From 1c8f2c699c0e9ca80b81c50436a09640bcada500 Mon Sep 17 00:00:00 2001
From: Digital Asset Management <kevin.riordan@damconsulting.llc>
Date: Tue, 8 Apr 2025 22:08:16 -0500
Subject: [PATCH] Initial commit

---
 README.md                   | 111 ++++++++++++++++++++++++++++++++++++
 docker-compose.yml          |   0
 tailscale/config/serve.json |  19 ++++++
 3 files changed, 130 insertions(+)
 create mode 100644 README.md
 create mode 100644 docker-compose.yml
 create mode 100644 tailscale/config/serve.json

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a02c238
--- /dev/null
+++ b/README.md
@@ -0,0 +1,111 @@
+# {{Service}} with Tailscale Integration
+
+![{{Service}} with Tailscale](https://jellyfin.org/images/logo.svg "{{Service}}")
+
+This project sets up a {{Service}} instance with Tailscale VPN integration using Docker Compose. It creates a secure, private network connection for your {{Service}} instance using Tailscale.
+
+## Prerequisites
+
+- Docker and Docker Compose installed on your system
+- A Tailscale account and auth key (get one from https://login.tailscale.com/admin/authkeys)
+- Basic understanding of Docker and networking concepts
+
+## Project Structure
+```
+ts-{{service}}/
+├── docker-compose.yml
+├── tailscale/
+│   ├── tailscale-data/  # Persistent Tailscale state
+│   └── config/         # Tailscale configuration files
+└── {{service}}/
+    └── config/         # {{service}} configuration files
+```
+
+## Setup Instructions
+
+1. **Clone the Repository**
+   ```bash
+   git clone https://gitea.damconsulting.llc/DAM/ts-{{service}}
+   cd ts-{{service}}
+   ```
+2. Create Required Directories
+    ```bash
+    mkdir -p tailscale/tailscale-data
+    ```
+3. Configure Tailscale
+    - Replace `{{YOUR_TAILSCALE_AUTHKEY}}` in the docker-compose.yml with your actual Tailscale auth key
+    - Optionally, update the file in `tailscale/config/serve.json` if you need specific Tailscale serve configurations
+        - CAUTION: Changing `"${TS_CERT_DOMAIN}:443": false` to `true` will expose the service to the internet
+
+4. Configure {{Service}}
+    - See {{service_docs}} for configuration options
+
+5. Start the Services
+    ```bash
+    docker-compose up -d
+    ```
+
+6. Wait for Certificate to propagate [~2m] 
+
+7. Login
+
+## Services
+
+### {{service}}-ts (Tailscale)
+
+- Runs Tailscale VPN client
+- Image: tailscale/tailscale:latest
+- Container name: {{service}}-ts
+- Hostname: {{service}}
+- Requires NET_ADMIN and SYS_MODULE capabilities
+- Persists state in ./tailscale/tailscale-data
+- Uses configuration from ./tailscale/config
+
+### {{service}}
+
+- Depends on {{service}}-ts service
+
+## Usage
+
+- After starting the services your service should be available via tailnet at `https://{{service}}.{{YOUR_TAILNET_DOMAIN}}.ts.net` ie `https://{{service}}.tail12345.ts.net/`
+- To manually get the Tailscale IP/hostname of your container:
+    ```bash
+    docker logs {{service}}-ts
+    ```
+    Look for the Tailscale IP address in the logs.
+
+## Optional Features
+
+- Uncomment the Docker socket volume mapping in the service to enable Docker integrations:
+    ```yaml
+    - /var/run/docker.sock:/var/run/docker.sock
+    ```
+- Uncomment and adjust the ports mapping if you need direct access (without Tailscale):
+    ```yaml
+    ports:
+    - 3000:3000
+    ```
+- Stopping the Services
+    ```bash
+    docker-compose down
+    ```
+
+## Troubleshooting
+- Check container logs:
+    ```bash
+    docker logs {{service}}-ts
+    docker logs {{service}}
+    ```
+- Ensure your Tailscale auth key is valid and not expired
+- Verify the configuration files have proper permissions
+- Make sure required directories exist before starting
+
+## Notes
+- The {{Service}} service uses the Tailscale service's network stack via `network_mode: service:{{service}}-ts`
+- Direct port mapping is disabled by default as Tailscale handles the networking
+- Services restart automatically unless explicitly stopped
+- For more information:
+    - Tailscale documentation: https://tailscale.com/kb/
+    - {{Service}} documentation: {{service_docs}}
+    - {{Service}} repository: {{service_repo}}
+    - {{Service}} linuxserve.io: {{service_lcsr}}
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..e69de29
diff --git a/tailscale/config/serve.json b/tailscale/config/serve.json
new file mode 100644
index 0000000..121ffb8
--- /dev/null
+++ b/tailscale/config/serve.json
@@ -0,0 +1,19 @@
+{
+    "TCP": {
+      "443": {
+        "HTTPS": true
+      }
+    },
+    "Web": {
+      "${TS_CERT_DOMAIN}:443": {
+        "Handlers": {
+          "/": {
+            "Proxy": "http://127.0.0.1:3000"
+          }
+        }
+      }
+    },
+    "AllowFunnel": {
+      "${TS_CERT_DOMAIN}:443": false
+    }
+  }
\ No newline at end of file