gistfile1.txt

	oauthClientID := os.Getenv("TS_OAUTH_CLIENT_ID")
	oauthClientSecret := os.Getenv("TS_OAUTH_CLIENT_SECRET")
	require.NotEmpty(t, oauthClientID, "TS_OAUTH_CLIENT_ID must be set")
	require.NotEmpty(t, oauthClientSecret, "TS_OAUTH_CLIENT_SECRET must be set")
	var oauthConfig = &clientcredentials.Config{
		ClientID:     oauthClientID,
		ClientSecret: oauthClientSecret,
		TokenURL:     "https://api.tailscale.com/api/v2/oauth/token",
	}
	client := oauthConfig.Client(context.Background())

	tailscale.I_Acknowledge_This_API_Is_Unstable = true
	tsClient := tailscale.NewClient("-", nil)
	tsClient.HTTPClient = client
	caps := tailscale.KeyCapabilities{
		Devices: tailscale.KeyDeviceCapabilities{
			Create: tailscale.KeyDeviceCreateCapabilities{
				Tags:      []string{"tag:smoke"},
				Ephemeral: true,
			},
		},
	}

	fmt.Println("Creating authkey")
	authkey, _, err := tsClient.CreateKey(context.Background(), caps)
	require.NoError(t, err, "Failed to get token")
	fmt.Println("Got authkey")

	hostname := fmt.Sprintf("test-%s", generateCurrentTime())
	// Create a tsnet server
	s := &tsnet.Server{
		Hostname:  hostname, // Tailscale hostname. Note that tailscale applies a sequence to this to prevent collisions.
		AuthKey:   authkey,
		Dir:       t.TempDir(), // Use test's temp dir for state
		Ephemeral: true,
	}

	// Start the funnel
	ln, err := s.ListenFunnel("tcp", ":443")
	require.NoError(t, err, "Failed to get funnel URL")

	funnelURL := fmt.Sprintf("https://%s", s.CertDomains()[0])
	fmt.Println("Funnel URL:", funnelURL)

	return s, ln, funnelURL