Add 4 and update 2 files

2025-09-08 17:46:34 +12:00
parent 308e0e3bc6
commit 6880a0e321
6 changed files with 392 additions and 173 deletions
--- a/squashdisplay/setup.sh
+++ b/squashdisplay/setup.sh
@@ -0,0 +1,204 @@
 #!/bin/sh
 # This script runs inside the Alpine container to configure the host system
 set -e
 echo "Starting Squash Display kiosk setup..."
 # Function to run commands on the host
 host_exec() {
    nsenter -t 1 -m -u -i -n -p -- "$@"
 }
 # Get environment variables (passed from Docker)
 KIOSK_URL="${KIOSK_URL:-https://squash.kiwi/court/otog}"
 KIOSK_USER="${KIOSK_USER:-squash}"
 DISPLAY_WIDTH="${DISPLAY_WIDTH:-1920}"
 DISPLAY_HEIGHT="${DISPLAY_HEIGHT:-1080}"
 DISPLAY_REFRESH="${DISPLAY_REFRESH:-60}"
 GPU_MEM="${GPU_MEM:-256}"
 ENABLE_WATCHDOG="${ENABLE_WATCHDOG:-true}"
 ENABLE_AUTO_LOGIN="${ENABLE_AUTO_LOGIN:-true}"
 ENABLE_HDMI_KEEP_ALIVE="${ENABLE_HDMI_KEEP_ALIVE:-true}"
 echo "Configuration:"
 echo "  URL: ${KIOSK_URL}"
 echo "  User: ${KIOSK_USER}"
 echo "  Display: ${DISPLAY_WIDTH}x${DISPLAY_HEIGHT}@${DISPLAY_REFRESH}Hz"
 # Install required packages
 echo "Installing required packages..."
 host_exec apt-get update
 host_exec apt-get install -y chromium-browser xorg xinit x11-xserver-utils unclutter || \
 host_exec apt-get install -y chromium xorg xinit x11-xserver-utils unclutter
 # Create kiosk user if it doesn't exist
 if ! host_exec id -u ${KIOSK_USER} >/dev/null 2>&1; then
    echo "Creating user ${KIOSK_USER}..."
    host_exec useradd -m -s /bin/bash ${KIOSK_USER}
    host_exec usermod -aG video,audio ${KIOSK_USER}
 fi
 # Setup auto-login if enabled
 if [ "${ENABLE_AUTO_LOGIN}" = "true" ]; then
    echo "Configuring auto-login for ${KIOSK_USER}..."
    host_exec mkdir -p /etc/systemd/system/getty@tty1.service.d
    # Create auto-login configuration
    echo "[Service]" > /tmp/autologin.conf
    echo "ExecStart=" >> /tmp/autologin.conf
    echo "ExecStart=-/sbin/agetty --autologin ${KIOSK_USER} --noclear %I \$TERM" >> /tmp/autologin.conf
    host_exec cp /tmp/autologin.conf /etc/systemd/system/getty@tty1.service.d/autologin.conf
    host_exec systemctl daemon-reload
 fi
 # Create kiosk script
 echo "Setting up kiosk script..."
 cat > /tmp/kiosk.sh << 'KIOSKSCRIPT'
 #!/bin/bash
 # Disable screen blanking and power management
 xset s noblank
 xset s off
 xset -dpms
 # Hide cursor after 1 second of inactivity
 unclutter -idle 1 &
 # Force display resolution
 xrandr --output HDMI-1 --mode DISPLAY_WIDTH_PLACEHOLDERxDISPLAY_HEIGHT_PLACEHOLDER --rate DISPLAY_REFRESH_PLACEHOLDER 2>/dev/null || \
 xrandr --output HDMI-2 --mode DISPLAY_WIDTH_PLACEHOLDERxDISPLAY_HEIGHT_PLACEHOLDER --rate DISPLAY_REFRESH_PLACEHOLDER 2>/dev/null || \
 xrandr --output default --mode DISPLAY_WIDTH_PLACEHOLDERxDISPLAY_HEIGHT_PLACEHOLDER --rate DISPLAY_REFRESH_PLACEHOLDER 2>/dev/null || true
 # Start Chromium in kiosk mode
 chromium-browser \
  --window-size=DISPLAY_WIDTH_PLACEHOLDER,DISPLAY_HEIGHT_PLACEHOLDER \
  --window-position=0,0 \
  --noerrdialogs \
  --disable-infobars \
  --disable-features=TranslateUI \
  --disable-extensions \
  --disable-plugins \
  --disable-web-security \
  --disable-features=VizDisplayCompositor \
  --start-fullscreen \
  --kiosk \
  --incognito \
  --no-first-run \
  --fast \
  --fast-start \
  --disable-default-apps \
  --disable-translate \
  --disable-background-timer-throttling \
  --disable-renderer-backgrounding \
  --disable-backgrounding-occluded-windows \
  --disable-component-extensions-with-background-pages \
  --autoplay-policy=no-user-gesture-required \
  "KIOSK_URL_PLACEHOLDER"
 KIOSKSCRIPT
 # Replace placeholders
 sed -i "s|DISPLAY_WIDTH_PLACEHOLDER|${DISPLAY_WIDTH}|g" /tmp/kiosk.sh
 sed -i "s|DISPLAY_HEIGHT_PLACEHOLDER|${DISPLAY_HEIGHT}|g" /tmp/kiosk.sh
 sed -i "s|DISPLAY_REFRESH_PLACEHOLDER|${DISPLAY_REFRESH}|g" /tmp/kiosk.sh
 sed -i "s|KIOSK_URL_PLACEHOLDER|${KIOSK_URL}|g" /tmp/kiosk.sh
 host_exec cp /tmp/kiosk.sh /home/${KIOSK_USER}/kiosk.sh
 host_exec chmod +x /home/${KIOSK_USER}/kiosk.sh
 host_exec chown ${KIOSK_USER}:${KIOSK_USER} /home/${KIOSK_USER}/kiosk.sh
 # Setup watchdog if enabled
 if [ "${ENABLE_WATCHDOG}" = "true" ]; then
    echo "Setting up watchdog script..."
    cat > /tmp/watchdog.sh << 'WATCHDOG'
 #!/bin/bash
 while true; do
    if ! pgrep chromium > /dev/null; then
        echo "$(date): Chromium not running, restarting..." >> /home/KIOSK_USER_PLACEHOLDER/watchdog.log
        DISPLAY=:0 /home/KIOSK_USER_PLACEHOLDER/kiosk.sh &
    fi
    sleep 30
 done
 WATCHDOG
    sed -i "s|KIOSK_USER_PLACEHOLDER|${KIOSK_USER}|g" /tmp/watchdog.sh
    host_exec cp /tmp/watchdog.sh /home/${KIOSK_USER}/watchdog.sh
    host_exec chmod +x /home/${KIOSK_USER}/watchdog.sh
    host_exec chown ${KIOSK_USER}:${KIOSK_USER} /home/${KIOSK_USER}/watchdog.sh
 fi
 # Configure .bashrc for auto-start
 echo "Configuring auto-start..."
 if ! host_exec grep -q "Auto-start X server" /home/${KIOSK_USER}/.bashrc 2>/dev/null; then
    cat > /tmp/bashrc_append << 'BASHRC'
 # Auto-start X server and kiosk on login
 if [ -z "$DISPLAY" ] && [ "$XDG_VTNR" = 1 ]; then
    exec startx ~/kiosk.sh
 fi
 BASHRC
    if [ "${ENABLE_WATCHDOG}" = "true" ]; then
        echo '~/watchdog.sh &' >> /tmp/bashrc_append
    fi
    host_exec sh -c "cat /tmp/bashrc_append >> /home/${KIOSK_USER}/.bashrc"
 fi
 # Disable automatic updates
 echo "Disabling automatic updates..."
 host_exec systemctl disable apt-daily.service 2>/dev/null || true
 host_exec systemctl disable apt-daily.timer 2>/dev/null || true
 host_exec systemctl disable apt-daily-upgrade.timer 2>/dev/null || true
 host_exec systemctl disable apt-daily-upgrade.service 2>/dev/null || true
 # Configure GPU memory split (Raspberry Pi specific)
 if host_exec test -f /boot/firmware/config.txt || host_exec test -f /boot/config.txt; then
    echo "Configuring GPU memory split..."
    CONFIG_FILE="/boot/firmware/config.txt"
    host_exec test -f /boot/config.txt && CONFIG_FILE="/boot/config.txt"
    if ! host_exec grep -q "^gpu_mem=" ${CONFIG_FILE}; then
        echo "gpu_mem=${GPU_MEM}" > /tmp/gpu_mem
        host_exec sh -c "cat /tmp/gpu_mem >> ${CONFIG_FILE}"
    else
        host_exec sed -i "s/^gpu_mem=.*/gpu_mem=${GPU_MEM}/" ${CONFIG_FILE}
    fi
 fi
 # Setup HDMI keep-alive service if enabled
 if [ "${ENABLE_HDMI_KEEP_ALIVE}" = "true" ]; then
    echo "Setting up HDMI keep-alive service..."
    cat > /tmp/hdmi-keep-alive.service << 'HDMISERVICE'
 [Unit]
 Description=Keep HDMI active
 After=graphical.target
 [Service]
 Type=simple
 ExecStart=/bin/sh -c 'while true; do tvservice -p 2>/dev/null || true; sleep 60; done'
 Restart=always
 RestartSec=10
 [Install]
 WantedBy=graphical.target
 HDMISERVICE
    host_exec cp /tmp/hdmi-keep-alive.service /etc/systemd/system/hdmi-keep-alive.service
    host_exec systemctl daemon-reload
    host_exec systemctl enable hdmi-keep-alive.service 2>/dev/null || true
 fi
 echo ""
 echo "Squash Display kiosk setup complete!"
 echo ""
 echo "Configuration applied:"
 echo "  URL: ${KIOSK_URL}"
 echo "  User: ${KIOSK_USER}"
 echo "  Display: ${DISPLAY_WIDTH}x${DISPLAY_HEIGHT}@${DISPLAY_REFRESH}Hz"
 echo "  Watchdog: ${ENABLE_WATCHDOG}"
 echo "  Auto-login: ${ENABLE_AUTO_LOGIN}"
 echo ""
 echo "Please reboot the system for all changes to take effect."
--- a/squashdisplay/start.sh
+++ b/squashdisplay/start.sh
@@ -5,179 +5,45 @@ _check_required_env_vars "CONTAINER_NAME" "IMAGE_REGISTRY" "IMAGE_REPO" "IMAGE_T
 echo "Starting Squash Display setup container..."
-# Create the setup script as a heredoc that will be executed in the container
+# Get the directory where this script is located
-SETUP_SCRIPT='#!/bin/sh
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 set -e
-echo "Starting Squash Display kiosk setup..."
+# Check if setup.sh exists
-
+if [ ! -f "${SCRIPT_DIR}/setup.sh" ]; then
-# Function to run commands on the host
+    echo "Error: setup.sh not found in ${SCRIPT_DIR}"
-host_exec() {
+    _die "Setup script not found!"
    nsenter -t 1 -m -u -i -n -p -- "$@"
 }
 # Install required packages
 echo "Installing required packages..."
 host_exec apt-get update
 host_exec apt-get install -y chromium-browser xorg xinit x11-xserver-utils unclutter || \
 host_exec apt-get install -y chromium xorg xinit x11-xserver-utils unclutter
 # Create kiosk user if it does not exist
 if ! host_exec id -u '"${KIOSK_USER}"' >/dev/null 2>&1; then
    echo "Creating user '"${KIOSK_USER}"'..."
    host_exec useradd -m -s /bin/bash '"${KIOSK_USER}"'
    host_exec usermod -aG video,audio '"${KIOSK_USER}"'
 fi
-# Setup auto-login if enabled
+# Make setup script executable
-if [ "'"${ENABLE_AUTO_LOGIN}"'" = "true" ]; then
+chmod +x ${SCRIPT_DIR}/setup.sh
    echo "Configuring auto-login for '"${KIOSK_USER}"'..."
-    host_exec mkdir -p /etc/systemd/system/getty@tty1.service.d
+echo "Found setup script at: ${SCRIPT_DIR}/setup.sh"
    cat <<EOF | host_exec tee /etc/systemd/system/getty@tty1.service.d/autologin.conf
 [Service]
 ExecStart=
 ExecStart=-/sbin/agetty --autologin '"${KIOSK_USER}"' --noclear %I \$TERM
 EOF
    host_exec systemctl daemon-reload
 fi
-# Create kiosk script
+# Set default values for any unset variables
-echo "Setting up kiosk script..."
+KIOSK_URL="${KIOSK_URL:-https://squash.kiwi/court/otog}"
-cat <<'"'"'KIOSKSCRIPT'"'"' | host_exec tee /home/'"${KIOSK_USER}"'/kiosk.sh
+KIOSK_USER="${KIOSK_USER:-squash}"
-#!/bin/bash
+DISPLAY_WIDTH="${DISPLAY_WIDTH:-1920}"
-
+DISPLAY_HEIGHT="${DISPLAY_HEIGHT:-1080}"
-# Disable screen blanking and power management
+DISPLAY_REFRESH="${DISPLAY_REFRESH:-60}"
-xset s noblank
+GPU_MEM="${GPU_MEM:-256}"
-xset s off
+ENABLE_WATCHDOG="${ENABLE_WATCHDOG:-true}"
-xset -dpms
+ENABLE_AUTO_LOGIN="${ENABLE_AUTO_LOGIN:-true}"
-
+ENABLE_HDMI_KEEP_ALIVE="${ENABLE_HDMI_KEEP_ALIVE:-true}"
 # Hide cursor after 1 second of inactivity
 unclutter -idle 1 &
 # Force display resolution
 xrandr --output HDMI-1 --mode '"${DISPLAY_WIDTH}x${DISPLAY_HEIGHT}"' --rate '"${DISPLAY_REFRESH}"' 2>/dev/null || \
 xrandr --output HDMI-2 --mode '"${DISPLAY_WIDTH}x${DISPLAY_HEIGHT}"' --rate '"${DISPLAY_REFRESH}"' 2>/dev/null || \
 xrandr --output default --mode '"${DISPLAY_WIDTH}x${DISPLAY_HEIGHT}"' --rate '"${DISPLAY_REFRESH}"' 2>/dev/null || true
 # Start Chromium in kiosk mode
 chromium-browser \
  --window-size='"${DISPLAY_WIDTH},${DISPLAY_HEIGHT}"' \
  --window-position=0,0 \
  --noerrdialogs \
  --disable-infobars \
  --disable-features=TranslateUI \
  --disable-extensions \
  --disable-plugins \
  --disable-web-security \
  --disable-features=VizDisplayCompositor \
  --start-fullscreen \
  --kiosk \
  --incognito \
  --no-first-run \
  --fast \
  --fast-start \
  --disable-default-apps \
  --disable-translate \
  --disable-background-timer-throttling \
  --disable-renderer-backgrounding \
  --disable-backgrounding-occluded-windows \
  --disable-component-extensions-with-background-pages \
  --autoplay-policy=no-user-gesture-required \
  "'"${KIOSK_URL}"'"
 KIOSKSCRIPT
 host_exec chmod +x /home/'"${KIOSK_USER}"'/kiosk.sh
 host_exec chown '"${KIOSK_USER}:${KIOSK_USER}"' /home/'"${KIOSK_USER}"'/kiosk.sh
 # Setup watchdog if enabled
 if [ "'"${ENABLE_WATCHDOG}"'" = "true" ]; then
    echo "Setting up watchdog script..."
    cat <<'"'"'WATCHDOG'"'"' | host_exec tee /home/'"${KIOSK_USER}"'/watchdog.sh
 #!/bin/bash
 while true; do
    if ! pgrep chromium > /dev/null; then
        echo "$(date): Chromium not running, restarting..." >> /home/'"${KIOSK_USER}"'/watchdog.log
        DISPLAY=:0 /home/'"${KIOSK_USER}"'/kiosk.sh &
    fi
    sleep 30
 done
 WATCHDOG
    host_exec chmod +x /home/'"${KIOSK_USER}"'/watchdog.sh
    host_exec chown '"${KIOSK_USER}:${KIOSK_USER}"' /home/'"${KIOSK_USER}"'/watchdog.sh
 fi
 # Configure .bashrc for auto-start
 echo "Configuring auto-start..."
 if ! host_exec grep -q "Auto-start X server" /home/'"${KIOSK_USER}"'/.bashrc 2>/dev/null; then
    cat <<'"'"'BASHRC'"'"' | host_exec tee -a /home/'"${KIOSK_USER}"'/.bashrc
 # Auto-start X server and kiosk on login
 if [ -z "$DISPLAY" ] && [ "$XDG_VTNR" = 1 ]; then
    exec startx ~/kiosk.sh
 fi
 # Start watchdog in background
 if [ "'"${ENABLE_WATCHDOG}"'" = "true" ]; then
    ~/watchdog.sh &
 fi
 BASHRC
 fi
 # Disable automatic updates
 echo "Disabling automatic updates..."
 host_exec systemctl disable apt-daily.service 2>/dev/null || true
 host_exec systemctl disable apt-daily.timer 2>/dev/null || true
 host_exec systemctl disable apt-daily-upgrade.timer 2>/dev/null || true
 host_exec systemctl disable apt-daily-upgrade.service 2>/dev/null || true
 # Configure GPU memory split (Raspberry Pi specific)
 if host_exec test -f /boot/firmware/config.txt || host_exec test -f /boot/config.txt; then
    echo "Configuring GPU memory split..."
    CONFIG_FILE="/boot/firmware/config.txt"
    host_exec test -f /boot/config.txt && CONFIG_FILE="/boot/config.txt"
    if ! host_exec grep -q "^gpu_mem=" ${CONFIG_FILE}; then
        echo "gpu_mem='"${GPU_MEM}"'" | host_exec tee -a ${CONFIG_FILE}
    else
        host_exec sed -i "s/^gpu_mem=.*/gpu_mem='"${GPU_MEM}"'/" ${CONFIG_FILE}
    fi
 fi
 # Setup HDMI keep-alive service if enabled
 if [ "'"${ENABLE_HDMI_KEEP_ALIVE}"'" = "true" ]; then
    echo "Setting up HDMI keep-alive service..."
    cat <<'"'"'HDMISERVICE'"'"' | host_exec tee /etc/systemd/system/hdmi-keep-alive.service
 [Unit]
 Description=Keep HDMI active
 After=graphical.target
 [Service]
 Type=simple
 ExecStart=/bin/sh -c '"'"'while true; do tvservice -p 2>/dev/null || true; sleep 60; done'"'"'
 Restart=always
 RestartSec=10
 [Install]
 WantedBy=graphical.target
 HDMISERVICE
    host_exec systemctl daemon-reload
    host_exec systemctl enable hdmi-keep-alive.service 2>/dev/null || true
 fi
 echo "Squash Display kiosk setup complete!"
 echo ""
 echo "Configuration:"
 echo "  URL: '"${KIOSK_URL}"'"
 echo "  User: '"${KIOSK_USER}"'"
 echo "  Display: '"${DISPLAY_WIDTH}x${DISPLAY_HEIGHT}@${DISPLAY_REFRESH}"'Hz"
 echo "  Watchdog: '"${ENABLE_WATCHDOG}"'"
 echo "  Auto-login: '"${ENABLE_AUTO_LOGIN}"'"
 echo ""
 echo "Please reboot the system for all changes to take effect."
 '
 # Build the docker run command - needs privileged access to configure host
 # Using --env-file to avoid quoting issues
 cat > /tmp/squashdisplay.env << EOF
 KIOSK_URL=${KIOSK_URL}
 KIOSK_USER=${KIOSK_USER}
 DISPLAY_WIDTH=${DISPLAY_WIDTH}
 DISPLAY_HEIGHT=${DISPLAY_HEIGHT}
 DISPLAY_REFRESH=${DISPLAY_REFRESH}
 GPU_MEM=${GPU_MEM}
 ENABLE_WATCHDOG=${ENABLE_WATCHDOG}
 ENABLE_AUTO_LOGIN=${ENABLE_AUTO_LOGIN}
 ENABLE_HDMI_KEEP_ALIVE=${ENABLE_HDMI_KEEP_ALIVE}
 EOF
 DOCKER_RUN_CMD="docker run -d \
    --restart no \
    --name ${CONTAINER_NAME} \
@@ -185,14 +51,20 @@ DOCKER_RUN_CMD="docker run -d \
    --pid=host \
    --network=host \
    -v /:/host \
    -v ${SCRIPT_DIR}/setup.sh:/setup.sh:ro \
    --env-file /tmp/squashdisplay.env \
    ${IMAGE_REGISTRY}/${IMAGE_REPO}:${IMAGE_TAG} \
-    sh -c 'echo \"${SETUP_SCRIPT}\" | sh'"
+    sh /setup.sh"
 # Create and start the container
 if ! _create_and_start_container "$DOCKER_RUN_CMD" "$CONTAINER_NAME"; then
    rm -f /tmp/squashdisplay.env
    _die "Failed to start Squash Display setup container"
 fi
 # Clean up env file
 rm -f /tmp/squashdisplay.env
 # Wait for setup to complete
 echo "Running kiosk setup..."
 echo "This may take several minutes as packages are installed..."
--- a/tailscale/emergency_access.sh
+++ b/tailscale/emergency_access.sh
@@ -0,0 +1,42 @@
 #!/bin/bash
 # Emergency access script - maintains a reverse SSH tunnel as backup
 # Only use this if you have a reliable jump server
 # Configuration (set these in service.env)
 JUMP_SERVER="${EMERGENCY_JUMP_SERVER:-}"
 JUMP_USER="${EMERGENCY_JUMP_USER:-}"
 JUMP_PORT="${EMERGENCY_JUMP_PORT:-22}"
 LOCAL_SSH_PORT="${LOCAL_SSH_PORT:-22}"
 TUNNEL_PORT="${EMERGENCY_TUNNEL_PORT:-}"  # Port on jump server
 if [ -z "$JUMP_SERVER" ] || [ -z "$TUNNEL_PORT" ]; then
    echo "Emergency access not configured. Skipping."
    exit 0
 fi
 echo "Setting up emergency SSH reverse tunnel..."
 # Create systemd service for persistent reverse tunnel
 cat << EOF | sudo tee /etc/systemd/system/emergency-tunnel.service
 [Unit]
 Description=Emergency SSH Reverse Tunnel
 After=network.target
 [Service]
 Type=simple
 ExecStart=/usr/bin/ssh -o ServerAliveInterval=60 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no -N -R ${TUNNEL_PORT}:localhost:${LOCAL_SSH_PORT} ${JUMP_USER}@${JUMP_SERVER} -p ${JUMP_PORT}
 Restart=always
 RestartSec=30
 User=root
 [Install]
 WantedBy=multi-user.target
 EOF
 sudo systemctl daemon-reload
 sudo systemctl enable emergency-tunnel.service
 sudo systemctl start emergency-tunnel.service
 echo "Emergency tunnel service configured."
 echo "In case of emergency, SSH to jump server and then:"
 echo "  ssh -p ${TUNNEL_PORT} localhost"
--- a/tailscale/healthcheck.sh
+++ b/tailscale/healthcheck.sh
@@ -0,0 +1,43 @@
 #!/bin/bash
 # Tailscale health check and auto-recovery script
 # Run this via cron every 5-10 minutes
 CONTAINER_NAME="${CONTAINER_NAME:-tailscale}"
 MAX_RESTART_ATTEMPTS=3
 RESTART_COUNT_FILE="/tmp/tailscale_restart_count"
 # Check if container is running
 if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
    echo "$(date): Container not running, attempting to start..."
    docker start "${CONTAINER_NAME}"
    sleep 10
 fi
 # Check Tailscale connection status
 if ! docker exec "${CONTAINER_NAME}" tailscale status &>/dev/null; then
    echo "$(date): Tailscale not connected properly"
    # Track restart attempts
    if [ -f "$RESTART_COUNT_FILE" ]; then
        COUNT=$(cat "$RESTART_COUNT_FILE")
    else
        COUNT=0
    fi
    if [ "$COUNT" -lt "$MAX_RESTART_ATTEMPTS" ]; then
        echo "$(date): Restart attempt $((COUNT + 1)) of $MAX_RESTART_ATTEMPTS"
        docker restart "${CONTAINER_NAME}"
        echo $((COUNT + 1)) > "$RESTART_COUNT_FILE"
        # Wait and try to reconnect
        sleep 30
        docker exec "${CONTAINER_NAME}" tailscale up --authkey="${TAILSCALE_AUTH_KEY}" 2>/dev/null || true
    else
        echo "$(date): Max restart attempts reached. Manual intervention needed."
        # Could send alert here
    fi
 else
    # Connection is good, reset counter
    [ -f "$RESTART_COUNT_FILE" ] && rm "$RESTART_COUNT_FILE"
    echo "$(date): Tailscale is healthy"
 fi
--- a/tailscale/install_monitor.sh
+++ b/tailscale/install_monitor.sh
@@ -0,0 +1,43 @@
 #!/bin/bash
 # Install monitoring script for Tailscale
 # This sets up a cron job to check and recover Tailscale connection
 source "${AGENT_PATH}/common.sh"
 echo "Setting up Tailscale monitoring..."
 # Copy healthcheck script to a safe location
 MONITOR_SCRIPT="/opt/tailscale-monitor.sh"
 sudo cp "${CONFIG_PATH}/healthcheck.sh" "$MONITOR_SCRIPT"
 sudo chmod +x "$MONITOR_SCRIPT"
 # Create systemd service for monitoring (more reliable than cron)
 cat << 'EOF' | sudo tee /etc/systemd/system/tailscale-monitor.service
 [Unit]
 Description=Tailscale Connection Monitor
 After=docker.service
 Requires=docker.service
 [Service]
 Type=simple
 ExecStart=/bin/bash /opt/tailscale-monitor.sh
 Restart=always
 RestartSec=300
 StandardOutput=journal
 StandardError=journal
 [Install]
 WantedBy=multi-user.target
 EOF
 # Enable and start the monitor service
 sudo systemctl daemon-reload
 sudo systemctl enable tailscale-monitor.service
 sudo systemctl start tailscale-monitor.service
 echo "Tailscale monitoring service installed and started"
 # Also add a cron job as backup
 (crontab -l 2>/dev/null | grep -v tailscale-monitor; echo "*/5 * * * * /opt/tailscale-monitor.sh >> /var/log/tailscale-monitor.log 2>&1") | crontab -
 echo "Backup cron job added (runs every 5 minutes)"
--- a/tailscale/start.sh
+++ b/tailscale/start.sh
@@ -75,12 +75,27 @@ if [ -n "$TAILSCALE_EXTRA_ARGS" ]; then
    TAILSCALE_UP_CMD="${TAILSCALE_UP_CMD} ${TAILSCALE_EXTRA_ARGS}"
 fi
-# Execute tailscale up command
+# Execute tailscale up command with retries
-if ! docker exec ${CONTAINER_NAME} ${TAILSCALE_UP_CMD}; then
+RETRY_COUNT=0
-    echo "Warning: Failed to connect to Tailscale network automatically."
+MAX_RETRIES=5
 RETRY_DELAY=10
 while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
    if docker exec ${CONTAINER_NAME} ${TAILSCALE_UP_CMD}; then
        echo "Successfully connected to Tailscale network!"
        break
    else
        RETRY_COUNT=$((RETRY_COUNT + 1))
        if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then
            echo "Connection attempt $RETRY_COUNT failed. Retrying in ${RETRY_DELAY} seconds..."
            sleep $RETRY_DELAY
        else
            echo "Warning: Failed to connect after $MAX_RETRIES attempts."
            echo "You may need to connect manually using:"
            echo "  docker exec ${CONTAINER_NAME} tailscale up"
        fi
    fi
 done
 echo ""
 echo "Tailscale started successfully!"