version: '3.5'

services:
  tailscaled:
    container_name: tailscaled
    network_mode: "host"
    image: tailscale/tailscale:v1.78.3
    privileged: true  # 需要权限访问 TUN 设备
    restart: unless-stopped
    entrypoint: ["/bin/sh", "-c"]
    command: >
      "/usr/local/bin/tailscaled --state=/var/lib/tailscale/tailscaled.state --tun=userspace-networking &
      sleep 5 &&
      tailscale up --authkey=${TS_AUTHKEY} --advertise-tags=tag:container --login-server=https://headscale.jmsu.top"
    cap_add:
      - net_admin
      - sys_module
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - "tailscalestate:/var/lib/tailscale"  # 使状态路径挂载为 tailscaled 使用的状态目录
      # - /dev/net/tun:/dev/net/tun  # 访问 TUN 设备
      # - /var/run/dbus:/var/run/dbus
      # - /var/run/tailscale:/var/run/tailscale
      # - /tmp:/tmp
    environment:
      - TS_AUTHKEY=41a4eef7a15a1cabd6adde1ae37da285680b6c0e37355488
      - TS_STATE_DIR=/var/lib/tailscale 
      # - TS_USERSPACE=true  
      # - "TS_EXTRA_ARGS=--login-server=https://headscale.jmsu.top --advertise-tags=tag:container --reset"
    # command: ["tail", "-f", ">>", "/dev/null"]

volumes:
  tailscalestate: