revert: tailscale docker sidecar

2025-11-28 09:31:21 +01:00
parent 99e39ee6e6
commit 19ad30e8c4
2 changed files with 129 additions and 92 deletions
--- a/arty.yml
+++ b/arty.yml
@@ -262,3 +262,57 @@ scripts:
    docker restart sexy_api &&
    echo "✓ Directus API restarted"
  net/create: docker network create "$NETWORK_NAME"
+  # Setup iptables NAT for Docker containers to reach Tailscale network
+  # Requires Tailscale installed on host: curl -fsSL https://tailscale.com/install.sh | sh
+  tailscale/setup: |
+    echo "Setting up iptables for Docker-to-Tailscale routing..."
+
+    # Enable IP forwarding
+    sudo sysctl -w net.ipv4.ip_forward=1
+    grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf || echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
+
+    # Get Docker network CIDR
+    DOCKER_CIDR=$(docker network inspect ${NETWORK_NAME} --format '{{range .IPAM.Config}}{{.Subnet}}{{end}}' 2>/dev/null || echo "172.18.0.0/16")
+    echo "Docker network CIDR: $DOCKER_CIDR"
+
+    # Add NAT rule (check if already exists)
+    if ! sudo iptables -t nat -C POSTROUTING -s "$DOCKER_CIDR" -o tailscale0 -j MASQUERADE 2>/dev/null; then
+      sudo iptables -t nat -A POSTROUTING -s "$DOCKER_CIDR" -o tailscale0 -j MASQUERADE
+      echo "✓ iptables NAT rule added"
+    else
+      echo "✓ iptables NAT rule already exists"
+    fi
+
+    # Persist rules
+    sudo netfilter-persistent save 2>/dev/null || echo "Install iptables-persistent to persist rules: sudo apt install iptables-persistent"
+
+    echo "✓ Tailscale routing configured"
+
+  # Install and configure Tailscale on host with persistent state
+  tailscale/install: |
+    echo "Installing Tailscale..."
+
+    # Install Tailscale if not present
+    if ! command -v tailscale &> /dev/null; then
+      curl -fsSL https://tailscale.com/install.sh | sh
+    else
+      echo "✓ Tailscale already installed"
+    fi
+
+    # Create state directory for persistence
+    TAILSCALE_STATE="/var/lib/tailscale"
+    sudo mkdir -p "$TAILSCALE_STATE"
+
+    # Start and enable tailscaled service
+    sudo systemctl enable --now tailscaled
+
+    # Connect to Tailscale network
+    echo "Connecting to Tailscale..."
+    sudo tailscale up --authkey="$TAILSCALE_AUTHKEY" --hostname=vps
+
+    # Show status
+    echo ""
+    tailscale status
+    echo ""
+    echo "✓ Tailscale installed and connected"
+    echo "  Run 'arty tailscale/setup' to configure iptables routing for Docker"