Skip to content

Tailscale

Description / nameInput element
Container Registry
Container Configuration Root Path
Tailscale /config Path

Build Status Last Commit

Zero-config mesh VPN built on WireGuard — securely connect your devices without port forwarding or firewall changes.
Registry ghcr.io/daemonless/tailscale
Source https://github.com/tailscale/tailscale
Website https://tailscale.com/

Version Tags

Tag Description Best For
latest / pkg FreeBSD Quarterly. Uses stable, tested packages. Most users. Matches Linux Docker behavior.
pkg-latest FreeBSD Latest. Rolling package updates. Newest FreeBSD packages.

Root Privileges Required

Podman on FreeBSD currently requires root. All commands must be run as root (or via doas/sudo).

Before deploying, ensure your host environment is ready. See the Quick Start Guide for host setup instructions.

Deployment

services:
  tailscale:
    image: ghcr.io/daemonless/tailscale:latest
    container_name: tailscale
    environment:
      - TS_AUTHKEY=tskey-auth-xxxx
      - TS_EXTRA_ARGS=--advertise-exit-node
    volumes:
      - "/path/to/containers/tailscale:/config"
    restart: unless-stopped

.env:

DIRECTOR_PROJECT=tailscale
TS_AUTHKEY=tskey-auth-xxxx
TS_EXTRA_ARGS=--advertise-exit-node

appjail-director.yml:

options:
  - virtualnet: ':<random> default'
  - nat:
services:
  tailscale:
    name: tailscale
    options:
      - container: 'boot args:--pull'
    oci:
      user: root
      environment:
        - TS_AUTHKEY: !ENV '${TS_AUTHKEY}'
        - TS_EXTRA_ARGS: !ENV '${TS_EXTRA_ARGS}'
    volumes:
      - TAILSCALE_CONFIG_PATH: /config
volumes:
  TAILSCALE_CONFIG_PATH:
    device: '/path/to/containers/tailscale'

Makejail:

ARG tag=latest

OPTION overwrite=force
OPTION from=ghcr.io/daemonless/tailscale:${tag}

podman run -d --name tailscale \
  -e TS_AUTHKEY=tskey-auth-xxxx \
  -e TS_EXTRA_ARGS=--advertise-exit-node \
  -v /path/to/containers/tailscale:/config \
  ghcr.io/daemonless/tailscale:latest

- name: Deploy tailscale
  containers.podman.podman_container:
    name: tailscale
    image: ghcr.io/daemonless/tailscale:latest
    state: started
    restart_policy: always
    env:
      TS_AUTHKEY: "tskey-auth-xxxx"
      TS_EXTRA_ARGS: "--advertise-exit-node"
    volumes:
      - "/path/to/containers/tailscale:/config"

Interactive Configuration

Parameters

Environment Variables

Variable Default Description
TS_AUTHKEY tskey-auth-xxxx Optional: Tailscale Auth Key for automatic login
TS_EXTRA_ARGS --advertise-exit-node Optional: Additional arguments for tailscale up

Volumes

Path Description
/config State directory (tailscaled.state)

Implementation Details

  • Architectures: amd64
  • User: root (UID/GID set via PUID/PGID). Defaults to 1000:1000.
  • Base: Built on ghcr.io/daemonless/base (FreeBSD 15.0).

Need help? Join our Discord community.