Automated Tailscale install and UFW configuration. Designed for and tested against Debian 11.

ts_install.sh

#!/bin/bash

echo "Tailscale Installer" | tee ts_install.log

# Update and upgrade apt
echo "[~] Updating & upgrading apt..." | tee -a ts_install.log
apt update &>> ts_install.log
apt upgrade -y &>> ts_install.log

# Install UFW if not present
echo "[~] Checking for UFW..." | tee -a ts_install.log
if ! command -v ufw &> /dev/null
then
	echo "[~] UFW not found, installing..." | tee -a ts_install.log
	apt install ufw -y &>> ts_install.log
	echo "[~] UFW installed successfully." | tee -a ts_install.log
else
	echo "[~] UFW found, skipping install..." | tee -a ts_install.log
fi

# Install Tailscale
echo "[~] Installing Tailscale..." | tee -a ts_install.log
curl -fsSL https://tailscale.com/install.sh | sh &>> ts_install.log

echo "[~] Starting Tailscale... (Script will resume after authorization and machine approval)" | tee -a ts_install.log
tailscale up --ssh

# Add UFW rules for Tailscale
echo "[~] Adding UFW rules for Tailscale..." | tee -a ts_install.log
ufw allow in on tailscale0 &>> ts_install.log
ufw allow 41641/udp &>> ts_install.log

# Enable UFW
echo "[~] Enabling UFW..." | tee -a ts_install.log
echo "y" | ufw enable &>> ts_install.log

# Set default UFW rules
echo "[~] Setting UFW default rules..." | tee -a ts_install.log
ufw default deny incoming &>> ts_install.log
ufw default allow outgoing &>> ts_install.log

# Delete existing SSH rules
echo "[~] Removing existing SSH UFW rules..." | tee -a ts_install.log
ufw delete allow 22 &>> ts_install.log

# Reload UFW and restart SSH
echo "[~] Reloading UFW..." | tee -a ts_install.log
ufw reload &>> ts_install.log

echo "[~] Restarting the SSH daemon..." | tee -a ts_install.log
service ssh restart &>> ts_install.log


# Done!
echo "Done! Tailscale is now installed, configured, and running." | tee -a ts_install.log
echo "See ts_install.log for command outputs." | tee -a ts_install.log