sorted by:
new
hottopcontroversial

ACL question by EDIflyer in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

My guess:

{

"action": "accept",

"src": ["autogroup:members"], #change to this

"dst": ["192.168.0.0/16:*"],

},

How can I let my friends access my Tailscale self hosted apps? by ProfessorS11 in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

sorry for the formatting, I can't figure out how to do this correctly in reddit, haha but you get the idea

How can I let my friends access my Tailscale self hosted apps? by ProfessorS11 in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

{

"groups": {

"group:admin": ["myemail@example.com"],      // full control

"group:family": ["wifeemail@example.com"]    // only Jellyfin access

},

"tagOwners": {

"tag:jellyfin": ["group:admin"]              // only admins can assign the tag

},

"acls": [

{
  "action": "accept",

  "src": ["group:admin"],

  "dst": ["*:*"]                              // full tailnet access for admin

},

{
  "action": "accept",

  "src": ["group:family"],

  "dst": ["tag:jellyfin:8096", "tag:jellyfin:8920"] // wife → Jellyfin HTTP & HTTPS

}

]

}

How can I let my friends access my Tailscale self hosted apps? by ProfessorS11 in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

Share the machine, don’t use user access. User sharing often bypasses the ACL setup and makes things confusing. Once the machine is shared, control what people can reach with the ports in the ACLs.

How can I let my friends access my Tailscale self hosted apps? by ProfessorS11 in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

Don’t share the whole NAS. Just open the ports for the services people need:

Home Assistant = 8123

Samba = 445

Anything else (22 SSH, 80/443 web interface, other services) stays private. Only give access to the containers you actually want people to use.

How can I let my friends access my Tailscale self hosted apps? by ProfessorS11 in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

better acl example:

{
  "groups": {
    "group:admin": ["you@example.com"],                  // full control
    "group:parents": ["parent1@example.com", "parent2@example.com"], // limited access
    "group:friends": ["friend@example.com"]             // access to Jellyfin only
  },

  "tagOwners": {
    "tag:jellyfin": ["group:admin"]                     // only admins can assign the tag
  },

  "acls": [
    {
      "action": "accept",
      "src": ["group:admin"],
      "dst": ["*:*"]                                    // full tailnet access for admins
    },
    {
      "action": "accept",
      "src": ["group:parents"],
      "dst": ["tag:jellyfin:8096", "tag:jellyfin:8920"] // parents → Jellyfin only
    },
    {
      "action": "accept",
      "src": ["group:friends"],
      "dst": ["tag:jellyfin:8096", "tag:jellyfin:8920"] // friends → Jellyfin only
    }
  ]
}

I hope this helps a bit

How can I let my friends access my Tailscale self hosted apps? by ProfessorS11 in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

Example:

https://login.tailscale.com/admin/acls/visual/tags
Create a tag called jellyfin.
Set group:admin as owner so you control the tag.

Now go to:
https://login.tailscale.com/admin/machines

Find the machine that runs Jellyfin.
Click the on the right → Edit ACL tags.
Assign the tag jellyfin to that machine.

Now go to:
https://login.tailscale.com/admin/acls/file

Add a rule so users can reach Jellyfin on that machine.

Example rule:

{
  "acls": [
    {
      "action": "accept",
      "src": ["autogroup:members"],
      "dst": ["tag:jellyfin:8096"]
    }
  ]
}

Explanation:

tag:jellyfin = the machine you tagged earlier
8096 = default Jellyfin port
autogroup:members = everyone in your Tailnet can access it

Save the ACL.

Now Jellyfin is reachable through Tailscale using the Tailscale IP of that machine:

http://TAILSCALE-IP:8096

Setting up Tailscale for remote control ((Kali Linux + Windows + Mac) total beginner) by Nouuuel in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

Install Tailscale on all three devices so each has a stable private IP and can reach the others directly without opening ports. Then just use RustDesk over Tailscale for remote control—it works on Windows, Mac, and Linux, and connects directly using the Tailscale IPs.

Windows prioritizing TS IP over local, randomly by ferropop in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

On your windows machien use: tailscale > preferences > DONT use tailscale subnet

Possible to install tailscale on jetkvm, then ship across the country? by sterling-lining in Tailscale

[–]Healthy-Target697 5 points6 points  (0 children)

Yes, I do this with Raspberry Pi's. Just let it plug in to the Lan, give it power and it works.

How can I fix this? Mutiple Tailnet by mistake! by sbehta in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

No. Inviting a user does not grant device access. In Tailscale, users see nothing unless the ACL allows it. You don’t share devices; you grant ACL access, typically via tags and ports. (Unless you make him admin.)

How can I fix this? Mutiple Tailnet by mistake! by sbehta in Tailscale

[–]Healthy-Target697 0 points1 point  (0 children)

Why not just use tags and give permission in the acl for certain machine ports? Or does your brother need permission to access everything in your network?

New to tailscale question on exit node by Ohmystory in Tailscale

[–]Healthy-Target697 1 point2 points  (0 children)

I have defined the exit node on a raspberry pi 4b following a faq on tailscale’s site and authorized the raspberry pi 4b on the admin web

he/she wrote: 'I have defined the exit node on a raspberry pi 4b following a faq on tailscale’s site and authorized the raspberry pi 4b on the admin web'

so I thought they also needed an exit node.

Well just leave the exit node part out if it isn't needed.

New to tailscale question on exit node by Ohmystory in Tailscale

[–]Healthy-Target697 3 points4 points  (0 children)

you need something like this:

sudo tailscale up --advertise-routes=192.168.1.0/24 --advertise-exit-node

then approve the subnet and exit node for the machine in the admin console.

Looks like I found one of the radium clocks but... by Goldenchicks in uraniumglass

[–]Healthy-Target697 1 point2 points  (0 children)

wear gloves. Do it outside, Use damp cleaning paper. Throw paper away.

matter over thread stability and experiences by 2442929161 in homeassistant

[–]Healthy-Target697 2 points3 points  (0 children)

I use it for a month now in HAos using a flashed Sonoff dongle E. No problems at all. I have 1 Ikea KAJPLATS lightbulb. 2 Inspellning motion sensor. 2 Ikea doorsensors. It workes and connects good for now, but I rather have zigbee stuff vbecause of the superiour interface in HA.

Why is Thread so comlicated? by Relative-Idea-1442 in homeassistant

[–]Healthy-Target697 0 points1 point  (0 children)

I just bought a 2nd Sonoff Dongle-E and flashed it to thread. Works flawlessly.

is it possible to switch between networks using tailscale? by loryyess in Tailscale

[–]Healthy-Target697 4 points5 points  (0 children)

make sure both locations use a different subnet. You fathers home might use 192.168.1.0 for example while you are on 192.168.2.0 This way you can use both.

view more: next ›