├── .github
    └── workflows
    │   └── build-containers.yml
├── LICENSE
├── README.md
├── containers
    ├── Containerfile-debian
    ├── Containerfile-fedora
    └── Containerfile-ubi9
└── images
    └── screenshot.png


/.github/workflows/build-containers.yml:
--------------------------------------------------------------------------------
 1 | name: build containers
 2 | run-name: building containers
 3 | on:
 4 |   schedule:
 5 |     - cron: "0 0 * * 1"
 6 |   push:
 7 |     branches:
 8 |       - "main"
 9 |   pull_request: {}
10 |   workflow_dispatch:
11 | jobs:
12 |   build:
13 |     runs-on: ${{ matrix.os }}
14 |     strategy:
15 |       fail-fast: false
16 |       matrix:
17 |         os:
18 |           - ubuntu-24.04
19 |     steps:
20 |       - name: Check out repository code
21 |         uses: actions/checkout@v4
22 |       - name: Run podman build - Debian
23 |         run: podman build -t ghcr.io/spotsnel/tailscale-systemd:latest -f containers/Containerfile-debian .
24 |       - name: Run podman build - Fedora
25 |         run: podman build -t ghcr.io/spotsnel/tailscale-systemd/fedora:latest -f containers/Containerfile-fedora .
26 |       - name: Run podman build - UBI9
27 |         run: podman build -t ghcr.io/spotsnel/tailscale-systemd/ubi9:latest -f containers/Containerfile-ubi9 .
28 |       - name: Push image to ghcr.io - Debian
29 |         run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/spotsnel/tailscale-systemd:latest 
30 |       - name: Push image to ghcr.io - Fedora
31 |         run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/spotsnel/tailscale-systemd/fedora:latest
32 |       - name: Push image to ghcr.io - UBI9
33 |         run: podman push --creds=${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ghcr.io/spotsnel/tailscale-systemd/ubi9:latest


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2024 Gerard Braad
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | Tailscale (system container)
 2 | ============================
 3 | 
 4 | System(d) container for use with Podman Machine, MicroShift, OpenShift Local, Podman Desktop installations, Bazzite, Silverblue, etc.
 5 | 
 6 | ![Screenshot](./images/screenshot.png)
 7 | 
 8 | 
 9 | ### Usage
10 | 
11 | #### Container creation
12 | Start the system container. You can choose between the following options: [Debian](./#debian-based), [Fedora](./#fedora-based) or [RHEL UBI9](./#rhel-ubi9-based)
13 | 
14 | ##### Debian-based
15 | ```
16 | $ podman run -d --name=tailscale \
17 |         --hostname $HOSTNAME-tailscale \
18 |         --network=host --systemd=always \
19 |         --cap-add=NET_ADMIN --cap-add=NET_RAW \
20 |         ghcr.io/spotsnel/tailscale-systemd:latest
21 | ```
22 | 
23 | ##### Fedora-based
24 | ```
25 | $ podman run -d --name=tailscale \
26 |         --hostname $HOSTNAME-tailscale \
27 |         --network=host --systemd=always \
28 |         --cap-add=NET_ADMIN --cap-add=NET_RAW \
29 |         ghcr.io/spotsnel/tailscale-systemd/fedora:latest
30 | ```
31 | 
32 | ##### RHEL UBI9-based
33 | ```
34 | $ podman run -d --name=tailscale \
35 |         --hostname $HOSTNAME-tailscale \
36 |         --network=host --systemd=always \
37 |         --cap-add=NET_ADMIN --cap-add=NET_RAW \
38 |         ghcr.io/spotsnel/tailscale-systemd/ubi9:latest
39 | ```
40 | 
41 | #### Node registration
42 | and register the node to your Tailnet
43 | ```
44 | $ podman exec -it tailscale tailscale up
45 | 
46 | To authenticate, visit:
47 | 
48 |         https://login.tailscale.com/a/...
49 | ```
50 | 
51 | or use the Podman Desktop terminal to do so.
52 | 
53 | #### Systemd
54 | The lifecycle of the container can be maintained by the host using a systemd service unit:
55 | 
56 | ```
57 | $ (cd $HOME/.config/systemd/user && podman generate systemd --name --files tailscale)
58 | $ systemctl --user enable --now container-tailscale
59 | $ loginctl enable-linger $USER
60 | ```
61 | 


--------------------------------------------------------------------------------
/containers/Containerfile-debian:
--------------------------------------------------------------------------------
 1 | FROM debian:bookworm-slim
 2 | 
 3 | LABEL org.opencontainers.image.title="Tailscale (systemd)" \
 4 |       org.opencontainers.image.description="Tailscale lets you securely connect to your containers without exposing them to the public internet." \
 5 |       org.opencontainers.image.authors="Gerard Braad"
 6 | 
 7 | RUN apt-get update \
 8 |     && apt-get install -y \
 9 |         ca-certificates \
10 |         iptables \
11 |         iproute2 \
12 |         procps \
13 |         inotify-tools \
14 |         systemd \
15 |         systemd-sysv \  
16 |         sudo \
17 |         curl \
18 |     && curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null \
19 |     && curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list \
20 |     && apt-get update \
21 |     && apt-get install -y \
22 |         tailscale \
23 |     && export SUDO_FORCE_REMOVE=yes \
24 |     && apt-get remove -y \
25 |         sudo \
26 |         curl \
27 |     && apt -y autoremove \
28 |     && rm -rf /var/lib/apt/lists/* \
29 |     && sed -i 's/FLAGS=""/FLAGS="--tun=userspace-networking"/g' /etc/default/tailscaled \
30 |     && systemctl enable tailscaled
31 | 
32 | # systemd
33 | USER root
34 | ENTRYPOINT ["/sbin/init"]
35 | 


--------------------------------------------------------------------------------
/containers/Containerfile-fedora:
--------------------------------------------------------------------------------
 1 | FROM registry.fedoraproject.org/fedora:latest
 2 | 
 3 | LABEL org.opencontainers.image.title="Tailscale (systemd)" \
 4 |       org.opencontainers.image.description="Tailscale lets you securely connect to your containers without exposing them to the public internet." \
 5 |       org.opencontainers.image.authors="Gerard Braad"
 6 | 
 7 | # install tailscale
 8 | RUN dnf install -y \
 9 |         dnf-plugins-core \
10 |         systemd \
11 |     && dnf config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo \
12 |     && dnf install -y \
13 |         tailscale \
14 |     && dnf clean all \
15 |     && rm -rf /var/cache/yum \
16 |     && sed -i 's/FLAGS=""/FLAGS="--tun=userspace-networking"/g' /etc/default/tailscaled \
17 |     && systemctl enable tailscaled
18 | 
19 | USER root
20 | ENTRYPOINT ["/sbin/init"]
21 | 


--------------------------------------------------------------------------------
/containers/Containerfile-ubi9:
--------------------------------------------------------------------------------
 1 | FROM registry.access.redhat.com/ubi9/ubi-init:latest
 2 | 
 3 | LABEL org.opencontainers.image.title="Tailscale (systemd)" \
 4 |       org.opencontainers.image.description="Tailscale lets you securely connect to your containers without exposing them to the public internet." \
 5 |       org.opencontainers.image.authors="Gerard Braad"
 6 | 
 7 | # install tailscale
 8 | RUN dnf config-manager --add-repo https://pkgs.tailscale.com/stable/rhel/9/tailscale.repo \
 9 |     && dnf install -y \
10 |         tailscale \
11 |     && dnf clean all \
12 |     && rm -rf /var/cache/yum \
13 |     && sed -i 's/FLAGS=""/FLAGS="--tun=userspace-networking"/g' /etc/default/tailscaled \
14 |     && systemctl enable tailscaled
15 | 
16 | # systemd
17 | USER root
18 | # No need for entrypoint as base sets this
19 | #ENTRYPOINT ["/sbin/init"]


--------------------------------------------------------------------------------
/images/screenshot.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/gbraad-tailscale/tailscale-systemd/a982c2c4909cedd58ecc6a5eefa903b07aff2eb0/images/screenshot.png


--------------------------------------------------------------------------------