playbooks

home / mcp / tailscale mcp server

Tailscale MCP Server

Exposes a secure MCP endpoint to manage Tailscale devices, ACLs, keys, and DNS via HTTP or stdio connections.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "davidyannick86-tailscale_mcp": {
      "url": "http://localhost:8000/mcp",
      "headers": {
        "TAILSCALE_API_KEY": "YOUR_API_KEY_PLACEHOLDER",
        "TAILSCALE_TAILNET": "YOUR_TAILNET_PLACEHOLDER"
      }
    }
  }
}

This MCP Server provides a Model Context Protocol interface to interact with the Tailscale API. You can manage devices, ACLs, keys, and DNS configurations directly from MCP clients, enabling quick control from tools like Claude Desktop or Raycast.

How to use

Connect from your preferred MCP client to perform common tasks such as listing devices, updating ACLs, issuing keys, or managing DNS records. You can run the server locally or in a container, and choose between a remote HTTP endpoint or a local stdio-based flow. Use the HTTP option when you run the server in Docker or on a remote host; use the stdio option when you run the server directly on your machine.

How to install

Prerequisites: you need Python 3.11+ for local execution, Docker and Docker Compose for containerized deployment, and a valid Tailscale API key.

Option 1 — Docker (Recommended) — deploy the MCP server in a container.

Build and start the container in detached mode.

docker compose up -d --build

The server will be accessible at the HTTP endpoint http://localhost:8000/mcp when the container is running.

Option 2 — Run locally without Docker.

Create a Python virtual environment and activate it.

python -m venv venv
source venv/bin/activate  # On Windows use: venv\Scripts\activate

Install the required dependencies from the project file.

pip install -r requirements.txt

Start the server directly with Python.

python server.py

Additional content

Configuration keys you need in your environment include your Tailscale API key and your tailnet name. You typically place these in a .env file at the root of the project with the following keys:

TAILSCALE_API_KEY=tskey-auth-xxxxxx-xxxxxx
TAILSCALE_TAILNET=example-tailnet.ts.net

Available tools

devices

List, view, and manage devices registered in your Tailnet.

acls

View and update Access Control Lists to control device permissions.

keys

Manage API keys and authentication tokens used by MCP clients.

dns

Configure DNS records and related settings for the Tailnet.