Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@rspier

rspier/rainmachine-tailscale.md

Last active June 4, 2023 00:13
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rspier/aa61100e5ba2155d0df64c1e482e7126 to your computer and use it in GitHub Desktop.
Save rspier/aa61100e5ba2155d0df64c1e482e7126 to your computer and use it in GitHub Desktop.
Download ZIP
How to Install Tailscale on a RainMachine HD-12
Raw
rainmachine-tailscale.md

// SPDX-License-Identifier: Apache-2.0

Tailscale && Rainmachine

Download ARM static binary from https://pkgs.tailscale.com/stable/#static .

Enable SSH on your Rainmachine

Copy to Rainmachine

scp tailscale_1.28.0_arm.tgz rainmachine.lan:/tmp

Ssh to RainMachine for the next steps...

# Create directory to hold tailscale state
mkdir /data/tailscale

# Expand binary and copy into PATH
cd /tmp
tar xzvf tailscale_1.28.0_arm.tgz
cp /tmp/tailscale_1.28.0_arm/{tailscale,tailscaled} /system/bin

# put getent in place so tailscale ssh works
if [ ! -e /system/bin/getent ]; then
cat >/system/bin/getent <<EOF
#!/system/bin/sh
# hacky getent to make tailscale happy
if [ "\$1" != "passwd" ]; then
    echo "\$1 unsupported by \$0"
fi
cat /etc/\$1 | awk -F: "\\\$3 == \$2 {print}"
EOF
fi
chmod 755 /system/bin/getent

# placeholder passwd file so tailscale knows what shell to use
# (otherwise it will default to the non-extant /bin/sh)
if [ ! -e /etc/passwd ]; then
cat >/etc/passwd <<EOF
root:x:0:0:root:/root:/system/xbin/sh
EOF
fi

# empty group file to make tailscale happy
touch /etc/group

# backup rainmachine.sh
cp -p /system/bin/rainmachine.sh /system/bin/rainmachine.sh.$(date +%Y%m%d-%H%M)

Add to startup script /system/bin/rainmachine.sh just after the rainmachine-homekit stanza.

echo "Running tailscale"
# logs go to /dev/null because they're a bit spammy
/system/bin/tailscaled \
  --statedir /data/tailscale \
  --socket /data/tailscale/tailscaled.sock \
  --tun userspace-networking >/dev/null 2>&1 &

Reboot to start tailscaled.

Start and authorize tailscale:

tailscale --socket /data/tailscale/tailscaled.sock  up \
   --ssh  --hostname rainmachine

Modern versions of OpenSSH have deprecated the paramters set up on the RainMachine. You may need to tell your client that ssh-rsa is still ok by putting the following in .ssh/config.

Host rainmachine.YOURUSERNAME.gmail.com.beta.tailscale.net
  KexAlgorithms +diffie-hellman-group1-sha1
  HostKeyAlgorithms +ssh-rsa
  PubKeyAcceptedKeyTypes +ssh-rsa
  PubKeyAcceptedAlgorithms +ssh-rsa
@kusold
Copy link

kusold commented Aug 17, 2022

Thanks for the write up. I was able to get this setup easily once I enabled SSH.

How to enable SSH Access on Touch HD 12 & 16 2nd Gen

@rspier
Copy link
Author

rspier commented Aug 21, 2022

Glad it worked for you! I've added the SSH setup link to the gist.

@datadisciple-bill
Copy link

Thank you! This worked well!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment