ops/tailscalesd
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use LoadCredential secrets and DynamicUser for tailscalesd.

Browse source
This commit is contained in:
Abel Luck 2026-03-05 15:56:06 +01:00
parent d5201b471b
commit 6870186009
5 changed files with 134 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -75,6 +75,12 @@ Configuration values can be set using environment variables, or optionally loade
- **tailnet** (`TAILSCALESD_TAILNET`): The Tailscale tailnet identifier (required).
- **client_id** (`TAILSCALESD_CLIENT_ID`): The Tailscale oauth client id (required).
- **client_secret** (`TAILSCALESD_CLIENT_SECRET`): The Tailscale oauth client secret (required).
- File-based secret alternatives:
- `TAILSCALESD_BEARER_TOKEN_FILE`
- `TAILSCALESD_CLIENT_ID_FILE`
- `TAILSCALESD_CLIENT_SECRET_FILE`
For systemd services, prefer `LoadCredential=` plus `%d` (runtime `CREDENTIALS_DIRECTORY`) and set `TAILSCALESD_*_FILE` values to files under `%d`.
#### Environment File