May 28, 2026
Tail drama with a side of Mac chaos
Using Tailscale with an OrbStack VM on macOS
Mac users found a sneaky way to reach their private Linux box—and the comments went feral
TLDR: This guide shows Mac users how to create a private Linux machine in OrbStack and connect to it safely through Tailscale, with login secrets stored in Apple Keychain. Commenters loved how smooth OrbStack feels, but the thread got spicy over whether that convenience comes with security trade-offs.
A neat little how-to about setting up a private Ubuntu computer inside OrbStack on a Mac somehow turned into a full-on fan club meeting, complaint session, and security side-eye fest. The basic idea is simple: spin up a Linux virtual machine on macOS, connect it to Tailscale so it can be reached from anywhere, and lock the login key in Apple’s Keychain instead of leaving it lying around. Translation for normal people: your Mac can host a secret little dev machine you can safely log into from your phone, laptop, or wherever—without flinging open risky public ports.
But the real fireworks were in the reactions. One commenter practically put OrbStack in the Hall of Fame, saying rivals like Docker Desktop and Podman Desktop are a “treadmill made of Lego bricks,” which is the kind of insult that instantly wins the internet. Others piled on with stories of using Tailscale to peek at private dashboards from their phones or to run multiple copies of the same project without everything crashing into itself. It was less “cool tutorial” and more “finally, a setup that doesn’t make me miserable.”
Still, not everyone was ready to throw confetti. One user raised a juicy concern: even when a virtual machine is supposed to have limited access, it may end up inheriting the host Mac user’s broader permissions. That turned the thread from victory lap to security drama, with another commenter basically saying OrbStack’s magic only works if you’re comfortable with a very trusting setup. Meanwhile, one classic internet brain immediately asked, “Cool, but can it run Forgejo?” Because no matter how helpful the guide is, someone in the comments is always trying to adopt it for their own extremely specific side quest.
Key Points
- •The repository shows how to provision an Ubuntu VM in OrbStack on macOS and connect it to a Tailscale tailnet.
- •OrbStack's full Linux kernel environment allows Tailscale to use `/dev/net/tun` instead of userspace-networking workarounds.
- •The setup uses cloud-init via `dev-server.yml`, then authenticates the VM with a reusable, pre-authorized Tailscale auth key and enables Tailscale SSH.
- •Because of macOS sandbox restrictions, the guest VM cannot retrieve secrets directly from the host Keychain, so the auth key is injected from the host during provisioning.
- •The workflow includes configuring Tailscale ACLs and tags, building with `./build.sh`, starting with `./run.sh`, connecting via MagicDNS or OrbStack tools, and tearing down with `cleanup.sh`.