home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Tailscale #52

New issue
Closed
opened 2024-02-12 21:21:49 +00:00 by pim · 2 comments
pim commented 2024-02-12 21:21:49 +00:00
Owner
Copy link

I have come around, and maybe don't want some things to be exposed to the internet. Tailscale should be a good solution to this. Will also investigate headscale.

I have come around, and maybe don't want some things to be exposed to the internet. Tailscale should be a good solution to this. Will also investigate headscale.
pim commented 2024-03-11 21:50:28 +00:00
Author
Owner
Copy link

Tailscale itself might be able to eliminate a lot of complexity from our servers. Instead of using Nomad (which is not anymore open source software) or Docker Swarm, we can have a setup as follows: we deploy our services using Podman. For every container that needs to be exposed to the outside, we can put this container with a tailscale container inside the same pod. This means they will have the same networking namespace. Tailscale can then function as a reverse proxy. It can also use funnel to expose it to the internet if wanted. It can also do let's encrypt!!

Bascially this but with podman. Should verify this is all possible with podman.

Tailscale itself might be able to eliminate a lot of complexity from our servers. Instead of using Nomad (which is not anymore open source software) or Docker Swarm, we can have a setup as follows: we deploy our services using Podman. For every container that needs to be exposed to the outside, we can put this container with a tailscale container inside the same pod. This means they will have the same networking namespace. Tailscale can then function as a reverse proxy. It can also use funnel to expose it to the internet if wanted. It can also do let's encrypt!! Bascially [this](https://tailscale.com/kb/1282/docker) but with podman. Should verify this is all possible with podman.
pim commented 2024-07-18 08:55:14 +00:00
Author
Owner
Copy link

According to this page, we can use auth keys to automatically authenticate a k8s pod with Tailscale. An auth key generates node keys. These node keys are associated to a specific node (in this context k8s pod) and can be set to not expire. The auth key is expired after a maximum of 60 days, after which a new one has to be installed. The node keys continue to work though.

According to [this page](https://tailscale.com/kb/1185/kubernetes#setup), we can use [auth keys](https://tailscale.com/kb/1085/auth-keys) to automatically authenticate a k8s pod with Tailscale. An auth key generates node keys. These node keys are associated to a specific node (in this context k8s pod) and can be set to [not expire](https://tailscale.com/kb/1028/key-expiry#disabling-key-expiry). The auth key is expired after a maximum of 60 days, after which a new one has to be installed. The node keys continue to work though.
pim closed this issue 2024-07-21 20:10:55 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
headscale
nix-snapshotter
No results found.
Labels
Clear labels
  
Bug

   
Enhancement

   
Investigate

Investigate the utility or feasability

  
Long-term plan

   
New feature

   
New service

A potential new service that we would like to host.

No labels
Bug
Enhancement
Investigate
Long-term plan
New feature
New service
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: home/nixos-servers#52
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?