-
Notifications
You must be signed in to change notification settings - Fork 0
/
tailscale-setup.ps1
117 lines (86 loc) · 3.56 KB
/
tailscale-setup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<#
.SYNOPSIS
Script for unattended Tailscale installation
.DESCRIPTION
Made by Mindbox
Maintained by: [email protected]
Repository URL: https://github.com/mindbox-cloud/tailscale-utils
#>
param(
## Tailscale Login Server
[string]$TsLoginServer = "https://controlplane.tailscale.com",
## Authentication key (a.k.a Preauth key)
[string]$TsAuthToken,
## Hostname to use in Tailscale network
[string]$TsHostname = [System.Net.Dns]::GetHostName(),
## Tailscale packages repository mirror (e.g. `https://pkgs.example.com/ts`)
[string]$TsPkgMirror = "https://pkgs.tailscale.com",
## Additional arguments when connecting to Tailscale
[string]$TsUpArgs,
## Comma-separated list of CIDRs to advertise as routes
[string[]]$TsAdvertiseRoutes,
## Comma-separated list of advertised tags
[string[]]$TsTags,
## Run in unattended mode where Tailscale keeps running even after the current user logs out
[bool]$TsUnattended = $true,
## Wheter to accept DNS from Tailscale
[bool]$TsAcceptDns = $true,
## Whether to accept routes from Tailscale
[bool]$TsAcceptRoutes = $true,
## Enable automatic updates
[bool]$TsAutoUpdate = $true,
## Wheter to skip automatic joining to Tailnet
[bool]$TsUpSkip = $false
)
$currentScript = $MyInvocation.MyCommand.Definition
# Create a new PowerShell process with administrator rights
if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Start-Process powershell.exe -ArgumentList "-NoProfile -ExecutionPolicy Bypass -File `"$currentScript`"" -Verb RunAs
exit
}
$TsDlUrl = "$TsPkgMirror/stable/tailscale-setup-latest-amd64.msi"
$tempFolder = [System.IO.Path]::GetTempPath()
$fileName = "ts_setup.msi"
$destinationPath = Join-Path $tempFolder $fileName
$ErrorActionPreference = "Stop"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;
echo "Downloading Tailscale setup package to `"$destinationPath`""
Invoke-WebRequest -Uri $TsDlUrl -OutFile $destinationPath
# Probably should be allowed to configure via args
$args = "/i `"$destinationPath`" /qn"
$args += " TS_UNATTENDEDMODE=always"
$args += " TS_ALLOWINCOMINGCONNECTIONS=always"
echo "Installing Tailscale"
Start-Process -FilePath "msiexec.exe" -ArgumentList $args -Wait
Remove-Item -Path "$destinationPath" -Confirm:$false -Force
# We shall reload PATH to set up tailscale further
$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine")
if ($TsUpSkip) {
echo "TsUpSkip set to `"true`". You should join Tailnet manually"
exit
}
$args = "up $TsUpArgs"
$args += " --login-server $TsLoginServer"
$args += " --hostname $TsHostname"
$args += " --unattended=$TsUnattended"
$args += " --accept-dns=$TsAcceptDns"
$args += " --accept-routes=$TsAcceptRoutes"
if (![string]::IsNullOrWhiteSpace($TsAuthToken)) {
$args += " --auth-key $TsAuthToken"
}
if ($TsTags.Length -gt 0) {
$tagsArr = $TsTags | ForEach-Object { "tag:$_" }
$tags = $tagsArr -join ','
$args += " --advertise-tags $tags"
}
if($TsAdvertiseRoutes.Length -gt 0) {
$advRoutes = $TsAdvertiseRoutes -join ','
$args += " --advertise-routes $advRoutes"
}
echo "Let me sleep for 10 seconds before continuing to ensure that Tailscale service has started"
Start-Sleep -s 10
echo "Joining Tailnet"
Start-Process -FilePath "tailscale.exe" -ArgumentList $args -Wait
$args = "set"
$args += " --auto-update=$TsAutoUpdate"
Start-Process -FilePath "tailscale.exe" -ArgumentList $args -Wait