Problem/Justification
The current tailscale setup certainly works and is great to have yet i would describe it somewhat bare-bones. Some additional features have been introduced to tailscale and some additional use cases can be achieved with a somewhat deeper integration of tailscale into the app catalogue. I want to use this request to allow for a collection of app and integration improvements.
- Improve Device and App Accessibility through the Tailnet.
- Remove Issues relating to SSL certificates across all devices/services
- Potential to provide OpenID connect provider for all apps through Tailnet
Impact/User Stories
SSL encryption by default
Allow the tailscale app to provision and manage SSL certificates for the truenas hardware.
- Home users benefit from the removal of ssl warnings
- Business don’t need to deploy the certificates themselves or the allow list of the self signed certs.
Taildrop
Allows users to upload files from each of their endpoints to the NAS from the share sheet.
- All home users will be able to easily send files from any phone to the NAS Airdrop style.
- Business or Enterprise use cases are likely somewhat limited for that due to the destination of Taildrop being a simple folder on the pool. If tailscale would introduce a “send to users home directory” setting this would be much cooler tho
Tailscale in Applications*
Add a checkbox to each app to also deploy a Tailscale container into the Application and allow an application specific subdomain to be exposed to the tailnet.
- Home and business users can easily check one checkbox and provide an auth key or oauth client id in each app and have automatic ssl encryption to appname.tailnet.ts.net without needing to remember ports.
- Businesses can configure app access through the tailnet acl including private and public access (Tailscale Funnel) rather than simply device level access.
*with a pointer on how to contribute to the app catalogue and a bit of collaboration i could create a pull request to enable this for all apps in the catalogue @HoneyBadger?! I looked at the repo already but the yamls there go a bit beyond my own usual setups.
OpenID connect (experimental as of 2025-07-14)
Use Tailscale as the OpenID provider to replace other openID connect providers.
- Home users can configure tailscale as their ID provider for smb shares and apps.
- Business users who sign into tailscale with an identity provider that either doesn’t support oid connect (apple/github) or don’t want to setup apps accessed only inside the tailnet to work with their external oid connect account can use tailscale to sign into their applications and smb shares. Access federation through tailscales openid connect provider enables automatic sso signins through the already limited tailscale.
see also proof of concept: Using Tailscale as an OpenID Connect provider for homelab authentication
golink app*
*same here i can create that as a pr
- go/links are a fun little utility to generate internal only short links that allow you to only remember or share a word or a phrase after the go/ part of the url and the server redirects you to the more complex url in your system.
For everyone who’s like me and is loving to play around with some other cool experiments the tailscale team is cooking up here is the section in their repo: tailscale/cmd at main · tailscale/tailscale · GitHub
For file sharing, SMB and NFS don’t support OAuth, but plenty of apps do. The only trouble is my Tailscale userid is an Apple Private Relay address that I will never remember.