| Updating this to correct a few things, and also to not encourage a single command for fetching a script and running it without checking it first. I will leave the original authors on here in case it still works for a previous version of qubes. The way I am adding works for 4.2.1
<b>Create template and install Tailscale: </b>
Create a new template VM to install tailscale into, I will be using a Fedora-39 template as the base for the new template. Inside that new template, we will follow the directions on the [Tailscale website](https://tailscale.com/kb/1050/install-fedora) with some modifications, the link is there for if you'd like to verify.
```
sudo dnf config-manager --add-repo https://pkgs.tailscale.com/stable/fedora/tailscale.repo
sudo dnf install tailscale
sudo systemctl stop tailscale
```
It will ask you to verify Tailscale's signing key fingerprint before it installs, which will look like this:
```
Importing GPG key 0x957F5868:
Userid : "Tailscale Inc. (Package repository signing key) <info@tailscale.com>"
Fingerprint: 2596 A99E AAB3 3821 893C 0A79 458C A832 957F 5868
From : https://pkgs.tailscale.com/stable/fedora/repo.gpg
Is this ok [y/N]:
```
Confirm that fingerprint is correct and respond y. Frustratingly they don't post that on their website, but web of trust it and search around to make sure it is accurate.
<b> Set up sys-tailscale: </b>
Now create an app-vm based on your new tailscale template you just made. Make sure you check the box for provides network to other qubes. I called mine sys-tailscale. Start up a terminal for sys-tailscale and set up your bind-dirs to have the login persist across reboots:
```
sudo mkdir -p /rw/config/qubes-bind-dirs.d
sudo nano /rw/config/qubes-bind-dirs.d/50_user.conf
```
Yes, I know, nano, get over it, it works well lol. Within 50_user.conf add the following:
```
binds+=( '/var/lib/tailscale' '/var/cache/tailscale' '/var/log/tailscale' '/etc/default/tailscaled' )
```
Now time to finish setting up your [binds](https://www.qubes-os.org/doc/bind-dirs/#how-to-use-bind-dirssh). In order to do that we need to create those directories we added to 50_user.conf
```
sudo mkdir -p /rw/bind-dirs/var/lib/tailscale
sudo mkdir -p /rw/bind-dirs/var/cache/tailscale
sudo mkdir -p /rw/bind-dirs/var/log/tailscale
sudo mkdir -p /rw/bind-dirs/etc/default/tailscaled
```
Now lets check to make sure we got it right:
```
[user@tailscale-checker ~]$ tree /rw/bind-dirs/
/rw/bind-dirs/
├── etc
│ └── default
│ └── tailscaled
└── var
├── cache
│ └── tailscale
├── lib
│ └── tailscale
└── log
└── tailscale
```
<b>Set up the commands we need in rc.local to have Tailscale set up and running on reboot</b>
```
sudo nano /rw/config/rc.local
```
Add the following two lines at the bottom of the file
```
systemctl start tailscaled
tailscale up
```
You do not need to use add sudo on there on the commands in rc.local. I reboot sys-tailscale at this point, probably not necessary I just like to verify everything is there before logging in.
<b>Log in to Tailscale</b>
```
sudo tailscale up
```
It will now prompt you to login in to a link it provides. Do that, then once you have logged in make sure to activate the machine in your Tailscale admin console
Check to make sure you are logged in:
```
tailscale status
```
If you are logged in you should see the list of your machines running Tailscale starting with their IPs.
Now time to reboot again and make sure your login persisted. Once rebooted just run tailscale status again, and if all went well you will still be logged in.
<b>You are now done and have a working sys-tailscale that you can use as the net vm for any qube you want to give access to your tailnet.</b>
<b><em>Previous Version Starts here</b></em>
|