Codespace feature for Tailscale connectivity

This repository contains a feature for GitHub Codespaces to connect the running VM to a Tailscale network.

To get started, add the following feature to your devcontainer.json:

"features": {
  "ghcr.io/tailscale/codespace/tailscale": {
    "version": "latest"
  }
}

Starting Tailscale

The Tailscale daemon starts automatically as part of the devcontainer entrypoint.

Manual Log in

sudo tailscale up --accept-routes

More info: tailscale up

Automatic login

Create an auth key in the Tailscale admin panel.

Create a codespace secret called TS_AUTH_KEY in your codespaces configuration containing the auth key you made above.

Now whenever you launch a devcontainer with access to this secret, it will automatically perform a tailscale up --accept-routes --auth-key=$TS_AUTH_KEY.

Details

• A mount is added called tailscale-${devcontainerId} mapped to /var/lib/tailscale to persist taislcaled state across devcontainer rebuilds, so a single devcontainer will remain logged in for the devcontainer lifetime.
• The feature requires CAP_NET_ADMIN in order to configure certain network properties for kernel mode tailscale.
• The feature requires kernel tun support in the runtime and CAP_MKNOD so that it can create a tun device node if needed.
• CAP_NET_RAW enables the feature to send ICMP.

Development

A convenient way to develop this feature is to use codespaces, as they start by default with many of the dependencies required (at least Docker and npx).

Inside a codespace you can use the Tasks:Run Test Task command.

On a standalone machine tests can be run with:

npx @devcontainers/cli features test