# TailRescue 운영 Runbook

## 산출물 관리

- Git: 소스/문서/스크립트/스킬만 저장
- ISO: Gitea Release attachment 또는 내부 artifact path에 저장
- 현재 PoC ISO hash: `3d7995cfdf58c62f6ee167458079a7eaa1d2a79ac56e5f019cab1ec856943ddd`

## 빌드

```bash
./scripts/headscale-create-preauth.sh
cp templates/rescue.env.example rescue.env
cp templates/authorized_keys.example templates/authorized_keys
# rescue.env에는 현장용 preauth key/password를 넣고, authorized_keys에는 공개키만 넣는다.
./scripts/build-live-iso.sh
```

## 검증

```bash
cp /root/tailrescue-dist/$(cat /root/tailrescue-dist/latest.txt) /var/lib/vz/template/iso/tailrescue-headscale-test.iso
./scripts/test-proxmox-vm.sh
ssh rescue@100.64.x.y 'echo SSH_OK; sudo -n true; rescue-status; list-disks'
```

## 현장

- Ventoy USB에 ISO 복사
- 대상 PC에서 ISO 선택 후 Enter
- Headscale node list에서 `tailrescue-*` 확인
- `ssh rescue@100.64.x.y`
- `sudo mount-ntfs-ro /dev/sdXN /mnt/windows`

## 장애 대응

- Headscale에 노드가 안 뜸: DHCP/NIC/firmware/케이블 확인, `ip -br a`, `journalctl -u tailrescue-firstboot`
- SSH가 안 됨: `systemctl status ssh`, `/var/log/auth.log`, `id rescue`, `sudo passwd -S rescue`
- 내장 NIC 미인식: Realtek RTL8153/RTL8156 또는 ASIX AX88179 USB LAN 동글 사용


## Gitea Release 산출물

Verified PoC ISO is published as a Gitea Release attachment:

- Release: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/tag/v0.1.0
- ISO: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/tailrescue-headscale-20260601-1842.iso
- SHA256SUMS: https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/SHA256SUMS

Download and verify:

```bash
curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/tailrescue-headscale-20260601-1842.iso
curl -fL -O https://git.0bin.in/thug0bin/tailrescue-headscale-iso/releases/download/v0.1.0/SHA256SUMS
sha256sum -c SHA256SUMS
```

Release upload pattern for future builds:

```bash
curl -H "Authorization: token $GITEA_TOKEN"   -F "attachment=@tailrescue-headscale-YYYYMMDD-HHMM.iso"   "https://git.0bin.in/api/v1/repos/thug0bin/tailrescue-headscale-iso/releases/<release_id>/assets?name=tailrescue-headscale-YYYYMMDD-HHMM.iso"
```

Do not commit ISO files into Git.

Note: the repository is public so Release attachments can be downloaded without authentication. Do not commit secrets or field-specific `rescue.env`; rotate preauth keys per build.