We have a similar container @juhovh, for a plugin for the router we work on. in case this is helpful for you, feel free to to review https://github.com/spr-networks/spr-tailscale/blob/main/Dock...
replies(1):
The problem with WireGuard is that it requires handling key management oneself, and configuring the keys to every device you want to access it from. It also doesn't play nicely together with other VPNs, meaning I ended up connecting and disconnecting VPNs whenever I wanted to use them. This is especially evident on my phone, which only allows one VPN app at a time.
I was already using Tailscale as an easy way to handle homelab access with SSO, even if some computers are behind ISP CGNAT, and came up with this idea of spinning up a Docker container to connect the two. I found some suggestions for it online, but nothing ready to use. It ended up being more work than I expected to fine tune the routing, IPv6, firewall settings, re-resolving the DNS of the router on IP address changes etc.
I got it very stable eventually though, and wanted to share with everyone else. I think it's cool to have the WireGuard router looking like any other Tailscale node in my tailnet now.
I myself didn't really have a need to disable the interface during the lifecycle of the container, so I went with the standard containerboot process provided by Tailscale. I also wanted the container to be "invisible" and not respond to any incoming connections, so that it feels like you're running Tailscale on the actual router.
Keeping things a bit more granular and flexible for this use case makes total sense.