# @name Tailscale + DERP
# @desc Tailscale mesh VPN client with optional DERP relay
# @url https://tailscale.com/kb/1282/docker
# @note Deploy tailscale only: docker compose --profile tailscale up -d
# @note Deploy with DERP relay: docker compose --profile derp up -d

TZ=Asia/Shanghai

# Hostname shown in the Tailscale admin console
TS_HOSTNAME=

# Auth key — generate at https://login.tailscale.com/admin/settings/keys
# For headscale: generate via headscale CLI
TS_AUTHKEY=

# Extra arguments passed to tailscaled
# For headscale users, add: --login-server=https://your.headscale.host
TS_EXTRA_ARGS=--advertise-tags=tag:container

# Networking mode: false = kernel (better performance), true = userspace
TS_USERSPACE=false
TS_FIREWALL_MODE=nftables

# DERP relay settings (only used with --profile derp)
# Public IP of this server — clients connect to this address
DERP_HOST=
DERP_PORT=443
STUN_PORT=3478