agent: complete plan05 closeout

agent/nix_builder_autoscaler/bootstrap/userdata.py

@@ -41,13 +41,22 @@ def render_userdata(slot_id: str, region: str, ssm_param: str = "/nix-builder/ts
         printf '%s' "$TS_AUTHKEY" > /run/credentials/tailscale-auth-key
         chmod 600 /run/credentials/tailscale-auth-key
 
+        # --- Resolve instance identity from IMDSv2 for unique hostname ---
+        IMDS_TOKEN=$(curl -fsS -X PUT "http://169.254.169.254/latest/api/token" \\
+            -H "X-aws-ec2-metadata-token-ttl-seconds: 21600" || true)
+        INSTANCE_ID=$(curl -fsS -H "X-aws-ec2-metadata-token: $IMDS_TOKEN" \\
+            "http://169.254.169.254/latest/meta-data/instance-id" || true)
+        if [ -z "$INSTANCE_ID" ]; then
+          INSTANCE_ID="unknown"
+        fi
+
         # --- Write tailscale-autoconnect config ---
         mkdir -p /etc/tailscale
         cat > /etc/tailscale/autoconnect.conf <<TSCONF
         TS_AUTHKEY_FILE=/run/credentials/tailscale-auth-key
         TS_AUTHKEY_EPHEMERAL=true
         TS_AUTHKEY_PREAUTHORIZED=true
-        TS_HOSTNAME=nix-builder-$SLOT_ID
+        TS_HOSTNAME=nix-builder-$SLOT_ID-$INSTANCE_ID
         TS_EXTRA_ARGS="--ssh --advertise-tags=tag:nix-builder"
         TSCONF