tailscale

pdk
A module for installing and configuring the tailscale mesh network

BlockOps

blockops

474 downloads

474 latest version

4.6 quality score

Version information

  • 0.1.0 (latest)
released Mar 11th 2021
This version is compatible with:
  • Puppet Enterprise 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
  • Puppet >= 6.0.0 < 8.0.0
  • Ubuntu
    ,
    RedHat
    ,
    CentOS

Start using this module

Documentation

blockops/tailscale — version 0.1.0 Mar 11th 2021

Tailscale

A module for installing and configuring the tailscale mesh network. Not sure what tailscale is? A wireguard based VPN service. Join multiple networks into a single mesh network and even share with your friends.

Table of Contents

Description

A very basic module for setting up tailscale on debian and redhat systems.

Requires a authkey for automated setup. Essentially performs the installation instructions provided on their website.

Setup

What tailscale affects

  • Installs tailscale package
  • Installs systemd tailscale service
  • Runs the tailscale up command with provided authkey

Joins your system to a mesh network. Provide the wrong authkey and you might be joining to somebody else's network.

Setup Requirements

You will need an authkey and access to the internet.

Beginning with tailscale

In order to join the tailscale network you need the authkey. This key should be treated as sensitive data as anybody with the key can gain access to your network. We recommend using hiera-eyaml to encrypt the key. To take extra precautions when using a puppetserver you should also set the tailscale::use_node_encrypt parameter to true.

Usage

Without hiera example

class{'tailscale': auth_key => '123456' }

With hiera example

include tailscale

# data/common.yaml
tailscale::auth_key: 123456
tailscale::base_pgk_url: 'https://mydomain/packages/centos'

# example only, options are not required
tailscale::up_options:
  hostname: "%{::facts.hostname}"

Reference

These are the options available for providing tailscale up flags.

USAGE
  up [flags]

"tailscale up" connects this machine to your Tailscale network,
triggering authentication if necessary.

The flags passed to this command are specific to this machine. If you don't
specify any flags, options are reset to their default.

FLAGS
  -accept-dns true                           accept DNS configuration from the admin panel
  -accept-routes false                       accept routes advertised by other Tailscale nodes
  -advertise-routes ...                      routes to advertise to other nodes (comma-separated, e.g. 10.0.0.0/8,192.168.0.0/24)
  -advertise-tags ...                        ACL tags to request (comma-separated, e.g. eng,montreal,ssh)
  -authkey ...                               node authorization key
  -force-reauth false                        force reauthentication
  -host-routes true                          install host routes to other Tailscale nodes
  -hostname ...                              hostname to use instead of the one provided by the OS
  -login-server https://login.tailscale.com  base URL of control server
  -netfilter-mode on                         netfilter mode (one of on, nodivert, off)
  -shields-up false                          don't allow incoming connections
  -snat-subnet-routes true                   source NAT traffic to local routes advertised with --advertise-routes

Limitations

At this time this module can only install and initialize tailscale.

Development

Pull requests welcomed.