Tailscale: Difference between revisions

(3 intermediate revisions by 3 users not shown)

Line 4:

{{File|3={

services.tailscale = {

# Enable tailscale at startup

enable = true;

~~# Enable tailscale at startup~~

~~# If you would like to use a preauthorized key~~

~~#authKeyFile = "/run/secrets/tailscale_key";~~

# If you would like to use a preauthorized key, set

# authKeyFile = "/run/secrets/tailscale_key";

# Note: maximum expire time is 90 days

};

}|name=/etc/nixos/configuration.nix|lang=nix}}

Line 34:

enable = true;

# Always allow traffic from your Tailscale network

trustedInterfaces = [ ~~"tailscale0"~~ ];

trustedInterfaces = [ config.services.tailscale.interfaceName ];

# Allow the Tailscale UDP port through the firewall

allowedUDPPorts = [ config.services.tailscale.port ];

Line 103:

Some GUI applets/utilities cannot control {{ic|tailscaled}} as a regular user and prompt for a password for every action/not connecting. Assigning the user as an operator fixes this:

{{Commands|1=$ sudo tailscale set --operator=USERNAME}}'''Note:''' There is currently a bug with the above command documented in: https://github.com/tailscale/tailscale/issues/18294

The workaround is to login and set the operator as part of connecting to tailscale. This section can be removed once the issue is resolved.

{{Commands|1=# for initial login

sudo tailscale login

# this will set your user as the operator for the future

sudo tailscale up --operator=$USER

# validate your user is an operator

tailscale debug prefs {{!}} grep -i operator}}

== Running multiple Tailnet-accessible services on a single machine ==

@@ Line 4: / Line 4: @@
 {{File|3={
    services.tailscale = {
+    # Enable tailscale at startup
      enable = true;
-    # Enable tailscale at startup
-    # If you would like to use a preauthorized key
-    #authKeyFile = "/run/secrets/tailscale_key";
+    # If you would like to use a preauthorized key, set
+    # authKeyFile = "/run/secrets/tailscale_key";
+    # Note: maximum expire time is 90 days
    };
 }|name=/etc/nixos/configuration.nix|lang=nix}}
@@ Line 34: / Line 34: @@
      enable = true;
      # Always allow traffic from your Tailscale network
-     trustedInterfaces = [ "tailscale0" ];
+     trustedInterfaces = [ config.services.tailscale.interfaceName ];
      # Allow the Tailscale UDP port through the firewall
      allowedUDPPorts = [ config.services.tailscale.port ];
@@ Line 103: / Line 103: @@
 Some GUI applets/utilities cannot control {{ic|tailscaled}} as a regular user and prompt for a password for every action/not connecting. Assigning the user as an operator fixes this:
-{{Commands|1=$ sudo tailscale set --operator=USERNAME}}
+{{Commands|1=$ sudo tailscale set --operator=USERNAME}}'''Note:''' There is currently a bug with the above command documented in: https://github.com/tailscale/tailscale/issues/18294
+The workaround is to login and set the operator as part of connecting to tailscale. This section can be removed once the issue is resolved.
+{{Commands|1=# for initial login
+sudo tailscale login
+# this will set your user as the operator for the future
+sudo tailscale up --operator=$USER
+# validate your user is an operator
+tailscale debug prefs {{!}} grep -i operator}}
 == Running multiple Tailnet-accessible services on a single machine ==