메뉴
Enable, configure, and troubleshoot Tailscale VPN — ships pre-installed on Bluefin.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
| name | tailscale |
| description | Enable, configure, and troubleshoot Tailscale VPN — ships pre-installed on Bluefin. |
| domain | sysadmin |
Tailscale is a zero-config WireGuard-based VPN. Bluefin ships tailscaled pre-installed
but disabled by default. Enable it when you want secure, private networking between
your Bluefin machine and other devices on your tailnet.
Load with: point your agent at this file.
Tailscale is pre-installed but the daemon is not enabled by default:
# Enable and start the Tailscale daemon
sudo systemctl enable --now tailscaled
# Verify it is running
systemctl status tailscaled
# Log in (opens browser for auth)
tailscale up
# Log in with specific options (e.g., advertise as exit node)
tailscale up --advertise-exit-node
# Log in with SSH enabled (allows other tailnet machines to SSH in)
tailscale up --ssh
# Show your Tailscale IP and connected peers
tailscale status
# Show detailed info about this device
tailscale status --self
# Show your Tailscale IP address only
tailscale ip
If you don't use Tailscale, disable it to avoid unnecessary background service:
sudo systemctl disable --now tailscaled
Route all traffic through another tailnet device:
# List available exit nodes
tailscale exit-node list
# Use a specific exit node
tailscale set --exit-node=<node-name-or-ip>
# Stop using exit node
tailscale set --exit-node=
Expose a local subnet to the tailnet:
# Advertise a subnet route (allows tailnet peers to reach your LAN)
tailscale up --advertise-routes=192.168.1.0/24
# Accept routes advertised by other tailnet peers
tailscale up --accept-routes
# SSH into another tailnet machine by hostname or Tailscale IP
tailscale ssh <hostname>
# Or use standard SSH with Tailscale IP
ssh user@100.x.y.z
To allow SSH into this machine from the tailnet, run: tailscale up --ssh
(This uses Tailscale's auth, not SSH keys, for tailnet peers.)
Bluefin ships a Tailscale system tray applet. It appears in the GNOME top bar when
tailscaled is running. Use it to toggle connection, switch exit nodes, and view status.
# View Tailscale daemon logs
journalctl -u tailscaled -f
# Re-authenticate (token expired)
tailscale up --force-reauth
# Check connectivity to a peer
tailscale ping <peer-hostname-or-ip>
# Full diagnostic report (useful for bug reports)
tailscale bugreport
Tailscale not connecting: Check that tailscaled is running (systemctl status tailscaled)
and that the machine has internet access (ping 1.1.1.1).
"Peer unreachable": Try tailscale ping to diagnose. NAT traversal may fail on
some networks — use a DERP relay or exit node as a workaround.
Create, enter, and manage Distrobox containers for mutable package installation on Bluefin.
ZFS administration on Bluefin — pools, datasets, snapshots, and delivery options for an immutable host that does not ship ZFS kernel modules.
Run, build, and manage OCI containers rootlessly on Bluefin — including Quadlets for persistent systemd-managed services.
Run self-hosted services on Bluefin DX using Podman Quadlets and linuxserver.io containers — persistent, auto-updating, systemd-managed.
Install and manage CLI tools with Homebrew — the primary CLI package manager on Bluefin.
Manage GNOME extensions, gsettings, and desktop customizations on Bluefin — including which settings Bluefin owns vs. which are safe to change.