Ansible role that configures your Tailscale clients (on one or more tailnets)
| defaults/main | Improved the accept-routes fix from previous commit. | |
| docs | Note on how to quickly switch between tailnets. | |
| handlers | Reload procps after enabling IP forwarding. Apt repo filename | |
| tasks | Another fix for accept-routes: have to handle the case | |
| .gitignore | Installs and configures Tailscale client | |
| LICENSE | Major refactor. No more reboots. | |
| README.md | Note on how to quickly switch between tailnets. | |
Tailscale
This Ansible role installs and configures the Tailscale client. The role has been tested on Ubuntu Jammy and Noble.
This role was originally loosely based on the Ansible roles listed below. I am indebted to their authors for sharing their work and experience freely.
Using this role you can configure a tailnet with multiple devices
where each node has its own set of tailscale up arguments.
You should set at least that part of the tailscale dict somewhere with higher
priority than role defaults, something along these lines:
tailscale:
tailnet:
- { host: pluto, args: "--accept-dns=false --accept-routes=true" }
- { host: saturn, args: "--advertise-exit-node" }
- { host: casablanca, args: "--accept-dns=false" }
authkey: "tskey-auth-KEY_IDENTITY-KEY_SECRET"
See more notes in the docs/ folder in this repository.
Links and notes
Tailscale docs
- https://tailscale.com/kb/1187/install-ubuntu-2204
- https://tailscale.com/kb/1241/tailscale-up
- https://tailscale.com/kb/1072/client-preferences
- https://tailscale.com/kb/1103/exit-nodes
- https://tailscale.com/kb/1114/pi-hole
- https://tailscale.com/kb/1130/lxc-unprivileged
- https://tailscale.com/kb/1112/userspace-networking
- https://tailscale.com/kb/1084/sharing/#sharing--exit-nodes
- https://tailscale.com/kb/1011/log-mesh-traffic
Blogs, forums, rest of web
Ansible roles
- https://github.com/artis3n/ansible-role-tailscale 469 stars, 72 forks, last commit 5 mo ago
- https://github.com/artis3n/ansible-collection-tailscale 51 stars, 8 forks, last commit 2 wk ago - meant to replace role above
- https://github.com/dockpack/base_tailscale 20 stars, 4 forks, last commit 3 yr ago
- https://github.com/robertdebock/ansible-role-tailscale 11 stars, 2 forks, last commit 3 wk ago
- https://github.com/jason-riddle/ansible-role-tailscale 7 stars, last commit 3 mo ago
- https://github.com/andreygubarev/ansible-tailscale last commit 2 yr ago
- https://github.com/enzops/ansible-tailscale 1 star, last commit 3 yr ago
Linux GUI
- https://github.com/DeedleFake/trayscale - An unofficial GUI wrapper around the Tailscale CLI client. 845 stars, 24 forks, 95 releases, latest release less than a month ago. Install as Flatpak or from Go source. https://reddit.com/r/Tailscale/comments/126ruox/trayscale_an_unofficial_tailscale_gui_for_linux
- https://github.com/mattn/tailscale-systray - Linux port of tailscale system tray menu. 224 stars, 25 forks, no releases. Latest commit 7 months ago. Another Go project, installed from source.
Opt out of client logging
Edit `/etc/default/tailscaled`` and add the following line:
TS_NO_LOGS_NO_SUPPORT=true
List currently invoked CLI flags?
Not very obvious, and the output is JSON, but it works:
$ tailscale debug prefs