2025-05-09

Finally got around to creating a journaling tool for these shorter blurbs. Nothing fancy, just a shell script and a template html file

Handy NetworkManager dispatcher.d script to only start tailscale when connecting to an untrusted network

        #!/usr/bin/env bash
        #
        # /etc/NetworkManager/dispatcher.d/10-tailscale.sh
        # Runs `tailscale up` on untrusted networks, and `tailscale down` when disconnecting
        # if tailscale isn't already down.

        # List your trusted connections here (SSID or NM connection name)
        TRUSTED=("Home" "Work")

        INTERFACE="$1"
        ACTION="$2"

        # syslog identifier
        IDENTIFIER="tailscale-dispatcher"

        # Only care about connect/disconnect events:
        if [[ "$ACTION" != "up" && "$ACTION" != "down" ]]; then
        exit 0
        fi

        # Function to check if $CONNECTION_ID is in the TRUSTED list
        is_trusted() {
        for net in "${TRUSTED[@]}"; do
        [[ "$CONNECTION_ID" == "$net" ]] && return 0
        done
        return 1
        }

        case "$ACTION" in
        up)
        # if this connection is NOT trusted, bring tailscale up
        if ! is_trusted; then
        logger -t "${IDENTIFIER}" "Untrusted network '$CONNECTION_ID' on $INTERFACE → tailscale up"
        tailscale up
        exit 0
        fi
        logger -t "${IDENTIFIER}" "Connected to trusted network '$CONNECTION_ID'"
        ;;
        down)
        # only tear down if tailscale status indicates it's still up/failing
        if tailscale status &>/dev/null; then
        logger -t tailscale-dispatcher "Disconnect on $INTERFACE; tailscale status failed → tailscale down"
        tailscale down
        exit 0
        fi
        logger -t "${IDENTIFIER}" "VPN not active on disconnect from '$CONNECTION_ID'"
        ;;
        esac

        exit 0