mirror of
https://github.com/jbowdre/virtuallypotato.git
synced 2024-12-24 11:52:19 +00:00
update draft
This commit is contained in:
parent
2cbc80bfea
commit
f299674ca6
2 changed files with 25 additions and 3 deletions
Binary file not shown.
After Width: | Height: | Size: 58 KiB |
|
@ -28,15 +28,37 @@ I've shared in the past about how I use [custom search engines in Chrome](/abusi
|
|||
|
||||
And these go links don't have to be simply static shortcuts; the system is able to leverage go templates to conditionally insert text into the target URL - similar to my custom search engine setup. The Tailscale blog also has some clever suggestions on how to use this capability.
|
||||
|
||||
Sounds great - but how do you actually make golink available on your Tailnet? Well, here's what I did to deploy the [golink Docker image](https://github.com/tailscale/golink/pkgs/container/golink) on a [Photon OS VM I set up running on my Quartz64 running ESXi-ARM](/esxi-arm-on-quartz64/#workload-creation).
|
||||
Sounds great - but how do you actually make golink available on your tailnet? Well, here's what I did to deploy the [golink Docker image](https://github.com/tailscale/golink/pkgs/container/golink) on a [Photon OS VM I set up running on my Quartz64 running ESXi-ARM](/esxi-arm-on-quartz64/#workload-creation).
|
||||
|
||||
## Tailnet prep
|
||||
There are two things I'll need to do in the Tailscale admin portal before moving on.
|
||||
### Create an ACL tag
|
||||
I assign ACL tags to devices in my tailnet based on their location and/or purpose, and I'm then able to use those in a policy to restrict access between certain devices. To that end, I'm going to create a new `tag:golink` tag for this purpose. Creating a new tag in Tailscale is really just going to the [Access Controls page of the admin console](https://login.tailscale.com/admin/acls) and editing the policy to specify a `tagOwner` who is permitted to assign the tag:
|
||||
```text {hl_lines=[11]}
|
||||
"groups":
|
||||
"group:admins": ["john@example.com"],
|
||||
},
|
||||
"tagOwners": {
|
||||
"tag:home": ["group:admins"],
|
||||
"tag:cloud": ["group:admins"],
|
||||
"tag:client": ["group:admins"],
|
||||
"tag:dns": ["group:admins"],
|
||||
"tag:rsync": ["group:admins"],
|
||||
"tag:funnel": ["group:admins"],
|
||||
"tag:golink": ["group:admins"],
|
||||
},
|
||||
```
|
||||
|
||||
### Create an auth key
|
||||
The second task is to create a new authentication key that the golink container can use to log in to Tailscale since I won't be running `tailscale` interactively. This can easily be done from the [Settings page](https://login.tailscale.com/admin/settings/keys). I'll go ahead and set the key to expire in 1 day (since I'm going to use it in just a moment), make sure that the Epheral option is _disabled_ (since I don't want the new node to lose its authorization once it disconnects), and associate it with my new `tag:golink` tag.
|
||||
|
||||
![Creating a new auth key](create_auth_key.png)
|
||||
|
||||
Applying that tag does two things for me: it makes it easy to manage access with the ACL policy file, and it automatically sets it so that the node's token won't automatically expire. Once it's auth'd and connected to my tailnet, it'll stay there.
|
||||
|
||||
|
||||
|
||||
I'm going to be deploying the [golink Docker image](https://github.com/tailscale/golink/pkgs/container/golink) on a [Photon OS VM I set up running on my Quartz64 running ESXi-ARM](/esxi-arm-on-quartz64/#workload-creation). The [golink repo](https://github.com/tailscale/golink) offers this command for running the container:
|
||||
## Docker setup
|
||||
The [golink repo](https://github.com/tailscale/golink) offers this command for running the container:
|
||||
```shell
|
||||
docker run -it --rm ghcr.io/tailscale/golink:main
|
||||
```
|
||||
|
|
Loading…
Reference in a new issue