Looking at the code, if you change the login server or auth key value, it will trigger a full tailscale down and tailscale up which should be sufficient to reset things to a clean state here.
The only thing left is the serve part, as with it enabled, I get this error:
Config parsing error: Failed to run: tailscale serve --bg --https=443 https+insecure://localhost:8443: signal: killed
Press enter to open the editor again or ctrl+c to abort change
The server is reachable on port 8443 via Tailscale however
One follow-up question: I think I locked myself out after rebooting the system, by configuring serve_port: 8443. As it appears, Tailscale is enabled before Incus is loaded, both on port 8443.
What’s my best way to alter either core.https_address or the serve_port?
Assuming you have the recovery key for your system, you can follow:
Not all steps are relevant here, but the steps to get access to the encrypted storage and modify files on it is what you really want in this scenario.
Once you have the disk accessible, your options are:
Edit /var/lib/incus-os/state.txt to remove the Tailscale config AND wipe /var/lib/tailscale/ so that the system can start normally without Tailscale
Write a /var/lib/incus/database/patch.local.sql to change the core.https_address key to another value, basically UPDATE config SET value=':8444' WHERE key='core.https_address'.
Directly run sqlite3 against /var/lib/incus/database/local.db and change the config in the config table.
Submitted this one to try to prevent others from running into this.
I never used that particular Tailscale feature so I’m not sure exactly what it does as far as the local listener.
Now it works as expected 