Tailscale Issues

Hi, I’m a new, non-techie Qubes user. I’m a big fan of Tailscale (mesh private network) and it works fine in a Debian 11 standalone but I wanted to try installing it in a template.

I installed it into my Debian 11 template via their repo and while the installation went fine, subsequent apt updates failed because Tailscale somehow broke the 8082 proxy. This occurs just from installing Tailscale; I didn’t yet log in or activate it with the ‘sudo tailscale up’ command.

I also contemplated installing Tailscale into an AppVM and trying to make it persistent with bind-dirs but I think there are too many files in too many places to make this a simple task.

Does anyone have experience with this, or hints about Tailscale on Qubes in general?

Is there a way to install Tailscale in a template and keep the proxy working for apt?

Has anyone somehow used Tailscale in a VPN/Proxy Qube arrangement?

Update: I found I could make the template proxy work again by simply doing a ‘sudo systemctl stop tailscaled’. So now I’m able to have the Tailscale software pre-installed to my template without causing any issues.

But now I want to enable Tailscale in only certain AppVMs and have those configurations be persistent. I suppose I’ll have to try to figure out how to do this with bind-dirs but understanding which paths to include will be difficult for me.

Success! I was able to configure bind-dirs in the template in /etc/qubes-bind-dirs.d for /var/cache/tailscale and /var/log/tailscale and this was enough to allow a tailscale login to persist across AppVM reboots.

I put ‘sudo systemctl start tailscaled’ and ‘sudo tailscale up’ in /rw/config/rc.local and this automatically starts the service and logs me in from the persistent configuration.