Add Tailscale container and bridge setup

- Added mikrotik-containers-bridge-setup.rsc for shared container networking - Added mikrotik-tailscale-setup.rsc for Tailscale container - Added docs/10-MIKROTIK-TAILSCALE.md with full documentation - Both containers now use containers-br bridge (172.17.0.1/24) - AdGuard: 172.17.0.2, Tailscale: 172.17.0.3
2026-01-25 15:33:34 +02:00
parent 7389a20595
commit e5e76871bb
4 changed files with 262 additions and 0 deletions
--- a/scripts/mikrotik-containers-bridge-setup.rsc
+++ b/scripts/mikrotik-containers-bridge-setup.rsc
@@ -0,0 +1,43 @@
+# MikroTik Container Bridge Setup Script
+# Created: 2026-01-25
+# Repository: https://git.xtrm-lab.org/jazzymc/infrastructure
+#
+# Run this FIRST before setting up containers
+# Creates shared bridge for all containers
+
+#------------------------------------------------------------
+# Variables
+#------------------------------------------------------------
+:local bridgeName "containers-br"
+:local bridgeIP "172.17.0.1"
+:local bridgeNet "172.17.0.0/24"
+:local wanInterface "eth1_WAN"
+
+#------------------------------------------------------------
+# 1. Create bridge for containers
+#------------------------------------------------------------
+/interface bridge add name=$bridgeName
+
+#------------------------------------------------------------
+# 2. Add IP address to bridge
+#------------------------------------------------------------
+/ip address add address=$bridgeIP/24 interface=$bridgeName
+
+#------------------------------------------------------------
+# 3. Firewall - Allow container network traffic
+#------------------------------------------------------------
+# Input chain
+/ip firewall filter add chain=input action=accept dst-address=$bridgeNet comment="Allow container network"
+/ip firewall filter add chain=input action=accept src-address=$bridgeNet comment="Allow from container network"
+
+# Forward chain
+/ip firewall filter add chain=forward action=accept dst-address=$bridgeNet comment="Allow to container network"
+/ip firewall filter add chain=forward action=accept src-address=$bridgeNet comment="Allow from container network"
+
+#------------------------------------------------------------
+# 4. NAT - Masquerade for container outbound traffic
+#------------------------------------------------------------
+/ip firewall nat add chain=srcnat action=masquerade src-address=$bridgeNet out-interface=$wanInterface comment="Container outbound NAT"
+
+:log info "Container bridge setup complete"
+:log info "Bridge: $bridgeName with IP $bridgeIP/24"
--- a/scripts/mikrotik-tailscale-setup.rsc
+++ b/scripts/mikrotik-tailscale-setup.rsc
@@ -0,0 +1,65 @@
+# MikroTik Tailscale Setup Script
+# Created: 2026-01-25
+# Repository: https://git.xtrm-lab.org/jazzymc/infrastructure
+#
+# Prerequisites:
+# - RouterOS 7.4+ with container package
+# - USB storage mounted as usb1
+# - Container mode enabled: /system/device-mode/update container=yes
+# - containers-br bridge already exists (from adguard setup)
+
+#------------------------------------------------------------
+# Variables
+#------------------------------------------------------------
+:local containerName "tailscale"
+:local containerImage "tailscale/tailscale:latest"
+:local vethName "veth-tailscale"
+:local containerIP "172.17.0.3"
+:local gatewayIP "172.17.0.1"
+:local containerBridge "containers-br"
+
+#------------------------------------------------------------
+# 1. Create veth interface
+#------------------------------------------------------------
+/interface veth add name=$vethName address=$containerIP/24 gateway=$gatewayIP
+
+#------------------------------------------------------------
+# 2. Add veth to container bridge
+#------------------------------------------------------------
+/interface bridge port add bridge=$containerBridge interface=$vethName
+
+#------------------------------------------------------------
+# 3. Create container mount for state persistence
+#------------------------------------------------------------
+/container/mounts/add list=ts-state src=usb1/tailscale/state dst=/var/lib/tailscale
+
+#------------------------------------------------------------
+# 4. Create environment variables
+#------------------------------------------------------------
+/container/envs/add list=ts-env key=TS_USERSPACE value=true
+/container/envs/add list=ts-env key=TS_STATE_DIR value=/var/lib/tailscale
+/container/envs/add list=ts-env key=TS_SOCKET value=/var/run/tailscale/tailscaled.sock
+
+#------------------------------------------------------------
+# 5. Create container
+#------------------------------------------------------------
+/container/add remote-image=$containerImage interface=$vethName \
+    root-dir=usb1/tailscale/root logging=yes start-on-boot=yes \
+    dns=8.8.8.8 name=$containerName
+
+# Wait for image extraction
+:log info "Waiting for Tailscale image extraction..."
+:delay 60s
+
+#------------------------------------------------------------
+# 6. Add mountlists and envlists to container
+#------------------------------------------------------------
+/container/set [find name=$containerName] mountlists=ts-state envlists=ts-env
+
+#------------------------------------------------------------
+# 7. Start container
+#------------------------------------------------------------
+/container/start [find name=$containerName]
+
+:log info "Tailscale container started"
+:log info "Check logs for authentication URL: :log print where message~\"login.tailscale\""