From e964443c5de6435a4caabf3addaf281dce818434 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Fri, 14 Feb 2025 00:14:23 +0100
Subject: [PATCH] feat(scripts): add script for Tailscale Lock signing of
 Mullvad nodes

---
 .../tailscale-lock-sign-mullvad-exit-nodes.nu | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100755 scripts/tailscale-lock-sign-mullvad-exit-nodes.nu

diff --git a/scripts/tailscale-lock-sign-mullvad-exit-nodes.nu b/scripts/tailscale-lock-sign-mullvad-exit-nodes.nu
new file mode 100755
index 0000000..ea7c0c0
--- /dev/null
+++ b/scripts/tailscale-lock-sign-mullvad-exit-nodes.nu
@@ -0,0 +1,26 @@
+#! /usr/bin/env nu
+
+let $status = tailscale lock status --json | from json
+
+let $nodes = $status | get FilteredPeers
+let $nodes_mullvad = $nodes | where Name =~ ".mullvad.ts.net"
+
+let count_total = $nodes | length
+let count_mullvad = $nodes_mullvad | length
+
+print $"unsigned nodes: ($count_total) total, ($count_mullvad) Mullvad"
+
+if ($nodes_mullvad | length) == 0 {
+  print "no Mullvad nodes need to be signed"
+  return
+}
+
+print "signing Mullvad nodes..."
+
+$nodes_mullvad | each { |node|
+  print $"signing ($node.Name)"
+  tailscale lock sign $node.NodeKey
+  sleep 0.1sec
+}
+
+print "all Mullvad nodes successfully signed"