Problem/Justification
In the Tailscale TrueNAS app, allow /var/run/tailscale to be on tmpfs OR a host dataset.
To allow reverse proxies like Caddy to automatically request certificates from Tailscale, /var/run/tailscale/tailscaled.sock needs to be available outside of the Tailscale container. Presently /var/run/tailscale is a tmpfs and there is no way to override; TS_SOCKET is also set and cannot be overridden, and even if you pass --socket on the tailscaled command line the health check will be using $TS_SOCKET and fail, causing the container to restart endlessly.
Users who are allowed to request certificates is controlled via environment variable TS_PERMIT_CERT_UID.
Impact
Enable certificate automation for Caddy and other apps.
User Story
Users who want to would set the volume type for Tailscale’s /var/run/tailscale to host dataset, and then can share with other containers as a volume mount. TS_PERMIT_CERT_UID could be set by hand or the TrueNAS app could offer it as a pre-defined field.
This will enable them to implement as in: Caddy certificates on Tailscale · Tailscale Docs