Recently I've been testing OpenSUSE Kalpa, one of the recent batch of immutable operating systems. One of the first things I wanted to setup was Tailscale so that the laptop could connect back into my home network. For anyone unfamiliar, Tailscale is a really cool product for doing mesh VPNs.
The following instructions should work on any system with distrobox available, but it's especially useful for Kalpa and other immutable operating systems.
There's no official instructions for getting things going with distrobox, but thankfully it takes basically no extra effort.
Installing Tailscale
First, you need to create a new root distrobox with init system support:
sudo mkdir /var/run/tailscale
distrobox create --root --name tailscale --image registry.opensuse.org/opensuse/tumbleweed:latest --volume /var/run/tailscale:/var/run/tailscale:rw --image registry.opensuse.org/opensuse/tumbleweed:latest --init --additional-packages "systemd"
distrobox enter --root tailscale
Since this is a root distrobox, you'll be asked for a password for access to the distrobox. Once you're fully inside the distrobox, follow the normal installation instructions.
sudo rpm --import https://pkgs.tailscale.com/stable/opensuse/tumbleweed/repo.gpg
sudo zypper ar -g -r https://pkgs.tailscale.com/stable/opensuse/tumbleweed/tailscale.repo
sudo zypper ref
sudo zypper in tailscale
sudo systemctl enable --now tailscaled
# Allow using tailscale without two passwords
sudo tailscale set --operator $USER
# Expose the binaries to the host system
distrobox-export --bin /bin/tailscale
Now you can drop back out of the distrobox container and use tailscale as normal, eg. tailscale up to login and get setup.
Start on boot
This setup will not start on boot, but will start when the distrobox starts. If you want it to start automatically on boot then you can start distrobox at login using a systemd service.
First, create a small shell script which will start the container. I use /root/bin/start-tailscale.sh for this.
#!/usr/bin/env bash
# Precreate the volume that distrobox expects
mkdir -p /run/tailscale
# Start the container manually
podman start tailscale
Make sure to set this as executable with chmod a+x /root/bin/start-tailscale.sh. After this, create a new systemd service file in /etc/systemd/system/tailscale.service:
[Unit]
Description=Tailscale VPN
After=network.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/root/bin/start-tailscale.sh
[Install]
WantedBy=multi-user.target
Once this file is created, you can use the following commands to test the new service:
# Tell systemd to load the new service file
systemd daemon-reload
# Do a test start
systemd start tailscale
# Enable on next boot
systemd enable tailscale
Caveats
sudo tailscale
Anywhere you see sudo tailscale in the documentation, you can just use tailscale instead. Distrobox will install the binary stub into your local user account and deal with sudo for you. If you try to use sudo yourself, then it's likely that it won't be able to find the tailscale stub since it's installed into your home folder and won't be on the sudo $PATH.
The client socket
The setup above will map the client socket to the host machine correctly, but in my testing unless you also setup the on-boot startup then flatpaks will not be able to access the socket correctly. I haven't managed to fully identify why this happens, but it's working for me properly now. Without the systemd service, Trayscale would simply time out while trying to connect to the unix socket.
MagicDNS
I haven't fully tested MagicDNS yet, but I suspect it doesn't work properly with this setup as tailscale status will complain about not being able to manage resolve.conf.
Top comments (0)