tailscale-dev · ironicbadger · Jan 16, 2026 · Jan 16, 2026
diff --git a/services/hytale/.env b/services/hytale/.env
@@ -0,0 +1,20 @@
+#version=1.1
+#URL=https://github.com/tailscale-dev/ScaleTail
+#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure.
+
+# Service Configuration
+IMAGE_URL=deinfreu/hytale-server:experimental
+
+# Network Configuration
+SERVICEPORT=5520
+DNS_SERVER=1.1.1.1
+
+# Tailscale Configuration
+TS_AUTHKEY=
+
+# Hytale Configuration
+SERVER_IP=0.0.0.0
+SERVER_PORT=5520
+PROD=FALSE
+DEBUG=FALSE
+TZ=US/Eastern
diff --git a/services/hytale/README.md b/services/hytale/README.md
@@ -0,0 +1,26 @@
+# Hytale Server with Tailscale Sidecar Configuration
+
+This Docker Compose configuration sets up a Hytale game server with Tailscale as a sidecar container to place the server directly on your Tailnet. The Hytale container uses the Tailscale network stack via `network_mode: service:tailscale`, so players connect over Tailscale without exposing the UDP port publicly.
+
+## Hytale Server
+
+The Hytale server runs from `deinfreu/hytale-server:experimental` and is configured for UDP port `5520`. The game server data is stored in a named volume (`hytale-data`) to persist across restarts.
+
+Upstream container details and install notes:
+[https://deinfreu.github.io/hytale-server-container/installation/container_installation/](https://deinfreu.github.io/hytale-server-container/installation/container_installation/)
+
+## Key Notes
+
+* First-time authentication should be done attached (do not use `-d` initially).
+* Game files, world data, and configuration are stored in the data volume and persist across restarts.
+
+## Configuration Overview
+
+In this setup, the `tailscale` service runs the Tailscale client to join your private mesh network. The `hytale` service is configured with `network_mode: service:tailscale`, so all network traffic for the game server is routed through the Tailscale container. The sidecar binds UDP `5520` for Tailnet access only.
+
+## Files to check
+
+Please verify the following files and variables before deploying:
+
+* `.env` — define `SERVICE`, `IMAGE_URL`, `SERVICEPORT`, `TS_AUTHKEY`, and the Hytale variables (`SERVER_IP`, `SERVER_PORT`, `PROD`, `DEBUG`, `TZ`).
+* `compose.yaml` — confirm environment variables and volume mappings for your server.
diff --git a/services/hytale/compose.yaml b/services/hytale/compose.yaml
@@ -0,0 +1,55 @@
+services:
+# Make sure you have updated/checked the .env file with the correct variables.
+# All the ${ xx } need to be defined there.
+  # Tailscale Sidecar Configuration
+  hytale-ts:
+    image: tailscale/tailscale:latest # Image to be used
+    container_name: hytale-ts # Name for local container management
+    hostname: ${SERVICE} # Name used within your Tailscale environment
+    environment:
+      - TS_AUTHKEY=${TS_AUTHKEY}
+      - TS_STATE_DIR=/var/lib/tailscale
+      - TS_USERSPACE=false
+      - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz"
+      - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The <addr>:<port> for the healthz endpoint
+      #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS
+    volumes:
+      - ./config:/config # Config folder used to store Tailscale files - you may need to change the path
+      - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path
+    devices:
+      - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work
+    cap_add:
+      - net_admin # Tailscale requirement
+    ports:
+      - "${SERVICEPORT}:${SERVICEPORT}/udp"
+    # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below
+    #dns:
+    #  - ${DNS_SERVER}
+    healthcheck:
+      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational
+      interval: 1m # How often to perform the check
+      timeout: 10s # Time to wait for the check to succeed
+      retries: 3 # Number of retries before marking as unhealthy
+      start_period: 10s # Time to wait before starting health checks
+    restart: always
+
+  # ${SERVICE}
+  hytale-server:
+    image: ${IMAGE_URL} # Image to be used
+    network_mode: service:tailscale # Sidecar configuration to route ${SERVICE} through Tailscale
+    container_name: hytale-server # Name for local container management
+    environment:
+      - SERVER_IP=${SERVER_IP}
+      - SERVER_PORT=${SERVER_PORT}
+      - PROD=${PROD}
+      - DEBUG=${DEBUG}
+      - TZ=${TZ}
+    volumes:
+      - ./${SERVICE}-data:/home/container
+      - /etc/machine-id:/etc/machine-id:ro
+    tty: true
+    stdin_open: true
+    depends_on:
+      tailscale:
+        condition: service_healthy
+    restart: unless-stopped