FiloSottile
Tailscale Ephemeral Nodes (stateless)
Hi there! This project is really awesome, and has been inspirational to me for something similar that I’m working on.
I noticed that the biggest reason you’re relying on the USB for state is for Tailscale/tailscaled’s state. As it turns out, Tailscale has a stateless mode, achieved by using ephemeral nodes.
Essentially what you’d want to do is create an auth key (API token) that spawns ephemeral nodes, and supply the key when starting Tailscale. The caveat is that since the node is ephemeral you must address it by hostname, as the IP addresses will not be persistent.
You could bake the auth key into your image, or you could store the auth key on another server that your NAS requests it from. Personally, I intend to set up a 1Password Connect server on my LAN and Tailnet, to store and supply secrets, but there are other, more self-hosted secrets managers.
If you trust your hardware RNG, it sounds like this might be what you need to run frood completely statelessly.
Good luck, and thanks for all the fish!
