Add 4 and update 2 files

tailscale/emergency_access.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+# Emergency access script - maintains a reverse SSH tunnel as backup
+# Only use this if you have a reliable jump server
+
+# Configuration (set these in service.env)
+JUMP_SERVER="${EMERGENCY_JUMP_SERVER:-}"
+JUMP_USER="${EMERGENCY_JUMP_USER:-}"
+JUMP_PORT="${EMERGENCY_JUMP_PORT:-22}"
+LOCAL_SSH_PORT="${LOCAL_SSH_PORT:-22}"
+TUNNEL_PORT="${EMERGENCY_TUNNEL_PORT:-}"  # Port on jump server
+
+if [ -z "$JUMP_SERVER" ] || [ -z "$TUNNEL_PORT" ]; then
+    echo "Emergency access not configured. Skipping."
+    exit 0
+fi
+
+echo "Setting up emergency SSH reverse tunnel..."
+
+# Create systemd service for persistent reverse tunnel
+cat << EOF | sudo tee /etc/systemd/system/emergency-tunnel.service
+[Unit]
+Description=Emergency SSH Reverse Tunnel
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/ssh -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no -N -R ${TUNNEL_PORT}:localhost:${LOCAL_SSH_PORT} ${JUMP_USER}@${JUMP_SERVER} -p ${JUMP_PORT}
+Restart=always
+RestartSec=30
+User=root
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+sudo systemctl daemon-reload
+sudo systemctl enable emergency-tunnel.service
+sudo systemctl start emergency-tunnel.service
+
+echo "Emergency tunnel service configured."
+echo "In case of emergency, SSH to jump server and then:"
+echo "  ssh -p ${TUNNEL_PORT} localhost"

tailscale/healthcheck.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# Tailscale health check and auto-recovery script
+# Run this via cron every 5-10 minutes
+
+CONTAINER_NAME="${CONTAINER_NAME:-tailscale}"
+MAX_RESTART_ATTEMPTS=3
+RESTART_COUNT_FILE="/tmp/tailscale_restart_count"
+
+# Check if container is running
+if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
+    echo "$(date): Container not running, attempting to start..."
+    docker start "${CONTAINER_NAME}"
+    sleep 10
+fi
+
+# Check Tailscale connection status
+if ! docker exec "${CONTAINER_NAME}" tailscale status &>/dev/null; then
+    echo "$(date): Tailscale not connected properly"
+    
+    # Track restart attempts
+    if [ -f "$RESTART_COUNT_FILE" ]; then
+        COUNT=$(cat "$RESTART_COUNT_FILE")
+    else
+        COUNT=0
+    fi
+    
+    if [ "$COUNT" -lt "$MAX_RESTART_ATTEMPTS" ]; then
+        echo "$(date): Restart attempt $((COUNT + 1)) of $MAX_RESTART_ATTEMPTS"
+        docker restart "${CONTAINER_NAME}"
+        echo $((COUNT + 1)) > "$RESTART_COUNT_FILE"
+        
+        # Wait and try to reconnect
+        sleep 30
+        docker exec "${CONTAINER_NAME}" tailscale up --authkey="${TAILSCALE_AUTH_KEY}" 2>/dev/null || true
+    else
+        echo "$(date): Max restart attempts reached. Manual intervention needed."
+        # Could send alert here
+    fi
+else
+    # Connection is good, reset counter
+    [ -f "$RESTART_COUNT_FILE" ] && rm "$RESTART_COUNT_FILE"
+    echo "$(date): Tailscale is healthy"
+fi

tailscale/install_monitor.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+# Install monitoring script for Tailscale
+# This sets up a cron job to check and recover Tailscale connection
+
+source "${AGENT_PATH}/common.sh"
+
+echo "Setting up Tailscale monitoring..."
+
+# Copy healthcheck script to a safe location
+MONITOR_SCRIPT="/opt/tailscale-monitor.sh"
+sudo cp "${CONFIG_PATH}/healthcheck.sh" "$MONITOR_SCRIPT"
+sudo chmod +x "$MONITOR_SCRIPT"
+
+# Create systemd service for monitoring (more reliable than cron)
+cat << 'EOF' | sudo tee /etc/systemd/system/tailscale-monitor.service
+[Unit]
+Description=Tailscale Connection Monitor
+After=docker.service
+Requires=docker.service
+
+[Service]
+Type=simple
+ExecStart=/bin/bash /opt/tailscale-monitor.sh
+Restart=always
+RestartSec=300
+StandardOutput=journal
+StandardError=journal
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Enable and start the monitor service
+sudo systemctl daemon-reload
+sudo systemctl enable tailscale-monitor.service
+sudo systemctl start tailscale-monitor.service
+
+echo "Tailscale monitoring service installed and started"
+
+# Also add a cron job as backup
+(crontab -l 2>/dev/null | grep -v tailscale-monitor; echo "*/5 * * * * /opt/tailscale-monitor.sh >> /var/log/tailscale-monitor.log 2>&1") | crontab -
+
+echo "Backup cron job added (runs every 5 minutes)"

tailscale/start.sh

@@ -75,12 +75,27 @@ if [ -n "$TAILSCALE_EXTRA_ARGS" ]; then
     TAILSCALE_UP_CMD="${TAILSCALE_UP_CMD} ${TAILSCALE_EXTRA_ARGS}"
 fi
 
-# Execute tailscale up command
-if ! docker exec ${CONTAINER_NAME} ${TAILSCALE_UP_CMD}; then
-    echo "Warning: Failed to connect to Tailscale network automatically."
-    echo "You may need to connect manually using:"
-    echo "  docker exec ${CONTAINER_NAME} tailscale up"
-fi
+# Execute tailscale up command with retries
+RETRY_COUNT=0
+MAX_RETRIES=5
+RETRY_DELAY=10
+
+while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
+    if docker exec ${CONTAINER_NAME} ${TAILSCALE_UP_CMD}; then
+        echo "Successfully connected to Tailscale network!"
+        break
+    else
+        RETRY_COUNT=$((RETRY_COUNT + 1))
+        if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then
+            echo "Connection attempt $RETRY_COUNT failed. Retrying in ${RETRY_DELAY} seconds..."
+            sleep $RETRY_DELAY
+        else
+            echo "Warning: Failed to connect after $MAX_RETRIES attempts."
+            echo "You may need to connect manually using:"
+            echo "  docker exec ${CONTAINER_NAME} tailscale up"
+        fi
+    fi
+done
 
 echo ""
 echo "Tailscale started successfully!"