From c8081e244798c78ed897fc47d2aa3397563a6f29 Mon Sep 17 00:00:00 2001
From: Kyle Harding <kyle@balena.io>
Date: Thu, 14 Dec 2023 13:52:14 -0500
Subject: [PATCH] Use official tailscale docker image

The balena wrapper wasn't adding any useful functionality
and was slower to get updates.

Signed-off-by: Kyle Harding <kyle@balena.io>
---
 docker-compose.yml            | 47 +++++++++++++++++++++++++----------
 tailscale/Dockerfile.template |  3 ---
 2 files changed, 34 insertions(+), 16 deletions(-)
 delete mode 100644 tailscale/Dockerfile.template

diff --git a/docker-compose.yml b/docker-compose.yml
index ad38b03d..6f79c171 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -58,21 +58,42 @@ services:
     environment:
       SET_HOSTNAME: pihole
 
+  # https://hub.docker.com/r/tailscale/tailscale
+  # https://github.com/tailscale/tailscale/blob/main/cmd/containerboot/main.go
+  # https://tailscale.com/kb/1282/docker
+  # https://tailscale.com/kb/1278/tailscaled
+  # https://tailscale.com/kb/1241/tailscale-up
+  # https://tailscale.com/kb/1242/tailscale-serve
+  # https://tailscale.com/kb/1311/tailscale-funnel
   tailscale:
-    build: tailscale
+    image: tailscale/tailscale:v1.54.1@sha256:ce594e3d18874960caa3f7d8fd8fc39a89b9c34e3ff05d6fdf3124cc550c8c2c
+    restart: unless-stopped
+    environment:
+      TS_STATE_DIR: /var/lib/tailscale
+      TS_SOCKET: /var/run/tailscale/tailscaled.sock
+      TS_USERSPACE: false
+      TS_AUTH_ONCE: false
+      TS_HOSTNAME: pi-hole
+      TS_EXTRA_ARGS: --accept-dns=false --reset
     network_mode: host
-    restart: on-failure
-    volumes:
-      - tailscale:/var/lib/tailscale
-    labels:
-      - io.balena.features.kernel-modules=1
     cap_add:
-      - net_admin
-      - net_raw
-      - sys_module
+      - NET_ADMIN
+      - NET_RAW
+      - SYS_MODULE
+    labels:
+      io.balena.features.kernel-modules: 1
     tmpfs:
       - /tmp
-      - /var/run/
-    environment:
-      TS_EXTRA_ARGS: --accept-dns=false --reset
-      REQUIRE_AUTH_KEY: "true"
+      - /run
+    volumes:
+      - tailscale:/var/lib/tailscale
+    entrypoint:
+      - /bin/sh
+      - -c
+    command:
+      - |
+        modprobe tun || true
+        modprobe wireguard || true
+        mkdir -p /dev/net
+        [ ! -c /dev/net/tun ] && mknod /dev/net/tun c 10 200
+        /usr/local/bin/containerboot
diff --git a/tailscale/Dockerfile.template b/tailscale/Dockerfile.template
deleted file mode 100644
index f23faa1b..00000000
--- a/tailscale/Dockerfile.template
+++ /dev/null
@@ -1,3 +0,0 @@
-# https://github.com/klutchell/balena-tailscale/tags
-# hadolint ignore=DL3006
-FROM bh.cr/klutchell_blocks/tailscale-%%BALENA_ARCH%%/1.54.0