Working Tailscale HTTPS and authentication with just docker-compose (#67

)

https://tailscale.com/blog/docker-tailscale-guide

ansible/roles/odroid_containers_audiobookshelf/tasks/main.yml

@@ -20,26 +20,32 @@
     path: "{{ item }}"
     state: directory
   with_items:
-    - "/home/{{ odroid_container_user }}/Containers/audiobookshelf/tailscale/"
+    - "/home/{{ odroid_container_user }}/Containers/audiobookshelf/tailscale-state/"
+    - "/home/{{ odroid_container_user }}/Containers/audiobookshelf/tailscale-config/"
     - "/home/{{ odroid_container_user }}/Containers/audiobookshelf/Audiobooks/"
     - "/home/{{ odroid_container_user }}/Containers/audiobookshelf/Podcasts/"
     - "/home/{{ odroid_container_user }}/Containers/audiobookshelf/config/"
     - "/home/{{ odroid_container_user }}/Containers/audiobookshelf/metadata/"
 
-- name: Copy the compose file to the server
+- name: Copy the docker compose file to the server
   ansible.builtin.template:
     src: "audiobookshelf-docker-compose.yml"
     dest: "/home/{{ odroid_container_user }}/Containers/audiobookshelf/docker-compose.yml"
     owner: "{{ odroid_container_user }}"
     group: "{{ odroid_container_user_group }}"
     mode: "0644"
 
+# Make sure this dest file maps to /config/tailscale.json in the container...
+# inspect manually if it is the first time placing this file onto your server
+- name: Copy the tailscale json file to the server
+  ansible.builtin.template:
+    src: "tailscale.json"
+    dest: "/home/{{ odroid_container_user }}/Containers/audiobookshelf/tailscale-config/config/tailscale.json"
+    owner: "{{ odroid_container_user }}"
+    group: "{{ odroid_container_user_group }}"
+    mode: "0644"
+
 - name: Create and start services
   community.docker.docker_compose_v2:
     project_src: "/home/{{ odroid_container_user }}/Containers/audiobookshelf"
     state: present
-
-- name: Authenticate the tailscale container
-  ansible.builtin.shell: "docker compose exec tailscale tailscale up --authkey {{ iancleary_tailscale_auth_key }}"
-  args:
-    chdir: "/home/{{ odroid_container_user }}/Containers/audiobookshelf"

ansible/roles/odroid_containers_audiobookshelf/templates/audiobookshelf-docker-compose.yml

@@ -5,21 +5,33 @@ services:
   tailscale:
         hostname: books                         # This will become the tailscale device name
         image: docker.io/tailscale/tailscale:latest
+        environment:
+          - TS_AUTH_KEY={{ iancleary_tailscale_auth_key }}
+          - TS_SERVE_CONFIG=/config/tailscale.json
+          - TS_STATE_DIR=/var/lib/tailscale
         volumes:
-            - ./tailscale:/var/lib/tailscale        # State data will be stored in this directory
+            - ${PWD}/tailscale-state:/var/lib/tailscale
+            - ${PWD}/tailscale-config/config:/config       # State data will be stored in this directory
             - "/dev/net/tun:/dev/net/tun"           # Required for tailscale to work
         cap_add:                                    # Required for tailscale to work
           - net_admin
           - sys_module
-        command: tailscaled
+        restart: unless-stopped
 
   audiobookshelf:
     image: ghcr.io/advplyr/audiobookshelf:latest
     network_mode: service:tailscale
-#    ports:
-#      - 13378:80
+    depends_on:
+      - tailscale
     volumes:
-      - ./Audiobooks:/audiobooks
-      - ./Podcasts:/podcasts
-      - ./config:/config
-      - ./metadata>:/metadata
+      - ${PWD}/Audiobooks:/audiobooks
+      - ${PWD}/Podcasts:/podcasts
+      - ${PWD}/config:/config
+      - ${PWD}/metadata>:/metadata
+    restart: unless-stopped
+
+volumes:
+  audiobookshelf:
+    driver: local
+  tailscale:
+    driver: local

ansible/roles/odroid_containers_audiobookshelf/templates/tailscale.json

@@ -0,0 +1,19 @@
+{
+  "TCP": {
+    "443": {
+      "HTTPS": true
+    }
+  },
+  "Web": {
+    "${TS_CERT_DOMAIN}:443": {
+      "Handlers": {
+        "/": {
+          "Proxy": "http://127.0.0.1:80"
+        }
+      }
+    }
+  },
+  "AllowFunnel": {
+    "${TS_CERT_DOMAIN}:443": false
+  }
+}