Make userspace networking configurable

tailscale/DOCS.md

@@ -70,6 +70,7 @@ tags:
   - tag:example
   - tag:homeassistant
 taildrop: true
+userspace_networking: true
 ```
 
 ### Option: `accept_dns`
@@ -186,6 +187,22 @@ the default (`https://controlplane.tailscale.com`). This is useful if you
 are running your own Tailscale control server, for example, a self-hosted
 [Headscale] instance.
 
+### Option: `userspace_networking`
+
+The add-on uses [userspace networking mode][tailscale_info_userspace_networking]
+to make your Home Assistant instance (and optionally the local subnets)
+accessible within your tailnet.
+
+When not set, this option is enabled by default.
+
+If you need to access other clients on your tailnet from your Home Assistant
+instance, disable userspace networking mode, that will create a `tailscale0`
+network interface on your host.
+
+If you want to access other clients on your tailnet even from your local subnet,
+execute Step 2 and 3 as described on [Site-to-site
+networking][tailscale_info_site_to_site].
+
 ### Option: `proxy`
 
 When not set, this option is enabled by default.
@@ -325,3 +342,5 @@ SOFTWARE.
 [tailscale_info_funnel]: https://tailscale.com/kb/1223/tailscale-funnel/
 [tailscale_info_https]: https://tailscale.com/kb/1153/enabling-https/
 [tailscale_info_key_expiry]: https://tailscale.com/kb/1028/key-expiry/
+[tailscale_info_site_to_site]: https://tailscale.com/kb/1214/site-to-site/
+[tailscale_info_userspace_networking]: https://tailscale.com/kb/1112/userspace-networking/

tailscale/config.yaml

@@ -36,3 +36,4 @@ schema:
   proxy: bool?
   tags: ["match(^tag:[a-zA-Z0-9]-?[a-zA-Z0-9]+$)?"]
   taildrop: bool?
+  userspace_networking: bool?

tailscale/rootfs/etc/s6-overlay/s6-rc.d/post-tailscaled/run

@@ -122,3 +122,13 @@ if keyexpiry=$(/opt/tailscale status --self=true --peers=false --json | jq -rce
 fi
 
 bashio::log.info "Tailscale is running"
+
+# Warn about userspace networking
+if ! bashio::config.has_value "userspace_networking" || \
+    bashio::config.true "userspace_networking";
+then
+  bashio::log.notice "The add-on uses userspace networking mode."
+  bashio::log.notice "If you need to access other clients on your tailnet from your Home Assistant instance,"
+  bashio::log.notice "disable userspace networking mode, that will create a \"tailscale0\" network interface on your host."
+  bashio::log.notice "Please check your configuration based on the add-on's Documentation under \"Option: userspace_networking\""
+fi

tailscale/rootfs/etc/s6-overlay/s6-rc.d/tailscaled/run

@@ -16,6 +16,13 @@ if ! bashio::debug ; then
   options+=(--no-logs-no-support)
 fi
 
+# Use userspace networking by default when not set, or when explicitly enabled
+if ! bashio::config.has_value "userspace_networking" || \
+  bashio::config.true "userspace_networking";
+then
+  options+=(--tun=userspace-networking)
+fi
+
 # Run Tailscale
 if bashio::debug ; then
   exec /opt/tailscaled "${options[@]}"

tailscale/translations/en.yaml

@@ -54,3 +54,11 @@ configuration:
       This option allows you to enable Taildrop, a file sharing service
       that allows you to share files with other Tailscale nodes.
       When not set, this option is enabled by default.
+  userspace_networking:
+    name: Userspace networking mode
+    description: >-
+      This option allows you to enable userspace networking mode.
+      If you need to access other clients on your Tailnet from your Home
+      Assistant instance, disable userspace networking mode, that will create a
+      `tailscale0` network interface on your host.
+      When not set, this option is enabled by default.