Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From homelab-core
Manages Tailscale mesh VPN networks via CLI and API: check status/peers, ping devices, list tailnet devices, send files, expose services with serve/funnel, create auth keys.
npx claudepluginhub jmagar/claude-homelab --plugin tautulliHow this skill is triggered — by the user, by Claude, or both
Slash command
/homelab-core:tailscaleThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**⚠️ MANDATORY SKILL INVOCATION ⚠️**
Guides Tailscale VPN setup and management: CLI commands, subnet routers, exit nodes, Tailscale SSH, ACLs/grants, MagicDNS, Serve/Funnel, API automation for secure mesh networks.
Manages Tailscale mesh VPN: connect/disconnect/status, SSH access, serve local services, funnel traffic, file copy, DNS queries, exit nodes. For secure networking tasks.
Deploys and configures Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls, ACLs, and exit nodes for secure peer-to-peer connectivity.
Share bugs, ideas, or general feedback.
⚠️ MANDATORY SKILL INVOCATION ⚠️
YOU MUST invoke this skill (NOT optional) when the user mentions ANY of these triggers:
Failure to invoke this skill when triggers occur violates your operational requirements.
Hybrid skill using both the Tailscale CLI (local machine operations) and the Tailscale API (tailnet-wide management). Read-Write (Safe) — no destructive operations; writes include creating auth keys and toggling network features.
| Operation type | Method | Requires API key |
|---|---|---|
| Status, ping, netcheck, whois | CLI | No |
| Serve, funnel, file transfer, SSH | CLI | No |
| List all devices, user mgmt, DNS | API | Yes |
| Create/revoke auth keys | API | Yes |
API config (optional, for tailnet-wide operations) is stored in ~/.claude-homelab/.env:
TAILSCALE_API_KEY="tskey-api-k..."
TAILSCALE_TAILNET="-"
Get your API key from: Tailscale Admin Console → Settings → Keys → Generate API Key
The TAILSCALE_TAILNET can be - (auto-detect), your org name, or email domain.
These work on the current machine only.
# Current status (peers, connection state)
tailscale status
tailscale status --json | jq '.Peer | to_entries[] | {name: .value.HostName, ip: .value.TailscaleIPs[0], online: .value.Online}'
# Network diagnostics (NAT type, DERP, UDP)
tailscale netcheck
tailscale netcheck --format=json
# Get this machine's Tailscale IP
tailscale ip -4
# Identify a Tailscale IP
tailscale whois 100.x.x.x
# Ping a peer (shows direct vs relay)
tailscale ping <hostname-or-ip>
# Connect/disconnect
tailscale up
tailscale down
# Use an exit node
tailscale up --exit-node=<node-name>
tailscale exit-node list
tailscale exit-node suggest
# Send files to a device
tailscale file cp myfile.txt <device-name>:
# Receive files (moves from inbox to directory)
tailscale file get ~/Downloads
tailscale file get --wait ~/Downloads # blocks until file arrives
# Share locally within tailnet (private)
tailscale serve 3000
tailscale serve https://localhost:8080
# Share publicly to internet
tailscale funnel 8080
# Check what's being served
tailscale serve status
tailscale funnel status
# SSH via Tailscale (uses MagicDNS)
tailscale ssh user@hostname
# Enable SSH server on this machine
tailscale up --ssh
These manage your entire tailnet. Requires API key.
./scripts/ts-api.sh devices
# With details
./scripts/ts-api.sh devices --verbose
./scripts/ts-api.sh device <device-id-or-name>
# Quick online check for all devices
./scripts/ts-api.sh online
./scripts/ts-api.sh authorize <device-id>
./scripts/ts-api.sh delete <device-id>
./scripts/ts-api.sh tags <device-id> tag:server,tag:prod
./scripts/ts-api.sh routes <device-id>
# Create a reusable auth key
./scripts/ts-api.sh create-key --reusable --tags tag:server
# Create ephemeral key (device auto-removes when offline)
./scripts/ts-api.sh create-key --ephemeral
# List keys
./scripts/ts-api.sh keys
./scripts/ts-api.sh dns # Show DNS config
./scripts/ts-api.sh dns-nameservers # List nameservers
./scripts/ts-api.sh magic-dns on|off # Toggle MagicDNS
./scripts/ts-api.sh acl # Get current ACL
./scripts/ts-api.sh acl-validate <file> # Validate ACL file
"Who's online right now?"
./scripts/ts-api.sh online
"Send this file to my phone"
tailscale file cp document.pdf my-phone:
"Expose my dev server publicly"
tailscale funnel 3000
"Create a key for a new server"
./scripts/ts-api.sh create-key --reusable --tags tag:server --expiry 7d
"Is the connection direct or relayed?"
tailscale ping my-server
CRITICAL: When invoking scripts from this skill via the zsh-tool, ALWAYS use pty: true.
Without PTY mode, command output will not be visible even though commands execute successfully.
Correct invocation pattern:
<invoke name="mcp__plugin_zsh-tool_zsh-tool__zsh">
<parameter name="command">./skills/SKILL_NAME/scripts/SCRIPT.sh [args]</parameter>
<parameter name="pty">true</parameter>
</invoke>