Mike Swanson
5cbd49ce24
Move 150+ scripts from root and scripts/ into client/project directories: - clients/dataforth/scripts/ (110 files: AD2, sync, SSH, DB, DOS scripts) - clients/bg-builders/scripts/ (14 files: Lesley mgmt, Exchange, termination) - clients/internal-infrastructure/scripts/ (10 files: GDAP, Gitea, backups) - projects/msp-tools/scripts/ (9 files: CIPP, MSP onboarding, Datto) - projects/gururmm-agent/scripts/ (3 files: API test, JWT, record counts) - clients/glaztech/scripts/ (1 file: CentraStage removal) Also reorganized: - VPN scripts → infrastructure/vpn-configs/ - Retrieved API/JS files → api/ - Forum posts → projects/community-forum/forum-posts/ - SSH docs → clients/internal-infrastructure/docs/ - NWTOC/CTONW docs → projects/wrightstown-smarthome/docs/ - ACG website files → projects/internal/acg-website-2025/ - Dataforth docs → clients/dataforth/docs/ - schema-retrieved.sql → docs/database/ Deleted 24 tmp_*.ps1 one-off debug scripts (preserved in git history). Root reduced from 220+ files to 62 items (docs + directories only). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2.5 KiB
Fix: Tailscale Health Warnings on CachyOS (Arch) with KDE Plasma
Environment
- OS: CachyOS (Arch-based), kernel 6.19.7-1-cachyos
- DE: KDE Plasma 6 (Wayland)
- Tailscale: 1.94.2
Problem
tailscale status showed two health warnings:
# Health check:
# - systemd-resolved and NetworkManager are wired together incorrectly; MagicDNS will probably not work.
# - Some peers are advertising routes but --accept-routes is false
Diagnosis
Issue 1: Accept Routes
Peers (pfSense, NAS) were advertising subnet routes but the machine wasn't accepting them:
tailscale status --json | python3 -c "
import json,sys
d=json.load(sys.stdin)
for k,v in d.get('Peer',{}).items():
routes = v.get('PrimaryRoutes', [])
if routes:
print(f\"{v['HostName']}: {routes}\")
"
# Output: pfSense: ['172.16.0.0/22'], D2TESTNAS: ['192.168.0.0/24']
Issue 2: DNS Wiring
resolvectl status
# resolv.conf mode: foreign <-- WRONG, should be "stub"
ls -la /etc/resolv.conf
# -rw-r--r-- 1 root root 86 ... <-- regular file, NOT a symlink
cat /etc/NetworkManager/NetworkManager.conf
# Empty - no dns= directive
NetworkManager was generating /etc/resolv.conf directly instead of going through systemd-resolved. Tailscale needs systemd-resolved to handle MagicDNS (.ts.net) queries.
Fix
Fix 1: Accept Routes
sudo tailscale set --accept-routes
Fix 2: Wire NetworkManager to systemd-resolved
Step 1 - Tell NetworkManager to use systemd-resolved as DNS backend:
sudo tee /etc/NetworkManager/conf.d/dns.conf > /dev/null << 'EOF'
[main]
dns=systemd-resolved
EOF
Step 2 - Fix the resolv.conf symlink:
sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Step 3 - Restart services:
sudo systemctl restart NetworkManager
sudo systemctl restart systemd-resolved
sudo systemctl restart tailscaled
Verification
resolvectl status
# resolv.conf mode: stub <-- CORRECT
tailscale status
# No health warnings
ping d2testnas
# PING d2testnas.tailea2889.ts.net (100.85.152.90) - MagicDNS working
Why This Happens
CachyOS (and many Arch installs) ship with both NetworkManager and systemd-resolved active, but NetworkManager isn't configured to delegate DNS to systemd-resolved. It writes /etc/resolv.conf directly, bypassing the resolved stub. Tailscale configures its MagicDNS via systemd-resolved's D-Bus API, so if resolved isn't actually handling queries, .ts.net names won't resolve.