Add tunnel and change how to handle hostname

gbraad-devenv · Jan 9, 2025 · 02fad37 · 02fad37
1 parent faaab6d
commit 02fad37
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 6 deletions.
diff --git a/.github/workflows/tailscale-code-tunnel.yml b/.github/workflows/tailscale-code-tunnel.yml
@@ -0,0 +1,34 @@
+name: tailscale-code-tunnel
+on:
+  workflow_dispatch:
+
+jobs:
+  code-test:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Run system container with `podman`
+        run: |
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/fedora/code-cli:41
+      - name: Tailscale setup (root)
+        run: |
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY}
+          do
+              sleep 0.1
+          done
+          podman exec code tailscale set --ssh
+          podman exec code chmod 640 /etc/shadow
+        env:
+          TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code tunnel` as `gbraad`
+        run: |
+          podman exec code code tunnel user login --provider github
+          podman exec code systemctl enable --now code-tunnel@gbraad
+      - name: Hang around
+        run: |
+          until podman exec code systemctl is-active --quiet code-tunnel@gbraad
+          do
+               sleep 1
+          done
+          echo "Connect to tunnel: code-${HOSTNAME}"
+          sleep infinity
diff --git a/.github/workflows/tailscale-code.yml b/.github/workflows/tailscale-code.yml
@@ -9,20 +9,23 @@ jobs:
     steps:
       - name: Run system container with `podman`
         run: |
-          podman run -d --name code --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/ubi9-gotoolset/systemd:1.22.7
+          podman run -d --name code --hostname code-${HOSTNAME} --systemd=always --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=SYS_ADMIN --device=/dev/net/tun --device=/dev/fuse ghcr.io/gbraad-devenv/ubi9-gotoolset/systemd:1.22.7
       - name: Tailscale setup (root)
         run: |
-          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY} --hostname code-${HOSTNAME}
+          until podman exec code tailscale up --auth-key ${TAILSCALE_AUTHKEY}
           do
               sleep 0.1
           done
           podman exec code tailscale set --ssh
           podman exec code chmod 640 /etc/shadow
         env:
           TAILSCALE_AUTHKEY: ${{ secrets.TAILSCALE_AUTHKEY}}
+      - name: Start `code serve-web` as `gbraad`
+        run: |
+            podman exec code systemctl enable --now code-serveweb@gbraad
       - name: Hang around
         run: |
-          until podman exec code systemctl is-active --quiet code-serveweb@root
+          until podman exec code systemctl is-active --quiet code-serveweb@gbraad
           do
                sleep 1
           done

diff --git a/assets/[email protected] b/assets/[email protected]
@@ -3,7 +3,7 @@ Description=Code Tunnel Service
 After=network.target
 
 [Service]
-ExecStart=/usr/bin/code tunnel --accept-server-license-terms
+ExecStart=/usr/bin/code tunnel --accept-server-license-terms --name %H
 Restart=always
 User=%i
 

diff --git a/containers/Containerfile-systemd b/containers/Containerfile-systemd
@@ -14,7 +14,6 @@ RUN cd /tmp \
 COPY assets/[email protected] /etc/systemd/system/
 COPY assets/[email protected] /etc/systemd/system/
 
-RUN systemctl enable tailscaled \
-    && systemctl enable [email protected]
+RUN systemctl enable tailscaled
 
 ENTRYPOINT ["/sbin/init"]