queeup/tailscale-podman.sh

## tailscale-podman.sh
# tailscale under podman on fedora
# tested on Fedora IOT (arm64 and amd64) and Silverblue (amd64).
# !!! Not to be run as a script (contains reboot) !!!
# ensure the tun module is loaded by default
echo tun > /etc/modules-load.d/tun.conf
# ensure iptables xt_mark module is enabled and loaded
echo xt_mark > /etc/modules-load.d/xt_mark.conf
# ensure iptables ip6table_filter module is enabled and loaded
echo ip6table_filter > /etc/modules-load.d/ip6table_filter.conf
# iptables rather than nftables, for compatibility
rpm-ostree install iptables-legacy
sed -i 's/^FirewallBackend=.*/FirewallBackend=iptables/' /etc/firewalld/firewalld.conf
# vvv !!! WARNING !!!
# reboot to apply iptables-legacy package and changes to firewalld and kernel modules
systemctl reboot
# ^^^ !!! WARNING !!!
# create storage for state
podman volume create tailscaled-state
# launch the container, $HOSTNAME will be used to identify the default name of the tailscale client (e.g. in magic DNS). feel free to modify this as desired.
podman run -d \
  --rm \
  --name tailscaled \
  --hostname $HOSTNAME \
  --label "io.containers.autoupdate=registry" \
  --volume tailscaled-state:/var/lib/tailscale \
  --device /dev/net/tun \
  --network host \
  --privileged `#Highway To The Danger Zone! You could also try --cap-add net_admin,net_raw` \
  ghcr.io/guest42069/tailscale:latest tailscaled --state /var/lib/tailscale/tailscaled.state
# alternatively use ghcr.io/tailscale/tailscale:stable from https://github.com/tailscale/tailscale/pkgs/container/tailscale
# generate and enable a systemd service unit for the container
(cd /etc/systemd/system && podman generate systemd --new --name --files tailscaled) && systemctl enable --now container-tailscaled
# bring up the tailscale connect and login
podman exec tailscaled tailscale up
	# tailscale under podman on fedora
	# tested on Fedora IOT (arm64 and amd64) and Silverblue (amd64).
	# !!! Not to be run as a script (contains reboot) !!!
	# ensure the tun module is loaded by default
	echo tun > /etc/modules-load.d/tun.conf
	# ensure iptables xt_mark module is enabled and loaded
	echo xt_mark > /etc/modules-load.d/xt_mark.conf
	# ensure iptables ip6table_filter module is enabled and loaded
	echo ip6table_filter > /etc/modules-load.d/ip6table_filter.conf
	# iptables rather than nftables, for compatibility
	rpm-ostree install iptables-legacy
	sed -i 's/^FirewallBackend=.*/FirewallBackend=iptables/' /etc/firewalld/firewalld.conf
	# vvv !!! WARNING !!!
	# reboot to apply iptables-legacy package and changes to firewalld and kernel modules
	systemctl reboot
	# ^^^ !!! WARNING !!!
	# create storage for state
	podman volume create tailscaled-state
	# launch the container, $HOSTNAME will be used to identify the default name of the tailscale client (e.g. in magic DNS). feel free to modify this as desired.
	podman run -d \
	--rm \
	--name tailscaled \
	--hostname $HOSTNAME \
	--label "io.containers.autoupdate=registry" \
	--volume tailscaled-state:/var/lib/tailscale \
	--device /dev/net/tun \
	--network host \
	--privileged `#Highway To The Danger Zone! You could also try --cap-add net_admin,net_raw` \
	ghcr.io/guest42069/tailscale:latest tailscaled --state /var/lib/tailscale/tailscaled.state
	# alternatively use ghcr.io/tailscale/tailscale:stable from https://github.com/tailscale/tailscale/pkgs/container/tailscale
	# generate and enable a systemd service unit for the container
	(cd /etc/systemd/system && podman generate systemd --new --name --files tailscaled) && systemctl enable --now container-tailscaled
	# bring up the tailscale connect and login
	podman exec tailscaled tailscale up