From 71ac76ea9863d147588299931a2ab80e67555326 Mon Sep 17 00:00:00 2001
From: Philip Henning <philip.henning@base23.de>
Date: Tue, 3 Dec 2024 17:48:02 +0100
Subject: [PATCH] Add Tailscale configuration

---
 README.md | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 153c112..e4995ec 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@
   - [Table of Contents](#table-of-contents)
   - [Prerequisites](#prerequisites)
     - [Server Setup](#server-setup)
+    - [Tailscale](#tailscale)
     - [Base23 Docker registry login](#base23-docker-registry-login)
     - [CrowdSec](#crowdsec)
       - [Setup CrowdSec Repo](#setup-crowdsec-repo)
@@ -48,6 +49,21 @@ apt update \
   && unset TEMP_DIR
 ```
 
+### Tailscale
+
+```shell
+printf "Enter preauthkey for Tailscale: " \
+  && read -rs TAILSCALE_PREAUTHKEY \
+  && curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null \
+  && curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list \
+  && apt-get update \
+  && apt-get install tailscale \
+  && tailscale up --login-server https://vpn.base23.de --authkey ${TAILSCALE_PREAUTHKEY} --advertise-tags=tag:prod-servers \
+  && sleep 2 \
+  && tailscale status \
+  && unset TAILSCALE_PREAUTHKEY
+```
+
 ### Base23 Docker registry login
 
 ```shell
@@ -74,10 +90,22 @@ EOF
 
 #### Install CrowdSec
 
+Install CrowdSec:
+
 ```shell
-apt install -y crowdsec crowdsec-firewall-bouncer-iptables \
+printf "Enter CrowdSec context: " \
+  && read -rs CROWDSEC_CONTEXT \
+  && apt install -y crowdsec crowdsec-firewall-bouncer-iptables \
   && cscli completion bash | tee /etc/bash_completion.d/cscli \
-  && source ~/.bashrc
+  && source ~/.bashrc \
+  && cscli console enroll -e context ${CROWDSEC_CONTEXT} \
+  && unset CROWDSEC_CONTEXT
+```
+
+Restart CordSec Service, after accepting the enrollment on the [CrowdSec Console](https://app.crowdsec.net/):
+
+```shell
+systemctl restart crowdsec; systemctl status crowdsec.service
 ```
 
 #### Configure CrowdSec