initramfs hook for tailscale

This is intended to be used with an ephemeral auth key with an ACL tag, and ACL rules that restrict the ephemeral node to inbound-only traffic. It does not share instance state with tailscale running in Linux. Reference: - https://tailscale.com/kb/1111/ephemeral-nodes/ - https://tailscale.com/kb/1068/acl-tags/#generate-an-auth-key-with-an-acl-tag - https://tailscale.com/kb/1068/acl-tags/#using-tags-in-acls-for-access-control
2022-01-18 20:41:12 -08:00
parent c5c1694970
commit 797252e021
12 changed files with 330 additions and 0 deletions
--- a/conf-hooks.d/tailscale
+++ b/conf-hooks.d/tailscale
@@ -0,0 +1,3 @@
+# Set the umask for the generated initramfs since it may contain a tailscale
+# authkey
+UMASK=0077