After reading Howard Abram's tutorial on his workflow using org-mode and orgzly, I decided it fit well with my own thought processes, but I have a great adversion to cloud storage providers for privacy reasons (although Proton is now offering full encryption with its offering now). But orgzly has WebDav sync. And I have Tailscale (and you should too!), which has a new feature called Tail Drive, where you can share folders using Tailscale's own internal WebDav server (say what?!). And setting it up is a breeze! No standalone server, no reverse proxy configuration - just Tailscale. However there are some idiosyncrasies you should be aware of.

You don't access the share directly. Rather, you use a proxy that sits on Tailscale's control plane to access the share. This allows you to set ACLs on individual shares or all of them. However, if you share the machine with others on your tailnet, it won't be accessible to anyone as a security feature.

Also, this is not Internet accessible. You cannot funnel your share to the public Internet. For that I divert your attention to appropriate Docker containers, such as Nginx or Apache mod-dav for that. This is pure Tailscale!

So let's get cracking!

First things first, you'll need a Tailnet and get setup with Tailscale, if you're not already. Setting up a full end-to-end VPN with Tailscale is very easy, and the onboarding tutorials are quite good. It really is just 'tailscale up'!

Now you have your first two nodes setup! You can also set this up with your Synology NAS as a target, but I'll refer you to the right documents for that below. I recommend you daily driver laptop and your phone/tablet, you need to share your folder using the command…

tailscale drive share <share-name> <path>

Next, you will need to setup the ACLs to access the shares. Tailscale doesn't currently have an option to set this up in it's web control panel, so you'll have to manually modify your Tailnet's ACLs.

When you first login, you'll notice a row of options. You'll want to go to 'Access controls'…

You will need to edit 'nodeAttrs' portion with the following to allow sharing on your tailnet. The following enables taildrive on all machines on your tailnet…

"nodeAttrs": [
  {
    "target": ["autogroup:member"],
    "attr": [
      "drive:share",
      "drive:access",
    ],
  }
]

Next you'll edit the 'grants' portion of your Control list to allow any use to access any share. Please refer to the end of the document for further reading if this isn't what you want. But for now, we'll allow all since it's briefer…

"grants": [
  {
    "src": ["*"],
    "dst": ["*"],
    "app": {
      "tailscale.com/cap/drive": [{
        "shares": ["*"],
        "access": "rw"
      }]
    }
  }
]

Next you'll need the name of your tailnet so we can form our WebDav URL. You'll need to go to your DNS settings in the admin control panel, and copy your Tailnet domain…

As you can see, mine is opossum-bull - if you don't like the name, you can select "Rename" to select another one.

Now the url for our share is:

webdav://100.100.100.100:8080/<tailnet>/<machine>/<sharename>

Now you can use this WebDav URL anywhere, including Orgzly!! It's just like any other WebDav share!

Now you can setup a sync source in Orgzly, and sync your org notes!

YAY! :D