From d1869a4adb43935197dc54decd7405d326d2c924 Mon Sep 17 00:00:00 2001 From: Xaver Russ Date: Thu, 23 Oct 2025 02:43:01 +0200 Subject: [PATCH] Update Dockerfile and start-tailscale.sh for improved dependency management and NAT configuration --- containers/mikrotik-tailscale/Dockerfile | 16 +++++++++------- .../mikrotik-tailscale/start-tailscale.sh | 17 ++++++++++++----- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/containers/mikrotik-tailscale/Dockerfile b/containers/mikrotik-tailscale/Dockerfile index 72cc3b4..7ee74e7 100644 --- a/containers/mikrotik-tailscale/Dockerfile +++ b/containers/mikrotik-tailscale/Dockerfile @@ -1,12 +1,14 @@ -FROM alpine:latest +FROM alpine:3.20 -RUN apk add --no-cache tailscale && \ +# Install all dependencies at build time, not runtime +RUN apk add --no-cache \ + tailscale \ + iptables \ + ip6tables \ + curl \ + iproute2 && \ rm -rf /var/cache/apk/* COPY --chmod=755 start-tailscale.sh /start-tailscale.sh -CMD ["/start-tailscale.sh"] - - -# container/repull tailscale-xr -# container/add envlists=tailscale-xr interface=ct-tailscale-xr check-certificate=no logging=yes name=tailscale-xr remote-image=forgejo.hostedbymyself.de/hbms/mikrotik-tailscale:latest start-on-boot=yes root-dir=container/tailscale-xr \ No newline at end of file +CMD ["/start-tailscale.sh"] \ No newline at end of file diff --git a/containers/mikrotik-tailscale/start-tailscale.sh b/containers/mikrotik-tailscale/start-tailscale.sh index 5170ee6..79ef1d7 100644 --- a/containers/mikrotik-tailscale/start-tailscale.sh +++ b/containers/mikrotik-tailscale/start-tailscale.sh @@ -2,17 +2,24 @@ echo "Starting Tailscale with ARGS: $ARGS" -apk upgrade tailscale --update - +# Enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv6/conf/all/forwarding +# Try to enable NAT for Tailscale (may fail on MikroTik due to limited kernel modules) +# This is optional for basic Tailscale functionality +if iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE 2>/dev/null; then + echo "NAT masquerading enabled" +else + echo "Warning: Could not enable NAT masquerading (kernel modules not available)" + echo "Tailscale will still work for basic connectivity" +fi + +# Initialize and start Tailscale tailscaled > /dev/null 2>&1 & - sleep 5 - -tailscale up --reset ${ARGS} +tailscale up ${ARGS} while true; do tailscale netcheck