Alan Jeskins-PowellQuite pleased with this.
1 year uptime of 99.9% for website hosted on our internal LAN served to internet using #Headscale
Iain CuthbertsonGood morning!
I have been happily using headscale (self hosted implementation tailscale's management service) for some time. An update was over-due but I was struggling to get things working in a satisfactory way. And I didn't like that my set-up wasn't portable (a lot of manual set-up is required).
This led me to plan out what my ideal headscale project would look like:
* Everything runs in docker
* Containers for headscale, headscale-ui, and caddy
* Re-implement user names in the MagicDNS (eg "mobile" is a user, resulting in "iain-t480s.mobile.example.com") that was removed in 0.23.0+ versions of headscale
* Backup and restore procedures
* Single file configuration
Over a few cocktails while on holiday, I instructed OpenCode, with the Big Pickle model, to develop this project.
The result is https://github.com/bigcalm/headscale-compose
A simple project I can clone to any public facing server and hit the ground running with minimal config set-up.
A few notes:
* I have 20 years experience of linux server management, programming, devops, project management, and quality assurance.
* While OpenCode created all of the file contents, I provided the requirements, code review, testing, feedback, and more testing.
* This has been an iterative process to create a fully working project that I am happy with. Not a single prompt and ship whatever gets created.
* I am not a tech bro.
* Agentic development is a useful tool. But only a tool that I have been able to use due to my prior knowledge.
The project isn't perfect, but it suits my needs. Maybe it can help somebody else too :)
Hagen J#netbird ist ja komplett out of control!
Ich wollte per #headscale meine VPS mit meiner homeprod verdrahten.
Netbird ist alles was tailscale per SaaS sein kann, aber #selfhosted.
Das setup ist irre. FW auf auf den relevanten Ports, DNS aufsetzen, script anwerfen, Fertig.
Wer wie ich keine Lust auf externe Infrastruktur ausserhalb der eigenen Kontrolle hat und site2site braucht, ich glaube besser gehts nich.
#diy #homelab #overlaynetwork #wireguard
danke @staticvoid für den #nerdsnipe
sayzardSelf-hosted Tailscale, Part 2: Ad-blocking DNS
이 글은 Tailscale 네트워크 내에서 자체 호스팅 DNS 서버인 Blocky를 사용해 광고 및 트래커 차단, 내부 이름 해석을 구현하는 방법을 다룹니다. 기존 Cloudflare DNS 대신 Blocky를 도커 컴포즈 환경에 배포하고, DNS-over-TLS를 통해 업스트림 DNS와 암호화된 통신을 유지하며, Headscale이 클라이언트에 DNS 설정을 자동으로 푸시하도록 구성합니다. Android의 Private DNS 기능과의 충돌 문제를 해결하고, 네트워크 전반에 걸쳐 일관된 DNS 필터링과 내부 도메인 해석을 제공하는 실용적인 사례입니다.
https://blog.fidelramos.net/software/tailscale-2-ad-blocking-dns
Self-hosted Tailscale, Part 2: Ad-blocking DNS
In Part 1 I set up Headscale and had every tailnet client use Cloudflare DNS. That works, but it's leaving value on the table: every device that connects to my Tailscale gets whatever DNS servers I set, so I might as well run my own DNS server inside the private …
Wenn man einmal anfängt ...
Nach Feierabend "bloss" mal eben #crowdsec auf der outpost vps aufsetzen. Ok, geht. Oh, da sieht man ja die ganzen ssh-bruteforces ... Prometheus draussen im Web aufmachen keine so gute Idee, aber will adminp0rn, gibt so schöne Dashboards.
Zwischendrin @oli nmap Terror machen geschickt, um die alerts zu testen 🤖
Bis halb 12 #headscale aufgesetzt mit ein paar Stolperern und jetzt ist besser mal Schluss für heute.
Up next: #tailscale IM docker
Fidel Ramos🇬🇧 New article in my blog: Self-hosted Tailscale, Part 2: Ad-blocking DNS
https://blog.fidelramos.net/software/tailscale-2-ad-blocking-dns
🇪🇦 Nuevo artículo en mi blog: Tailscale autoalojado, Parte 2: DNS con bloqueo de publicidad
https://blog.fidelramos.net/es/software/tailscale-2-ad-blocking-dns
Self-hosted Tailscale, Part 2: Ad-blocking DNS
In Part 1 I set up Headscale and had every tailnet client use Cloudflare DNS. That works, but it's leaving value on the table: every device that connects to my Tailscale gets whatever DNS servers I set, so I might as well run my own DNS server inside the private …
chfkch 
Be me.
Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
Config does not get spellchecked, just converted to yml.
Kandidm does not reciece pkce challenge.
Fight for hours over 4 weeks to finally decide to open the generated yml.
GG.
bitspookDo someone know why exactly do #bitwarden is forcing https on self-hosted servers? I have #vaultwarden behind #headscale already, and all the bitwarden clients are refusing to work (unless I stop them from updating). Seems like a dick move. #askfedi
🇬🇧 New article in my blog: Self-hosted Tailscale, Part 1: Headscale and clients
https://blog.fidelramos.net/software/tailscale-1-headscale-and-clients
🇪🇦 Nuevo artículo en mi blog: Tailscale autoalojado, Parte 1: Headscale y clientes
https://blog.fidelramos.net/es/software/tailscale-1-headscale-and-clients
Self-hosted Tailscale, Part 1: Headscale and clients
I had been hearing a lot of people raving about Tailscale as a solution for interconnecting devices, or in other words for creating your own mesh VPN. It does seem great on paper: easy to set up, fast and lightweight, based on an open protocol (WireGuard), works everywhere, solves the …
Super Owl#Tailscale was really decent, but I think #Headscale needs more time to mature