v1.9.0: Enrolement automatique des capteurs sur le tailnet AirCarto (Tailscale/Headscale)
- installation_part1.sh: install paquet Tailscale + sudoers /usr/bin/tailscale - services/tailscale_bootstrap.sh (nouveau): script idempotent d'enrolement au boot - services/setup_services.sh: service systemd nebuleair-tailscale-bootstrap (one-shot) - update_firmware.sh: nouvelle etape 3d 'Bootstrap Tailscale' (self-heal install + fetch authkey depuis data.nebuleair.fr/pro_4G/get_tailscale_key.php + enrolement). Fallback HTTPS->HTTP en attendant le cert TLS cote serveur. Permet l'acces SSH distant aux 200 capteurs deployes via le tailnet une fois que leur client a clique sur 'Update' dans l'admin web. Necessite l'endpoint serveur get_tailscale_key.php en place sur data.nebuleair.fr (a deployer en parallele cote AirCarto, auth par deviceID + rate limit + audit log). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
PaulVua
@@ -321,6 +321,28 @@ RemainAfterExit=yes
|
||||
WantedBy=multi-user.target
|
||||
EOL
|
||||
|
||||
# Create service file for Tailscale Bootstrap (one-shot at boot)
|
||||
# Enrolls the device in the AirCarto Headscale tailnet if an authkey is
|
||||
# present at /etc/tailscale/authkey and the device is not already enrolled.
|
||||
# Safe to run repeatedly: idempotent and no-op when already enrolled.
|
||||
cat > /etc/systemd/system/nebuleair-tailscale-bootstrap.service << 'EOL'
|
||||
[Unit]
|
||||
Description=NebuleAir Tailscale Bootstrap (enroll on tailnet at boot)
|
||||
After=network-online.target tailscaled.service
|
||||
Wants=network-online.target tailscaled.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/var/www/nebuleair_pro_4g/services/tailscale_bootstrap.sh
|
||||
User=root
|
||||
StandardOutput=append:/var/www/nebuleair_pro_4g/logs/tailscale_bootstrap.log
|
||||
StandardError=append:/var/www/nebuleair_pro_4g/logs/tailscale_bootstrap_errors.log
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOL
|
||||
|
||||
# Create service file for RTC Save to DB (long-running service, no timer)
|
||||
# Unmask first in case it was previously masked (symlink to /dev/null)
|
||||
# so the cat below writes a real file, not into /dev/null.
|
||||
@@ -364,6 +386,14 @@ systemctl enable nebuleair-cpu-power.service
|
||||
systemctl start nebuleair-cpu-power.service
|
||||
echo "Started nebuleair-cpu-power service"
|
||||
|
||||
# Enable Tailscale bootstrap service (runs once at boot to enroll on tailnet)
|
||||
# Ensure the bootstrap script is executable — git config core.fileMode=false
|
||||
# strips the executable bit on pull, so chmod +x here is required.
|
||||
chmod +x /var/www/nebuleair_pro_4g/services/tailscale_bootstrap.sh
|
||||
systemctl enable nebuleair-tailscale-bootstrap.service
|
||||
systemctl start nebuleair-tailscale-bootstrap.service
|
||||
echo "Started nebuleair-tailscale-bootstrap service"
|
||||
|
||||
# Enable and start RTC Save to DB service (long-running, no timer)
|
||||
# Use restart instead of start to pick up new content if the service was
|
||||
# already running with an older version of the file.
|
||||
|
||||
Reference in New Issue
Block a user