdd/app-data/tailscale + sudo cp /lib/systemd/system/tailscaled.service /etc/systemd/system/ + sudo sed -i 's|--state=/var/lib/tailscale/tailscaled.state|--state=/mnt/hdd/app-data/tailscale/tailscaled.state|' /etc/systemd/system/tailscaled.service + sudo systemctl enable tailscaled + sudo systemctl start tailscaled + + # setting value in raspiblitz config + /home/admin/config.scripts/blitz.conf.sh set tailscale on + + echo "# Installation complete!" + if ! tailscale ip -4; then + echo "# Log in to start using Tailscale by running:" + echo + if [ -z "$SUDO" ]; then + echo "tailscale up" + else + echo "$SUDO tailscale up" + fi + else + echo "# Check your Tailscale IP with the command:" + echo "tailscale ip -4" + echo "# Your Tailscale IP is:" + tailscale ip -4 + fi + else + echo "# Tailscale is already running" + fi + +elif [ "$1" = "off" ]; then + echo "# Removing Tailscale" + sudo systemctl disable --now tailscaled + sudo apt purge -y tailscale + + # get delete data status - either by parameter or if not set by user dialog + deleteData="" + if [ "$2" = "--delete-data" ]; then + deleteData="1" + fi + if [ "$2" = "--keep-data" ]; then + deleteData="0" + fi + if [ "${deleteData}" = "" ]; then + if (whiptail --title "Delete Data?" --yes-button "Keep Data" --no-button "Delete Data" --yesno "Do you want to delete all data related to Tailscale?" 0 0); then + deleteData="0" + else + deleteData="1" + fi + fi + + # execute on delete data + if [ "${deleteData}" = "1" ]; then + echo "# Removing Tailscale data" + sudo rm -rf /mnt/hdd/app-data/tailscale + else + echo "# Tailscale data is preserved on the disk (if exist)" + fi + + # setting value in raspiblitz config + /home/admin/config.scripts/blitz.conf.sh set tailscale off + + echo "# Removed Tailscale" +fi