Last active
February 16, 2026 22:38
-
-
Save pojntfx/514abcf47d041669881f9abe6c1eb8d8 to your computer and use it in GitHub Desktop.
Setup Tailscale on an immutable Linux system (e.g. GNOME OS or Fedora Silverblue)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| sudo podman rm -f tailscaled | |
| # If you want to store the Tailscale secrets on the TPM, add --device=/dev/tpm0 to the Podman flags below | |
| sudo podman run -d \ | |
| --name=tailscaled \ | |
| --restart=always \ | |
| -v tailscale-data:/var/lib/tailscale \ | |
| -v /dev/net/tun:/dev/net/tun \ | |
| -v /run:/run \ | |
| -v /etc/passwd:/etc/passwd:ro \ | |
| -v /etc/group:/etc/group:ro \ | |
| --network=host \ | |
| --cap-add=NET_ADMIN \ | |
| --cap-add=NET_RAW \ | |
| -e TS_STATE_DIR=/var/lib/tailscale \ | |
| docker.io/tailscale/tailscale \ | |
| tailscaled --state=/var/lib/tailscale/tailscaled.state | |
| sudo systemctl enable --now podman-restart | |
| sudo podman exec tailscaled tailscale set --operator=${USER} | |
| sudo tee /etc/systemd/network/50-tailscale.network << 'EOF' | |
| [Match] | |
| Name=tailscale0 | |
| [Network] | |
| DNS=100.100.100.100 | |
| DNS=fd7a:115c:a1e0::53 | |
| Domains=~ts.net | |
| EOF | |
| sudo systemctl restart systemd-networkd systemd-resolved | |
| # Now manage the Tailscale daemon via https://flathub.org/apps/dev.deedles.Trayscale or https://flathub.org/apps/org.fkoehler.KTailctl |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment