Building a little notification engine for Tailscale events

Building a little notification engine for Tailscale events

I’m having my winter holiday this week, which is customary in Finland. I guess the historical reason for a week off in the middle of February was for kids to have time to do traditional winter activities such as skiing and ice skating. I’m staying indoors in my cozy home office and enjoying the quiet week.

What are we building?

I’ve written about Tailscale previously – the basics and how to leverage Tailscale to access your self-hosted services remotely in a secure way. In a nutshell, it’s a fantastic service allowing you to build your own, secure, meshed network you can access from anywhere. I still use Tailscale on my mobile devices, and on my laptops – mostly to access stuff I have running at home, when I’m elsewhere.

One of the great new features in Tailscale is the ability to configure Webhooks. A webhook in essence is a custom callback to your own API, if an event is triggered in a service. For my setup, I wanted to get notified if anything of importance occurs in Tailscale – so I built a solution on Azure to react to incoming webhook requests from Tailscale.

Building the solution

The solution is simple and straightforward. Once you have your Tailscale setup running, head on over to Admin Console and select Settings > Webhooks

From here, you’ll configure your endpoints – the custom APIs that Tailscale will call upon needing to notify you of any issues. You can add multiple endpoints – I opted to add just one, as it’s probably easier to maintain and I’m not expecting complex orchestrations down the road.

Add a new endpoint by clicking Add endpoint.. – you’re presented with this view:

Leave the URL empty for a moment. Select all events from both Tailnet management and Device Misconfigurations. The idea is to get a single callback should any of these events fire. And events will now be fired off to your custom if, for example, a node key is about to expire for one of your devices. Splendid!

Before saving, hop to Azure Portal and create a new Logic App. Once the Logic App is provisioned, configure the trigger as HTTP request:

Open the block, and save the workflow. This generates the calling URL for you – typically the format is along the lines of https://prod-###.{location}.logic.azure.com:443/workflows/{GUID}. Copy this URL back to your Tailscale webhook configuration:

Splendid! Now, we’ll need to test our solution. Once you’ve saved the configuration on both ends (Tailscale and Azure Portal), click the three dots and select Test endpoint in Tailscale:

This will fire off a sample event to your custom API endpoint, which is the Logic App.

Head on over back to your Logic App, and view Runs history. Open the single run:

Open the result, and you’ll get a sample of the payload you can expect in the future:

Copy the JSON from here. Go back to edit your Logic App, and click the trigger open to select Use sample payload to generate schema. You guessed it – paste the scheme here!

Beautiful! Now all you have to do is add whatever notification system you’d like. I just opted to use plain old email, as it’s pretty reliable and low friction for me.

What happens here is that for each payload body, I’m firing off an email that just dumps all useful payload in plain text within the email. And that’s it!

In closing

This was a simple and somewhat simplified approach to getting a notification from an external system, such as Tailscale. Logic Apps is immensely useful for things like this. I could obviously craft something more exact, such as a custom Azure Function – but as I don’t need much, this is much faster and easier to maintain in the long term.