From devops
Comprehensive Tailscale VPN setup, configuration, and management for mesh networking, secure access, and zero-trust infrastructure. Covers installation, CLI commands, subnet routers, exit nodes, Tailscale SSH, ACL/grants configuration, MagicDNS, Tailscale Serve/Funnel, API automation, and production deployment best practices. Use when setting up Tailscale, configuring tailnet access controls, deploying subnet routers or exit nodes, enabling Tailscale SSH, exposing services with Serve/Funnel, automating via the Tailscale API, troubleshooting connectivity, or planning production Tailscale deployments.
npx claudepluginhub el-feo/ai-context --plugin devopsThis skill uses the workspace's default tool permissions.
```bash
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
# Install (Linux)
curl -fsSL https://tailscale.com/install.sh | sh
# Install (macOS)
brew install tailscale
# Connect and authenticate
sudo tailscale up
# Check status
tailscale status
# Get your Tailscale IP
tailscale ip -4
tailscale up # Connect
tailscale down # Disconnect (daemon stays running)
tailscale status # View peers
tailscale status --json | jq # Detailed network map
tailscale ping machine-name # Test connectivity (ignores ACLs)
tailscale ping --icmp machine-name # Test with ACLs
tailscale set --exit-node=name # Use exit node
tailscale set --exit-node= # Stop using exit node
Use tailscale set to change settings without reconnecting. Use tailscale up for initial setup.
Run scripts/setup_subnet_router.sh <subnet_cidr> [auth_key] for automated setup.
Manual steps:
sudo tailscale up --advertise-routes=192.168.1.0/24sudo tailscale up --accept-routesRun scripts/setup_exit_node.sh [auth_key] for automated setup.
Manual steps:
sudo tailscale up --advertise-exit-nodetailscale set --exit-node=node-name --exit-node-allow-lan-access# Enable on server
sudo tailscale set --ssh
# Connect from client (no special setup needed)
ssh machine-name
Requires both network access grant and SSH ACL rule. See acl-examples.md for SSH ACL patterns.
# Serve locally to tailnet
tailscale serve 3000
# Expose to public internet (ports 443, 8443, or 10000 only)
tailscale funnel 3000
# TCP forwarding with TLS termination
tailscale serve --tls-terminated-tcp=5432 localhost:5432
# Check status / turn off
tailscale serve status
tailscale serve off
Use Grants (modern, recommended) over ACLs (legacy). Both work, but Grants support application-layer capabilities.
{
"groups": {
"group:engineering": ["alice@example.com"]
},
"tagOwners": {
"tag:server": ["group:engineering"]
},
"grants": [
{
"src": ["group:engineering"],
"dst": ["tag:server"],
"ip": ["22", "443"]
}
]
}
Key patterns: Use groups for people, tags for machines. Always include both network grants and SSH rules for SSH access.
For detailed ACL scenarios, SSH access patterns, posture checks, auto-approvers, GitOps integration, and common mistakes, see acl-examples.md.
scripts/setup_subnet_router.sh <subnet_cidr> [auth_key] - Automated subnet router setup (installs Tailscale, enables IP forwarding, configures routes)scripts/setup_exit_node.sh [auth_key] - Automated exit node setup (installs Tailscale, enables IP forwarding, advertises as exit node)