Tailscale Integration for Admin Access #3
Description
User Story
Implement Tailscale integration using TDD methodology for secure administrative access
to IRC network infrastructure. Write tests that validate ephemeral authentication key
handling, automatic device registration, and secure admin connectivity to containers.
Ensure proper cleanup on container termination.
Requirements:
- Integrate official Tailscale binaries into containers for admin access
- Implement ephemeral authentication with auto-cleanup
- Create dynamic hostname assignment for administrative management
- Validate secure admin access to all containers
Expected Output
scripts/start-tailscale.sh- Tailscale daemon startup script with ephemeral keysconfig/tailscale.conf.template- Tailscale configuration templatetests/test_admin_access.pl- Admin access validation tests (Perl)scripts/cleanup-tailscale.pl- Device cleanup automation (Perl)docs/admin-access-procedures.md- Administrative access documentation- Working Tailscale mesh with secure admin SSH access to all containers
Acceptance Criteria
- Write failing tests for Tailscale admin access
- Integrate Tailscale binaries from official Docker image
- Implement ephemeral auth key handling in startup scripts
- Create dynamic hostname assignment (magnet-9rl, magnet-1eu, magnet-atheme)
- Tests validate successful Tailscale daemon startup
- Tests verify admin SSH access through Tailscale mesh
- Tests confirm automatic device cleanup on container termination
- Security validation for auth key handling
- Network isolation from service communication validated
- Admin access works across different regions
- All integration tests pass
Context
Tailscale provides secure administrative access to the IRC network infrastructure without exposing management interfaces to the public internet. Service-to-service communication uses Fly.io's private internal network, while Tailscale enables secure admin operations and troubleshooting.