Runs a Tailscale node on a Balena device
Use this as standalone with the button below:
Or add the following service to your docker-compose.yml:
volumes:
tailscale-state: {}
services:
tailscale:
image: bh.cr/hslatman/herman/tailscale-aarch64
restart: always
network_mode: host
environment:
- TAILSCALE_KEY: <YOUR_TAILSCALE_KEY>
- TAILSCALE_IP: <BOOLEAN>
- TAILSCALE_TAGS: <CUSTOM_TAGS>
volumes:
- tailscale-state:/tailscaleYou'll need to provide a valid Auth Key to the tailscale service in the TAILSCALE_KEY variable.
An Auth Key can be created in the Tailscale Dashboard.
Take note of the properties you specify when creating a new key,
if you don't specify Pre-authorized you will have to manually login via the console.
If TAILSCALE_IP is set to true, then the Tailscale IP address of the device will be visible in the balenaCloud dashboard.
If TAILSCALE_TAGS is set, --advertise-tags=${TAILSCALE_TAGS} is passed. Make sure to define the tags first.
Tailscale is described as a secure network that just works. It uses WireGuard to tunnel traffic between hosts.
- Provide Docker image for the block
- Be smarter when TAILSCALE_KEY is not yet set in Balena
- Provide additional configuration options
- subnet routing
- ...
- Expose some tags in Balena?
- Support kernel networking (instead of just userspace; also see hslatman/tailscale-balena-rpi)
- Some easy way for checking that Tailscale tunnel works?
- A way to refresh/reauth tailscaled state on command?
- Deploy to multi-arch fleets with GitHub actions
WireGuard is a registered trademark of Jason A. Donenfeld.