#!/usr/bin/env bash
set -e

# Simple Tailscale LXC bootstrap for Debian/Ubuntu
# - Updates packages
# - Enables IPv4/IPv6 forwarding
# - Installs Tailscale via official installer
# - Starts tailscaled
# - Runs 'tailscale up' with optional subnet routing

SUBNET_CIDR="${SUBNET_CIDR:-192.168.1.0/24}"
EXTRA_TS_FLAGS="${EXTRA_TS_FLAGS:-}"

echo "[*] Updating packages..."
apt-get update -y && apt-get upgrade -y

echo "[*] Installing curl if missing..."
apt-get install -y curl

echo "[*] Enabling IP forwarding..."
grep -q 'net.ipv4.ip_forward' /etc/sysctl.conf || echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
grep -q 'net.ipv6.conf.all.forwarding' /etc/sysctl.conf || echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf
sysctl -p /etc/sysctl.conf

echo "[*] Installing Tailscale..."
curl -fsSL https://tailscale.com/install.sh | sh

echo "[*] Enabling and starting tailscaled..."
systemctl enable --now tailscaled

echo "[*] Running 'tailscale up'..."
tailscale up --advertise-routes="${SUBNET_CIDR}" ${EXTRA_TS_FLAGS}

echo
echo "[*] Done. Follow the URL above to authenticate this node."
echo "    After that, approve subnet routes in the Tailscale admin console if you used --advertise-routes."