Update Dockerfile and start-tailscale.sh for improved dependency management and NAT configuration

containers/mikrotik-tailscale/Dockerfile

@@ -1,12 +1,14 @@
-FROM alpine:latest
+FROM alpine:3.20
 
-RUN apk add --no-cache tailscale && \
+# Install all dependencies at build time, not runtime
+RUN apk add --no-cache \
+    tailscale \
+    iptables \
+    ip6tables \
+    curl \
+    iproute2 && \
     rm -rf /var/cache/apk/*
 
 COPY --chmod=755 start-tailscale.sh /start-tailscale.sh
 
 CMD ["/start-tailscale.sh"]
-
-
-# container/repull tailscale-xr 
-# container/add envlists=tailscale-xr interface=ct-tailscale-xr   check-certificate=no logging=yes name=tailscale-xr remote-image=forgejo.hostedbymyself.de/hbms/mikrotik-tailscale:latest start-on-boot=yes root-dir=container/tailscale-xr

containers/mikrotik-tailscale/start-tailscale.sh

@@ -2,17 +2,24 @@
 
 echo "Starting Tailscale with ARGS: $ARGS"
 
-apk upgrade tailscale --update
+# Enable IP forwarding
-
 echo 1 > /proc/sys/net/ipv4/ip_forward
 echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 
+# Try to enable NAT for Tailscale (may fail on MikroTik due to limited kernel modules)
+# This is optional for basic Tailscale functionality
+if iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE 2>/dev/null; then
+    echo "NAT masquerading enabled"
+else
+    echo "Warning: Could not enable NAT masquerading (kernel modules not available)"
+    echo "Tailscale will still work for basic connectivity"
+fi
 
+
+# Initialize and start Tailscale
 tailscaled > /dev/null 2>&1 &
-
 sleep 5
-
+tailscale up ${ARGS}
-tailscale up --reset ${ARGS}
 
 while true; do
   tailscale netcheck