#/etc/containers/systemd/ts-jellyfin.container
[Container]
Image=docker.io/tailscale/tailscale:latest

AddCapability=NET_ADMIN
AddCapability=SYS_MODULE

Pod=jellyfin.pod

PodmanArgs=--dns=1.1.1.1 --dns=100.100.100.100
#PodmanArgs=--log-driver=journald

Environment=TS_STATE_DIR=/var/lib/tailscale
Environment=TS_EXTRA_ARGS=--advertise-tags=tag:container

# Use a Tailscale OAuth key (https://login.tailscale.com/admin/settings/trust-credentials)
Environment=TS_AUTHKEY=tskey-client-XXXXX-XXXXX?ephemeral=false

Environment=TS_ACCEPT_DNS=true
Environment=TS_DISABLE_IPV6=true
Environment=TS_USE_RESOLV_CONF=1

Mount=type=bind,source=/dev/net/tun,target=/dev/net/tun
Volume=/var/lib/tailscale/ts-jellyfin:/var/lib/tailscale # Separate all container dirs from host

AutoUpdate=registry