[fixtailscale.sh]
#!/bin/bash
# disclaimer: I did it for personal use, no guarantees
# this version doesn't check if the script was already runner. Nothing bad happens anyway.
# first you need to have the "reconfig.sh" inside the addon container. If you are just updating the container,
# the data folder usually stays there with the script.
dockerssl="/data/ssl"
localssl="/root/ssl/tailscale"
tailaddon="addon_a0d7b954_tailscale" # THIS IS THE ADDON CONTAINER, MAY CHANGE
# run the script and copy the files from the container to the local filesystem
docker exec addon_a0d7b954_tailscale "${dockerssl}/reconfig.sh" &&
docker cp ${tailaddon}:"${dockerssl}/fullchain.pem" "${localssl}/fullchain.pem" &&
docker cp ${tailaddon}:"${dockerssl}/privkey.pem" "${localssl}/privkey.pem"
[reconfig.sh]
#!/bin/bash
# disclaimer: I did it for personal use, no guarantees
# this version doesn't check if the script was already runner. Nothing bad happens anyway.
# This file must be dropped inside the tailscale container, and needs to be re-run everytime the container is
# rebuilt (e.g. new version). Next version will also add a cron job to keep it updating the certificate.
# To get into the container, use the SSH addon with privileges, and run:
# > docker exec -it addon_a0d7b954_tailscale /bin/bash
# then install any editor:
# > apk add nano; apk add vim
# and copy&paste this script there. Don't forget to make it executable with > chmod 755 reconfig.sh
# the next step is done by the next script (get the certificates from this container to the homeassistant
myhost="YOUR_MACHINE_NAME_ON_TAILSCALE"
mydomain="YOUR_DOMAIN_ON_TAILSCALE.ts.net"
myhostname="${myhost}.${mydomain}"
datafolder="/data"
tailfolder="${datafolder}/tailscale"
tailbinary="/opt/tailscale"
tailservicepath="/var/run/s6/services/tailscaled"
# create the missing folders (https://github.com/tailscale/tailscale/issues/2932)
mkdir -p "${tailfolder}"
cp "${datafolder}/tailscaled.state" "${tailfolder}/tailscaled.state"
# reconfiguring the service
sed -i 's/data\/tailscaled/data\/tailscale\/tailscaled/' "${tailservicepath}/run"
# restarting the service
s6-svc -r "${tailservicepath}"
# asking tailscale for new certificates (if needed)
mkdir -p "${tailfolder}/certs"
cd "${tailfolder}/certs" || exit
${tailbinary} cert ${myhostname}
cat "${myhostname}.key" "${myhostname}.crt" >snakeoil.pem
# making sure the file permissions
chmod 644 ./*.crt
chmod 600 ./*.key
chmod 600 ./*.pem
# copying the certificates to /data/ssl for further step
cp "${myhostname}.key" "${datafolder}/ssl/privkey.pem"
cp snakeoil.pem "${datafolder}/ssl/fullchain.pem"