Enable use of alternate tailscale auth server

cradlepoint · Nov 15, 2024 · 604d6bd · 604d6bd
1 parent a010014
commit 604d6bd
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 4 deletions.
diff --git a/tailscale/README.md b/tailscale/README.md
@@ -35,6 +35,7 @@ For example:
 | ---- | ----- | ----- |
 | tsroutes | 172.16.0.0/12 | Manually add a tailscale routes, comma separated
 | tsversion | 1.60.1 | Use this version of tailscale explicitly
+| tsserver | https://headscale.example.com | Enable use of self-hosted login server such as [Headscale](https://headscale.net/)
 
 ## Overlapping subnets
 You can use tailscales 4via6 feature if you would like to get to devices behind a Cradlepoint routers that might share the same subnet.  First come up with a site id you would like to use (0-65535). Then from a computer with tailscale installed execute: `tailscale debug via [site-id] [subnet]`. For example: `tailscale debug via 1 172.16.0.0/12` should generate a 4via6 subnet of `fd7a:115c:a1e0:b1a:0:1:ac10:0/108`. Add this as a tsroute above and you can access the network via ipv6 or by the domain name following the format `Q-R-S-T-via-X` where Q-R-S-T is the ipv4 address and X is the site id, e.g.: `172-16-0-1-via-1`.
diff --git a/tailscale/get_tskey.py b/tailscale/get_tskey.py
@@ -6,7 +6,7 @@
 if __name__ == "__main__":
     command = sys.argv[1]
 
-    if command in ["tskey", "tsversion"]:
+    if command in ["tskey", "tsversion", "tsserver"]:
         try:
             value = get_appdata(command)
             if value:

diff --git a/tailscale/package.ini b/tailscale/package.ini
@@ -1,5 +1,5 @@
 [tailscale]
-uuid = d4c47aa5-4409-4edf-bf1a-550182ad70a1
+uuid = 9faa8914-d556-4c82-aec6-d536767d836f
 vendor = Cradlepoint
 notes = tailscale
 version_major = 0

diff --git a/tailscale/start.sh b/tailscale/start.sh
@@ -2,7 +2,7 @@
 set -o pipefail
 set -o errexit
 
-logger -s -t tailscale -p 6 "tailscale istarting up..."
+logger -s -t tailscale -p 6 "tailscale is starting up..."
 
 logerr() {
     if [ "$#" -gt 0 ]; then
@@ -21,6 +21,10 @@ get_tsroutes() {
     tsroutes="$(cppython ./get_tskey.py tsroutes)"
 }
 
+get_tsserver() {
+    tsserver="$(cppython ./get_tskey.py tsserver)"
+}
+
 get_tsarch() {
     arch="$(uname -m)"
     if [ "$arch" = "armv7l" ]; then
@@ -49,10 +53,12 @@ tskey=""
 tskey_ec=0
 tsroutes=""
 tsarch="arm64"
+tsserver=""
 
 check_tskey
 get_tsroutes
 get_tsarch
+get_tsserver
 download
 
 tsdbinary="tailscaled_$tsarch"
@@ -77,6 +83,8 @@ check_tskey_change() {
     check_tskey
     prev_tsroutes=$tsroutes
     get_tsroutes
+    prev_tsserver=$tsserver
+    get_tsserver
 
     if [ $tskey_ec -ne 0 ] || [ -z "$tskey" ]; then
         logerr "Couldn't get tskey. Exiting..."
@@ -92,13 +100,18 @@ check_tskey_change() {
         logerr "tsroutes has changed. Exiting..."
         exit_safely
     fi
+
+    if [ "$tsserver" != "$prev_tsserver" ]; then
+        logerr "tsserver has changed. Exiting..."
+        exit_safely
+    fi
 }
 
 trap exit_safely SIGINT SIGTERM EXIT
 
 HOME=$(pwd) ./${tsdbinary} --socket=./tailscaled.sock --tun=userspace-networking --socks5-server=localhost:1055 2>&1 | logerr &
 sleep 2
-HOME=$(pwd) ./${tsbinary} --socket ./tailscaled.sock up --auth-key="$tskey" --advertise-routes="$tsroutes" 2>&1 | logerr
+HOME=$(pwd) ./${tsbinary} --socket ./tailscaled.sock up --auth-key="$tskey" --login-server="$tsserver" --advertise-routes="$tsroutes" 2>&1 | logerr
 
 tsretcode=$?
 if [ $tsretcode -ne 0 ]; then