From b9a7bd19fc188a5d7459ce6f8ef5e34c5bda920c Mon Sep 17 00:00:00 2001
From: Gerard Braad <me@gbraad.nl>
Date: Thu, 9 Jan 2025 21:12:30 +0800
Subject: [PATCH] Add tunnel use and change how to handle hostname

---
 .github/workflows/tailscale-code-tunnel.yml | 35 +++++++++++++++++++++
 .github/workflows/tailscale-code.yml        | 10 ++++--
 .github/workflows/tailscale-rdesktop.yml    |  4 +--
 assets/code-tunnel@.service                 |  2 +-
 containers/Containerfile-code-cli           |  4 +--
 5 files changed, 46 insertions(+), 9 deletions(-)
 create mode 100644 .github/workflows/tailscale-code-tunnel.yml

diff --git a/.github/workflows/tailscale-code-tunnel.yml b/.github/workflows/tailscale-code-tunnel.yml
new file mode 100644
index 0000000..a7d9c5f
--- /dev/null
+++ b/.github/workflows/tailscale-code-tunnel.yml
@@ -0,0 +1,35 @@
+name: tailscale-code-tunnel
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+    
+    steps:
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/fedora/code-cli:41
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY}
+          do
+              sleep 0.1
+          done
+          podman exec code tailscale set --ssh
+          podman exec code chmod 640 /etc/shadow
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code tunnel` as `gbraad`
+        run: |
+          podman exec code code tunnel user login --provider github
+          podman exec code systemctl enable --now code-tunnel@gbraad
+      - name: Hang around
+        run: |
+          until podman exec code systemctl is-active --quiet code-tunnel@gbraad
+          do
+               sleep 1
+          done
+          IP=`podman exec code tailscale ip -4`
+          echo "Open in your web browser: http://${IP}:8000"
+          sleep infinity
\ No newline at end of file
diff --git a/.github/workflows/tailscale-code.yml b/.github/workflows/tailscale-code.yml
index 52c9968..765427a 100644
--- a/.github/workflows/tailscale-code.yml
+++ b/.github/workflows/tailscale-code.yml
@@ -9,19 +9,23 @@ jobs:
     steps:
       - name: Run system container with `podman`
         run: |
-          podman run -d --name code --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/fedora/code-cli:41
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/fedora/code-cli:41
       - name: Tailscale setup (root)
         run: |
-          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --hostname code-${HOSTNAME}
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY}
           do
               sleep 0.1
           done
           podman exec code tailscale set --ssh
+          podman exec code chmod 640 /etc/shadow
         env:
           TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code serve-web` as `gbraad`
+        run: |
+          podman exec code systemctl enable --now code-serveweb@gbraad
       - name: Hang around
         run: |
-          until podman exec code systemctl is-active --quiet code-serveweb@root
+          until podman exec code systemctl is-active --quiet code-serveweb@gbraad
           do
                sleep 1
           done
diff --git a/.github/workflows/tailscale-rdesktop.yml b/.github/workflows/tailscale-rdesktop.yml
index 950ef2e..67fc721 100644
--- a/.github/workflows/tailscale-rdesktop.yml
+++ b/.github/workflows/tailscale-rdesktop.yml
@@ -9,10 +9,10 @@ jobs:
     steps:
       - name: Run system container with `podman`
         run: |
-          podman run -d --name rdesktop ghcr.io/gbraad-devenv/fedora/rdesktop:41
+          podman run -d --name rdesktop --hostname code-${HOSTNAME} ghcr.io/gbraad-devenv/fedora/rdesktop:41
       - name: Tailscale setup (root)
         run: |
-          until podman exec rdesktop tailscale up --auth-key ${TAILSCALE_AUTHKEY} --hostname github-${HOSTNAME}
+          until podman exec rdesktop tailscale up --auth-key ${TAILSCALE_AUTHKEY}
           do
               sleep 0.1
           done
diff --git a/assets/code-tunnel@.service b/assets/code-tunnel@.service
index aa50b1e..a03ed26 100644
--- a/assets/code-tunnel@.service
+++ b/assets/code-tunnel@.service
@@ -3,7 +3,7 @@ Description=Code Tunnel Service
 After=network.target
 
 [Service]
-ExecStart=/usr/bin/code tunnel --accept-server-license-terms
+ExecStart=/usr/bin/code tunnel --accept-server-license-terms --name %H
 Restart=always
 User=%i
 
diff --git a/containers/Containerfile-code-cli b/containers/Containerfile-code-cli
index f67afeb..ae3668b 100644
--- a/containers/Containerfile-code-cli
+++ b/containers/Containerfile-code-cli
@@ -14,6 +14,4 @@ RUN cd /tmp \
 COPY assets/code-serveweb@.service /etc/systemd/system/
 COPY assets/code-tunnel@.service /etc/systemd/system/
 
-RUN systemctl enable code-serveweb@root.service
-
-#ENTRYPOINT [ "/sbin/init" ]
+#ENTRYPOINT [ "/sbin/init" ]
\ No newline at end of file