Tailscale Infrastructure

Tailscale Infrastructure

Private mesh network for secure access to all BlueFly services.

Tailnet Information

Tailnet: tailcf98b3.ts.net
MagicDNS: Enabled
Zero Trust: WireGuard encryption
Account: flux423@mac.com

Active Devices

Device	Hostname	Tailscale IP	Role	Status
Synology NAS	blueflynas.tailcf98b3.ts.net	100.104.119.76	Always-on storage	Active
Vast.ai GPU	vastai-gpu.tailcf98b3.ts.net	100.76.214.65	GPU compute	On-demand
Mac M4 Pro	bluefly-m4.tailcf98b3.ts.net	100.108.129.7	Primary dev	When online
iPhone	iphone-t.tailcf98b3.ts.net	100.67.125.25	Mobile access	Active
GL-BE3600	gl-be3600.tailcf98b3.ts.net	100.116.110.123	Subnet router	Active

Quick Access URLs

From Phone (via Tailscale app)

Service	URL
NAS DSM	`https://blueflynas.tailcf98b3.ts.net:5001`
MinIO S3	`http://blueflynas.tailcf98b3.ts.net:9000`
MinIO Console	`http://blueflynas.tailcf98b3.ts.net:9001`
Ollama API	`http://vastai-gpu.tailcf98b3.ts.net:11434`
vLLM API	`http://vastai-gpu.tailcf98b3.ts.net:8000`

Network Principle

Tailscale = Private Access ONLY Cloudflare = Public Ingress ONLY

These planes must NEVER be mixed.

Use Tailscale for: Admin access, phone access, inter-service communication
Use Cloudflare for: GitLab webhooks, public APIs

Subnet Routing

Router	Subnet	Status
GL-BE3600	192.168.8.0/24	Approved
NAS (optional)	192.168.68.0/24	Can enable

Configuration Files

File	Purpose
Configuration	Tailscale setup
Devices	Device inventory
Routing	Subnet routing
ACL Policy	Access controls