# Tailscale for local exit node / home network
---
version: "3.8"
services:
    tailscale:
        container_name: tailscale
        image: tailscale/tailscale:latest
        hostname: tailscale # Replace with a descriptive name for your device
        volumes:
            - tailscale-data:/var/lib/tailscale # Persist Tailscale data
            - /dev/net/tun:/dev/net/tun # Required for Tailscale to function
        cap_add:
            - NET_ADMIN # Required for Tailscale to manage network interfaces
            - SYS_MODULE # Required for Tailscale to load kernel modules if needed
        environment:
            # Set to 'true' to enable subnet routing (allowing other devices on your home network to be accessible)
            # You will need to approve the subnet routes in the Tailscale admin console after starting.
            # Also enables this device as an exit node.
            # IMPORTANT: Replace https://your-headscale-url.com with the actual URL of your Headscale instance.
            - TS_EXTRA_ARGS=--advertise-routes=10.0.0.0/24 --advertise-exit-node
              --login-server=https://headscale.wompmacho.com
            - TS_AUTHKEY=e9f24a0815451a5b164cc17715ff457bf6447095dbbe7db4 # OPTIONAL: Use an auth key for unattended authentication
            # - TS_USERSPACE=true # Uncomment if you encounter issues with kernel module loading
        network_mode: host # Use host network mode for direct network access
        restart: unless-stopped

volumes:
    tailscale-data:
        name: tailscale-data
        driver_opts:
            type: nfs
            o: addr=truenas,nolock,soft,rw
            device: :/mnt/store/vault/app/tailscale