refactor tailscale script & remove debian 12 note (#5454)

frontend/public/json/add-tailscale-lxc.json

@@ -32,10 +32,6 @@
     "password": null
   },
   "notes": [
-    {
-      "text": "Only supported on Debian 12 LXCs",
-      "type": "warning"
-    },
     {
       "text": "After the script finishes, reboot the LXC then run `tailscale up` in the LXC console",
       "type": "info"

tools/addon/add-tailscale-lxc.sh

@@ -2,10 +2,12 @@
 
 # Copyright (c) 2021-2025 tteck
 # Author: tteck (tteckster)
-# License: MIT
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 
-function header_info {
+set -Eeuo pipefail
+trap 'echo -e "\n[ERROR] in line $LINENO: exit code $?"' ERR
+
+function header_info() {
   clear
   cat <<"EOF"
   ______      _ __                __
@@ -16,60 +18,95 @@ function header_info {
 
 EOF
 }
+
+function msg_info() { echo -e " \e[1;36m➤\e[0m $1"; }
+function msg_ok() { echo -e " \e[1;32m✔\e[0m $1"; }
+function msg_error() { echo -e " \e[1;31m✖\e[0m $1"; }
+
 header_info
-set -e
+
+if ! command -v pveversion &>/dev/null; then
+  msg_error "This script must be run on the Proxmox VE host (not inside an LXC container)"
+  exit 1
+fi
+
 while true; do
-  read -p "This will add Tailscale to an existing LXC Container ONLY. Proceed(y/n)?" yn
+  read -rp "This will add Tailscale to an existing LXC Container ONLY. Proceed (y/n)? " yn
-  case $yn in
+  case "$yn" in
   [Yy]*) break ;;
-  [Nn]*) exit ;;
+  [Nn]*) exit 0 ;;
   *) echo "Please answer yes or no." ;;
   esac
 done
+
 header_info
-echo "Loading..."
+msg_info "Loading container list..."
-function msg() {
-  local TEXT="$1"
-  echo -e "$TEXT"
-}
 
 NODE=$(hostname)
 MSG_MAX_LENGTH=0
+CTID_MENU=()
+
 while read -r line; do
   TAG=$(echo "$line" | awk '{print $1}')
   ITEM=$(echo "$line" | awk '{print substr($0,36)}')
   OFFSET=2
-  if [[ $((${#ITEM} + $OFFSET)) -gt ${MSG_MAX_LENGTH:-} ]]; then
+  ((${#ITEM} + OFFSET > MSG_MAX_LENGTH)) && MSG_MAX_LENGTH=$((${#ITEM} + OFFSET))
-    MSG_MAX_LENGTH=$((${#ITEM} + $OFFSET))
+  CTID_MENU+=("$TAG" "$ITEM" "OFF")
-  fi
-  CTID_MENU+=("$TAG" "$ITEM " "OFF")
 done < <(pct list | awk 'NR>1')
 
-while [ -z "${CTID:+x}" ]; do
+CTID=""
+while [[ -z "${CTID}" ]]; do
   CTID=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Containers on $NODE" --radiolist \
     "\nSelect a container to add Tailscale to:\n" \
-    16 $(($MSG_MAX_LENGTH + 23)) 6 \
+    16 $((MSG_MAX_LENGTH + 23)) 6 \
-    "${CTID_MENU[@]}" 3>&1 1>&2 2>&3)
+    "${CTID_MENU[@]}" 3>&1 1>&2 2>&3) || exit 1
 done
 
-CTID_CONFIG_PATH=/etc/pve/lxc/${CTID}.conf
+CTID_CONFIG_PATH="/etc/pve/lxc/${CTID}.conf"
-cat <<EOF >>$CTID_CONFIG_PATH
+
-lxc.cgroup2.devices.allow: c 10:200 rwm
+# Skip if already configured
-lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
+grep -q "lxc.cgroup2.devices.allow: c 10:200 rwm" "$CTID_CONFIG_PATH" || echo "lxc.cgroup2.devices.allow: c 10:200 rwm" >>"$CTID_CONFIG_PATH"
-EOF
+grep -q "lxc.mount.entry: /dev/net/tun" "$CTID_CONFIG_PATH" || echo "lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file" >>"$CTID_CONFIG_PATH"
+
 header_info
-msg "Installing Tailscale..."
+msg_info "Installing Tailscale in CT $CTID"
+
 pct exec "$CTID" -- bash -c '
+set -e
+export DEBIAN_FRONTEND=noninteractive
+
 ID=$(grep "^ID=" /etc/os-release | cut -d"=" -f2)
 VER=$(grep "^VERSION_CODENAME=" /etc/os-release | cut -d"=" -f2)
-curl -fsSL https://pkgs.tailscale.com/stable/$ID/$VER.noarmor.gpg | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
-echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/$ID $VER main" >/etc/apt/sources.list.d/tailscale.list
-apt-get update &>/dev/null
-apt-get install -y tailscale &>/dev/null
-'
-TAGS=$(awk -F': ' '/^tags:/ {print $2}' /etc/pve/lxc/${CTID}.conf)
-TAGS="${TAGS:+$TAGS; }tailscale"
-pct set "$CTID" -tags "${TAGS}"
-msg "\e[1;32m ✔ Installed Tailscale\e[0m"
 
-msg "\e[1;31m Reboot ${CTID} LXC to apply the changes, then run tailscale up in the LXC console\e[0m"
+# fallback if DNS is poisoned or blocked
+ORIG_RESOLV="/etc/resolv.conf"
+BACKUP_RESOLV="/tmp/resolv.conf.backup"
+
+if ! dig +short pkgs.tailscale.com | grep -qvE "^127\.|^0\.0\.0\.0$"; then
+  echo "[INFO] DNS resolution for pkgs.tailscale.com failed (blocked or redirected)."
+  echo "[INFO] Temporarily overriding /etc/resolv.conf with Cloudflare DNS (1.1.1.1)"
+  cp "$ORIG_RESOLV" "$BACKUP_RESOLV"
+  echo "nameserver 1.1.1.1" >"$ORIG_RESOLV"
+fi
+
+curl -fsSL https://pkgs.tailscale.com/stable/${ID}/${VER}.noarmor.gpg \
+  | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
+
+echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/${ID} ${VER} main" \
+  >/etc/apt/sources.list.d/tailscale.list
+
+apt-get update -qq
+apt-get install -y tailscale >/dev/null
+
+if [[ -f /tmp/resolv.conf.backup ]]; then
+  echo "[INFO] Restoring original /etc/resolv.conf"
+  mv /tmp/resolv.conf.backup /etc/resolv.conf
+fi
+'
+
+TAGS=$(awk -F': ' '/^tags:/ {print $2}' "$CTID_CONFIG_PATH")
+TAGS="${TAGS:+$TAGS; }tailscale"
+pct set "$CTID" -tags "$TAGS"
+
+msg_ok "Tailscale installed on CT $CTID"
+msg_info "Reboot the container, then run 'tailscale up' inside the container to activate."