will/swarm-zap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
swarm-zap/memory/ops/2026-03-03-tailscale-setup.md

4.0 KiB
Raw Permalink Blame History

Session: 2026-03-03 03:05:08 UTC

  • Session Key: agent:main:main
  • Session ID: 46a933f8-08bc-44c7-9d62-12cadf740ad4
  • Source: gateway:sessions.reset

Conversation Summary

user: [Tue 2026-03-03 02:54 UTC] Let's configure tailscale assistant: I'll quickly check the current Tailscale state on this machine so we can configure it correctly. assistant: reply_to_current Good call — I checked this host and:

  • Tailscale is not installed
  • tailscaled service is inactive
  • OS is Ubuntu 24.04

I can set it up for you end-to-end.
I just need one choice from you:

  1. Interactive login (I install + start, then you open a login URL), or
  2. Auth key login (you give me a Tailscale auth key and I do it fully headless)

If you want, Ill proceed now with option 1 (the usual). user: [Tue 2026-03-03 02:55 UTC] Yes: 1 assistant: reply_to_current Perfect — I hit a permission wall here (no elevated sudo access from this webchat session), so please run these on the host terminal:

# Install Tailscale (Ubuntu 24.04 / noble)
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list >/dev/null
sudo apt-get update
sudo apt-get install -y tailscale

# Start service
sudo systemctl enable --now tailscaled

# Interactive login (this prints a URL)
sudo tailscale up

After sudo tailscale up, open the URL it gives, approve the device, then send me:

tailscale status
tailscale ip -4
tailscale ip -6

Ill verify everything and then help you apply any extras (MagicDNS, subnet routes, exit node, SSH, ACL tags, etc.). user: [Tue 2026-03-03 02:58 UTC] It's up assistant: reply_to_current Nice — confirmed, its up and healthy.

  • Device: claw
  • Tailscale IPv4: 100.125.12.39
  • Tailscale IPv6: fd7a:115c:a1e0::aa32:c28
  • Version: 1.94.2

If you want, next I can help you harden/tune it with:

  • MagicDNS
  • Tailscale SSH
  • Exit node setup
  • Subnet routing (for LAN access)
  • ACL/tag cleanup for this node user: [Tue 2026-03-03 02:58 UTC] yes assistant: reply_to_current Sweet — lets do a solid baseline first, then optional extras.

1) Baseline hardening/tuning (run now)

# Enable Tailscale SSH on this node
sudo tailscale set --ssh=true

You already have good defaults:

  • MagicDNS/client DNS: on (CorpDNS: true)
  • Auto-updates: on
  • Running state: healthy

2) Verify

tailscale debug prefs | grep -E '"RunSSH"|"CorpDNS"|"RouteAll"'
tailscale status

3) Optional next moves (pick what you want)

  • Use this machine as an exit node

    sudo tailscale set --advertise-exit-node=true

    Then approve it in admin console.

  • Expose your LAN subnet through this machine (example 192.168.153.0/24)

    sudo tailscale set --advertise-routes=192.168.153.0/24

    Then approve routes in admin console.

  • Use an exit node from this machine

    tailscale exit-node list
sudo tailscale set --exit-node=<node-name-or-ip>

If you want, I can give you the exact command set for your specific goal (remote SSH only vs full homelab subnet access vs private VPN exit node). assistant: active subagents:

(none)

recent subagents (last 30m):

(none) assistant: Subagents Usage:

  • /subagents list
  • /subagents kill <id|#|all>
  • /subagents log <id|#> [limit] [tools]
  • /subagents info <id|#>
  • /subagents send <id|#>
  • /subagents steer <id|#>
  • /subagents spawn [--model ] [--thinking ]
  • /focus <subagent-label|session-key|session-id|session-label>
  • /unfocus
  • /agents
  • /session idle <duration|off>
  • /session max-age <duration|off>
  • /kill <id|#|all>
  • /steer <id|#>
  • /tell <id|#>

Ids: use the list index (#), runId/session prefix, label, or full session key.