# Tailscale KH Bridge

A Tailscale inter-tailnet bridge — connects two separate Tailscale networks together so devices on each tailnet can reach each other.

**Status: STOPPED** — Both containers exited cleanly (exit code 0) approximately 14 hours before this was documented.

## Containers

| Container | Image | Role |
|---|---|---|
| `Home_Bridge` | `tailscale/tailscale:latest` | Node on the "Home" tailnet |
| `KH_Bridge` | `tailscale/tailscale:latest` | Node on the "KH" tailnet |

Both containers are on a shared bridge network (`ts_kh_bridge_tailnet-interlink`, `172.20.0.0/24`) so they can route traffic between each other.

## Compose File
**Path:** `/home/artanis/TS_KH_Bridge/docker-compose.yaml` (on the Pi)

> Dockhand reports this stack's compose location as unknown (`needsFileLocation: true`) — the path was inferred from container labels.

Compose content not available via API. Key details from container labels:

| Property | Home_Bridge | KH_Bridge |
|---|---|---|
| Service name | `home-bridge` | `kh-bridge` |
| Tailscale state | `/home/artanis/TS_KH_Bridge/home_state` (bind mount) | `/home/artanis/TS_KH_Bridge/kh_state` (bind mount) |
| `/dev/net/tun` | Bind-mounted | Bind-mounted |

## How It Works

Tailscale supports bridging two separate tailnets by running two Tailscale nodes on the same machine — one registered to each tailnet — and routing traffic between them. The two containers share a Docker bridge network (`tailnet-interlink`) which acts as the routing path between the two tailnet nodes.

- `Home_Bridge` — authenticated to the primary (`bunny-wyvern.ts.net`) tailnet
- `KH_Bridge` — authenticated to a second tailnet ("KH")

## Notes
- Both containers use **bind-mounted** Tailscale state directories (not named volumes), so state survives container recreation as long as the host paths exist
- The stack exited cleanly (code 0), suggesting it was intentionally stopped rather than crashed
- To restart: `docker compose up -d` in `/home/artanis/TS_KH_Bridge/`