# Cron Job: Tailscale Funnel 外网访问修复 **Job ID:** d80e27fb6e52 **Run Time:** 2026-05-20 10:01:45 **Schedule:** 0 10 * * * ## Prompt [IMPORTANT: The user has invoked the "minimax-search" skill, indicating they want you to follow its instructions. The full skill content is loaded below.] --- name: minimax-search description: MiniMax Token Plan 网络搜索 - 当需要搜索中文内容、中国相关主题,或 Tavily 不可用时使用 triggers: - 搜索中文内容 - 搜索中国相关新闻 - MiniMax 相关搜索 - Tavily 额度用尽 --- # MiniMax 搜索技能 ## API 端点 - URL: `POST https://api.minimaxi.com/v1/coding_plan/search` - 认证: `Authorization: Bearer {MINIMAX_API_KEY}` ## 请求格式 ```python import requests api_key = "sk-cp-..." # MiniMax Token Plan Key url = "https://api.minimaxi.com/v1/coding_plan/search" headers = { "Authorization": f"Bearer {api_key}", "Content-Type": "application/json" } payload = {"q": "搜索查询词"} response = requests.post(url, headers=headers, json=payload) data = response.json() for item in data.get("organic", []): print(f"标题: {item['title']}") print(f"链接: {item['link']}") print(f"摘要: {item['snippet']}") ``` ## 路由策略 - 默认搜索: Tavily (`web.search_backend: tavily`) - 中文/中国内容: MiniMax `/v1/coding_plan/search` - 用户指定: MiniMax The user has provided the following instruction alongside the skill invocation: [IMPORTANT: You are running as a scheduled cron job. DELIVERY: Your final response will be automatically delivered to the user — do NOT use send_message or try to deliver the output yourself. Just produce your report/output as your final response and the system handles the rest. SILENT: If there is genuinely nothing new to report, respond with exactly "[SILENT]" (nothing else) to suppress delivery. Never combine [SILENT] with content — either report your findings normally, or say [SILENT] and nothing more.] 继续完成上次未完成的任务:修复 Tailscale Funnel 外网访问问题。 **背景:** - Tailscale 运行在 userspace-networking 模式,Socket: /tmp/tailscaled.sock - Funnel 已配置:https://kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net -> localhost:5679 - Funnel 状态显示 "tailnet only",表示只对 Tailscale 内网开放 - 问题:公网无法访问,原因是 systemd-resolved 不认识 .ts.net 域名,DNS 解析失败 **待完成的工作:** 1. 配置 systemd-resolved 将 .ts.net 域名转发给 Tailscale MagicDNS (100.100.100.100) - 命令:`sudo resolvectl dns tailscale0 100.100.100.100` - 命令:`sudo resolvectl domain tailscale0 tail95fef0.ts.net` - 或者修改 /etc/systemd/resolved.conf 2. 重启 systemd-resolved:`sudo systemctl restart systemd-resolved` 3. 验证 DNS 解析:`resolvectl query kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net` 4. 测试 Funnel:curl https://kuhnn-lenovo-ideapad-710s-13isk.tail95fef0.ts.net 5. 如果 Funnel 仍不工作,检查是否需要调整 Funnel 策略或端口配置 **注意:** - 需要 sudo 权限执行 resolvectl 和修改 resolved.conf - 如果用户空间模式限制 Funnel 公网访问,可能需要改用 TUN 模式 - 完成后告知用户结果 用户是 K.W.,用中文交流。请用中文回复。 ## Response ## 任务状态:无法完成 **问题根源:** tailscaled 启动失败,错误: ``` tstun.New("tailscale0"): operation not permitted ``` Tailscale 需要创建 TUN 设备(/dev/net/tun)和设置 iptables 规则,但这需要 root 权限。当前环境: - 无 sudo 密码(sudo 需要交互式终端) - TUN 设备创建被权限拒绝 - iptables 操作全部失败 **诊断结果:** - tailscaled 进程在启动后立即崩溃退出 - /tmp/tailscaled.sock 不存在 - 无法连接 local tailscaled **建议的解决方案:** 1. **使用 userspace 模式而非 userspace-networking 模式**(如果支持) ``` tailscaled --tun=userspace-networking --socket=/tmp/tailscaled.sock ``` 2. **使用 Tailscale SSH 隧道**(如果已开启 Exit Node) - 通过已有的 Tailscale 连接访问,而不是 Funnel 3. **使用 ngrok/cloudflared 等替代方案** - 这些工具在用户空间运行,不需要 root 4. **手动配置 /etc/systemd/resolved.conf**(需要 sudo) ```ini [Resolve] DNS=100.100.100.100 Domains=~tail95fef0.ts.net ``` **结论:** 核心障碍是 cron 环境下无法获取 sudo 权限来运行 tailscaled。Funnel 本身需要 Tailscale daemon 正常运行才能工作,而 daemon 需要 root 权限。建议通过其他方式(ngrok、cloudflared tunnel)实现公网访问,或在有 sudo 权限的环境下完成任务。