From 36d495b9f700e5506a577b762676e39e450e0859 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Alloza=20Gonz=C3=A1lez?= Date: Fri, 13 Sep 2024 19:32:55 +0200 Subject: [PATCH 1/3] run tailscale without sudo --- cmd/layer2.go | 8 ++++---- pkg/layer2/layer2.go | 9 ++++++--- pkg/layer2/tailscale.go | 4 ++-- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/cmd/layer2.go b/cmd/layer2.go index 8fe1782..b4ef972 100644 --- a/cmd/layer2.go +++ b/cmd/layer2.go @@ -38,10 +38,10 @@ func NewLayer2Cmd() *cobra.Command { " To start the service, run the command again with the --ts-auth-key flag "+ "(+info: https://login.tailscale.com/admin/settings/keys)\n"+ " Or you can login manually and start the server:\n"+ - " ssh %s@%s sudo tailscale up\n"+ - " If you want to let tailscale manage the ssh connections (you will lose the ssh connection):\n"+ - " ssh %s@%s sudo tailscale up --ssh --accept-risk=lose-ssh\n", - args.User, args.Host, args.User, args.Host) + " ssh %s@%s sudo tailscale up --operator %s\n"+ + " If you want to let tailscale manage the ssh connections (you may lose the ssh connection):\n"+ + " ssh %s@%s sudo tailscale up --ssh --accept-risk=lose-ssh --operator %s\n", + args.User, args.Host, args.User, args.User, args.Host, args.User) } fmt.Println("Layer 2 provisioned successfully") diff --git a/pkg/layer2/layer2.go b/pkg/layer2/layer2.go index f1634fe..278a655 100644 --- a/pkg/layer2/layer2.go +++ b/pkg/layer2/layer2.go @@ -120,7 +120,7 @@ func (m *layer2Manager) provisionLayer2(args Layer2Args) (Layer2Result, error) { } info.Title("Starting and setting up tailscale") - tailscaleStarted, needManualLogin, err := m.startAndSetupTailscale(args.TailscaleAuthKey) + tailscaleStarted, needManualLogin, err := m.startAndSetupTailscale(args.TailscaleAuthKey, args.User) result.NeedManualTailscaleLogin = needManualLogin if err != nil { info.Fail() @@ -163,9 +163,12 @@ func (m *layer2Manager) installLibraries() error { "cron", "curl", "git", + "jq", "libffi-dev", "mailutils", + "mdadm", "nano", + "progress", "ripgrep", "sqlite3", "tcpdump", @@ -390,7 +393,7 @@ func (m *layer2Manager) installTailscale() (bool, error) { // Starts tailscale and logs in if needed // Returns (tailscaleStarted, needManualLogin, error) -func (m *layer2Manager) startAndSetupTailscale(authKey string) (bool, bool, error) { +func (m *layer2Manager) startAndSetupTailscale(authKey, user string) (bool, bool, error) { status, err := m.getTailScaleStatus() if err != nil { return false, false, err @@ -414,7 +417,7 @@ func (m *layer2Manager) startAndSetupTailscale(authKey string) (bool, bool, erro } } - if err := m.tailscaleUp(); err != nil { + if err := m.tailscaleUp(user); err != nil { return false, false, fmt.Errorf("error starting tailscale: %w", err) } diff --git a/pkg/layer2/tailscale.go b/pkg/layer2/tailscale.go index 49cd904..1d98cbf 100644 --- a/pkg/layer2/tailscale.go +++ b/pkg/layer2/tailscale.go @@ -63,8 +63,8 @@ func (m *layer2Manager) tailscaleLogin(authKey string) error { return nil } -func (m *layer2Manager) tailscaleUp() error { - _, _, err := m.conn.RunSudo("tailscale up") +func (m *layer2Manager) tailscaleUp(user string) error { + _, _, err := m.conn.Run(fmt.Sprintf("tailscale up --operator=%s", user)) if err != nil { return fmt.Errorf("error starting tailscale: %w", err) } From 184040415d228991033a77c5d3422037715b8af2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Alloza=20Gonz=C3=A1lez?= Date: Fri, 13 Sep 2024 20:31:48 +0200 Subject: [PATCH 2/3] update readme --- README.md | 17 ++++++++++++----- pkg/layer2/layer2.go | 1 + 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 59a9249..e5eba21 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,10 @@ _Setup your Raspberry Pi with Raspbian without a screen, keyboard or ethernet co - Install tailscale to access your raspberry pi from anywhere. - Install docker and docker-compose to facilitate the deployment of your applications. -Tested with image [`2023-12-11-raspios-bookworm-armhf-lite.img.xz`](https://downloads.raspberrypi.com/raspios_lite_armhf/images/raspios_lite_armhf-2023-12-11/2023-12-11-raspios-bookworm-armhf-lite.img.xz) +Tested with: + +- [`2023-12-11-raspios-bookworm-armhf-lite.img.xz`](https://downloads.raspberrypi.com/raspios_lite_armhf/images/raspios_lite_armhf-2023-12-11/2023-12-11-raspios-bookworm-armhf-lite.img.xz) +- [`2024-07-04-raspios-bookworm-arm64-lite`](https://downloads.raspberrypi.com/raspios_lite_arm64/images/raspios_lite_arm64-2024-07-04/2024-07-04-raspios-bookworm-arm64-lite.img.xz) **Index:** @@ -114,6 +117,8 @@ Examples: ```shell # After executing the boot command, the user 'pi' will be created with password 'raspberry' (default values for the this command) +$ rpi-provisioner find + # You can use this command after changing the user and limiting the access to use ssh keys $ rpi-provisioner find --user $USER --ssh-key @@ -143,7 +148,7 @@ Examples: ```shell # Create the deployer user 'deployer' with password 'p422w0rD', update the authorized_keys and set the primary interface's IP address to 192.172.0.71 (the router assigned the raspberry initially the IP address 192.168.0.144 using DCHP) -$ rpi-provisioner layer1 --deployer-user deployer --deployer-password p422w0rD --host 192.168.0.144 --keys-uri=/path/to/public-ssh-keys.json --primary-ip 192.168.0.71 +$ rpi-provisioner layer1 --deployer-user deployer --deployer-password p422w0rD --host 192.168.0.144 --keys-uri=/path/to/public-ssh-keys.json --ip 192.168.0.71 ``` **Important: make sure that the authorized-keys file includes your public ssh key, otherwise you will lose SSH access to the raspberry.** @@ -159,10 +164,10 @@ The layer2 command will install some useful libraries and programs. It will: - Install zsh - Install and configure oh-my-zsh - Install some useful oh-my-zsh plugins -- Install and configure tailscale -- Install docker (it will ensure that docker compose v2 is installed) +- Install tailscale (and optionally configure it with a pregenerated auth key) +- Install docker and docker compose v2 -By default (without the option --ts-auth-key) the layer2 command will just install tailscale, showing a message at the end with more instructions about how to configure it. +By default (without the option --ts-auth-key) the layer2 command will just install tailscale, showing a message at the end with more instructions about how to configure it. If you want to configure tailscale to manage SSH access you must not use the --ts-auth-key option, but follow the instructions after the command finishes. ```shell # Run the layer2 command in the host 192.168.0.71 using the user 'deployer' and the ssh key @@ -173,6 +178,8 @@ $ rpi-provisioner layer2 --host 192.168.0.71 --user deployer $ rpi-provisioner layer2 --host 192.168.0.71 --user deployer --ts-auth-key s0m3-rand0m-7a1lscal3-k3y ``` +You can run this command as many times as you want. It will always update the packages and install the libraries and programs. Tailscale will only be setup once. + ### authorized-keys This command is used to update the authorized_keys file in the raspberry. It will join the current authorized_keys file with the keys in the file specified in the `--keys-uri` flag. diff --git a/pkg/layer2/layer2.go b/pkg/layer2/layer2.go index 278a655..07ea09d 100644 --- a/pkg/layer2/layer2.go +++ b/pkg/layer2/layer2.go @@ -167,6 +167,7 @@ func (m *layer2Manager) installLibraries() error { "libffi-dev", "mailutils", "mdadm", + "mdadm", "nano", "progress", "ripgrep", From 0e2a9e72fa35b55d83ca03c363484beaebf3a8e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Diego=20Alloza=20Gonz=C3=A1lez?= Date: Sat, 14 Sep 2024 17:40:11 +0200 Subject: [PATCH 3/3] fix typo --- cmd/layer1.go | 4 ++-- pkg/layer2/layer2.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/layer1.go b/cmd/layer1.go index 5fc11af..5c33589 100644 --- a/cmd/layer1.go +++ b/cmd/layer1.go @@ -54,8 +54,8 @@ func NewLayer1Cmd() *cobra.Command { layer1Cmd.Flags().StringVar(&args.LoginUser, "login-user", "pi", "Login user") layer1Cmd.Flags().StringVar(&args.LoginPassword, "login-password", "raspberry", "Login password") - layer1Cmd.Flags().StringVar(&args.DeployerPassword, "deployer-user", "", "Deployer user") - layer1Cmd.Flags().StringVar(&args.DeployerUser, "deployer-password", "", "Deployer password") + layer1Cmd.Flags().StringVar(&args.DeployerUser, "deployer-user", "", "Deployer user") + layer1Cmd.Flags().StringVar(&args.DeployerPassword, "deployer-password", "", "Deployer password") layer1Cmd.Flags().StringVar(&args.RootPassword, "root-password", "", "Root password") layer1Cmd.Flags().StringVar(&args.Host, "host", "", "Server host") layer1Cmd.Flags().IntVar(&args.Port, "port", 22, "Server SSH port") diff --git a/pkg/layer2/layer2.go b/pkg/layer2/layer2.go index 07ea09d..ae519b3 100644 --- a/pkg/layer2/layer2.go +++ b/pkg/layer2/layer2.go @@ -167,12 +167,12 @@ func (m *layer2Manager) installLibraries() error { "libffi-dev", "mailutils", "mdadm", - "mdadm", "nano", "progress", "ripgrep", "sqlite3", "tcpdump", + "tree", "wget", } installCmd := fmt.Sprintf("apt-get install %s -y", strings.Join(libraries, " "))