Containers using network_mode: service:X share the target container's
network namespace including /etc/hosts. Move the ollama hosts entry
to the tailscale service so it applies to the shared namespace.
MagicDNS is broken in the container (DNS proxy returns SERVFAIL with
'no upstream resolvers set'). Use extra_hosts as a reliable workaround
to ensure ollama.lan.poldebra.me resolves to its Tailscale IP 100.64.0.7
instead of the server's public IP which has an expired cert.
- Run tailscaled with --netfilter-mode=off to avoid iptables failures
in the container, which were breaking the MagicDNS proxy at 100.100.100.100
- Set dns: 100.100.100.100 so Docker forwards DNS queries to Tailscale's
MagicDNS proxy instead of Contabo's public DNS, which was resolving
ollama.lan.poldebra.me to the server's public IP instead of the tailnet IP
Remove hardcoded DNS A records for pi.hole, pihole.lan.poldebra.me, and
ollama.lan.poldebra.me from the Tailscale container configuration. These DNS
entries are no longer needed in the docker-compose configuration.
Add custom DNS records for internal services (pihole and ollama) and configure
Tailscale to start automatically with accept-dns flag and custom login server.
Remove static DNS configuration in favor of extra_records approach.
Signed-off-by: Davide Polonio <davide.polonio@infinitaslearning.com>
Remove unnecessary shell wrapper and startup delay from tailscale
service. Configure DNS directly in docker-compose instead of relying
on --accept-dns flag. This streamlines the container startup process
and removes the 5-second artificial delay.
Update docker-compose.yml to run tailscaled as a background daemon and execute
tailscale up with DNS acceptance flag. This replaces the previous env_file
configuration approach.
Replace inline environment variable with env_file reference for better
configuration management. Remove redundant tailscaled command as it's
the default entrypoint.
Add new ACL entry allowing Patrizio tagged devices to access web
services on port 443. Also reformat the entire acl.json file with
consistent 2-space indentation for better readability.
- Add Tailscale container with hostname 'patrizio' for network connectivity
- Configure health check for Tailscale service availability
- Make patrizio service depend on healthy Tailscale container
- Mount required volumes for Tailscale state and kernel modules
- Grant necessary capabilities (net_admin, sys_module, net_raw) for VPN operation
- Add internal network configuration for service isolation
- Switch patrizio to use published image (ghcr.io/polpetta/patrizio-bot:v0.2.0)
- Standardize logging configuration across both services
