Cloud-init script for Ubuntu to install Tailscale, code-server, and Caddy

user-data-server.sh

#!/bin/bash

# Customize these
USER=user
TSKEY=tskey-auth-BLAHBLAHBLAH

export DEBIAN_FRONTEND=noninteractive

apt-get update

adduser -q --disabled-password --gecos=${USER?} ${USER?}

curl -fsSL https://tailscale.com/install.sh | sh
tailscale up --operator=${USER?} --ssh --authkey=${TSKEY?}

# When run via cloud-init, code-server needs a HOME
export HOME=/root
curl -fsSL https://code-server.dev/install.sh | sh
systemctl enable --now code-server@${USER?}

tailscale serve / proxy 8080

# Do you feel lucky? You can uncomment this line...
# And only Tailscale SSH will have access.
# systemctl disable --now ssh

user-data.sh

#!/bin/bash

# Customize these
USER=user
TSKEY=tskey-BLAHBLAHBLAH

export DEBIAN_FRONTEND=noninteractive

apt-get update
#apt-get -y upgrade

adduser -q --disabled-password --gecos=${USER?} ${USER?}

curl -fsSL https://tailscale.com/install.sh | sh
tailscale up --operator=${USER?} --ssh --authkey=${TSKEY?}

# When run via cloud-init, code-server needs a HOME
export HOME=/root
curl -fsSL https://code-server.dev/install.sh | sh
systemctl enable --now code-server@${USER?}

CADDY_VERSION=2.5.1
curl -LO https://github.com/caddyserver/caddy/releases/download/v${CADDY_VERSION?}/caddy_${CADDY_VERSION?}_linux_amd64.deb
apt-get -y install ./caddy_${CADDY_VERSION?}_linux_amd64.deb

# Allow Caddy to get cert from Tailscale
echo TS_PERMIT_CERT_UID=caddy >> /etc/default/tailscaled
systemctl restart tailscaled

apt-get -y install jq
SHORT=$(tailscale status --self --json | jq -r '.Self.HostName')
LONG=$(tailscale status --self --json | jq -r '.CertDomains[0]')

tee /etc/caddy/Caddyfile <<EOF
# Don't bind to public IP. This is for private use only
{
	default_bind ${LONG?}
}

# Serve up code-server with TLS
${LONG?} {
	reverse_proxy 127.0.0.1:8080
}

# Redirect HTTP requests to the short name to the TLS URL
http://${SHORT?} {
	redir https://${LONG?}{uri}
}
EOF

systemctl restart caddy.service