diff --git a/README.md b/README.md index 7116392..e71a871 100644 --- a/README.md +++ b/README.md @@ -1,68 +1,12 @@ # Tailscale -This Ansible role installs and configure the [Tailscale client](https://tailscale.com/download) -for Linux (Ubuntu) devices. +This Ansible role installs and configure the [Tailscale client](https://tailscale.com/download) on debian machines and points it to my headscale instance. This role was written based on [artis3n/ansible-role-tailscale](https://github.com/artis3n/ansible-role-tailscale). -## Use Tailscale as exit node and DNS server for devices +## Setup -For example, when abroad. The point then is to route *all traffic* via -our Tailscale exit node, *including* DNS queries. +Add a reusable key to vars/main.yml as tailscale_auth_key -Designate a Tailscale node as **exit node** via the web UI. -To route the traffic from your device to that exit node, -run`tailscale up --exit-node=` (on Linux) or select the corresponding -menu option on Android. - -When you use the exit node feature, DNS traffic is automatically forwarded -(so [no DNS leakage](https://github.com/tailscale/tailscale/issues/1713)). -Awesome! - -Tailscale exit nodes can then be shared with other users in our Github org, -or with external users. Very cool! - -Note that you need to add the Tailscale IP address of the exit node to -the **Nameservers** setting in the Tailscale web UI. Also, it might be a good -idea to set `override local DNS`. - -Finally, internet connectivity from your Tailscale nodes will not work at all -unless you set Pi-Hole's listening behaviour to **Listen on all interfaces, permit all origins** -(default was **Listen only on eth0**). - - - -## Use Tailscale as DNS server for Android devices? - -The idea is to *not* route all traffic via the exit node, only the DNS traffic. -This might be useful in certain situations (where you don't mind the ISP seeing -your traffic, but you still want to benefit from our ad/tracker blocking). - -I have not tested this properly yet. - -+ https://shotor.com/blog/run-your-own-mesh-vpn-and-dns-with-tailscale-and-pihole/ -+ https://forum.tailscale.com/t/need-some-help-with-default-dns-when-using-tailscale/341 -+ https://github.com/tailscale/tailscale/issues/915 -+ https://github.com/tailscale/tailscale/issues/74 - - -## Notes on running Tailscale client inside LXC container - -My DNS server (PiHole + unbound) runs as an LXC container. -In the same container we also run Tailscale. - -This works fine. For details on how the LXC profile was setup, -see the [lxd-server role](https://codeberg.org/ansible/lxd-server). - - -## Refs - -+ https://github.com/artis3n/ansible-role-tailscale -+ https://github.com/dockpack/base_tailscale -+ https://tailscale.com/kb/1103/exit-nodes/ -+ https://tailscale.com/kb/1114/pi-hole/ -+ https://tailscale.com/kb/1130/lxc-unprivileged/ -+ https://tailscale.com/kb/1112/userspace-networking/ -+ https://tailscale.com/kb/1084/sharing/#sharing--exit-nodes