dustinbucher2d ago
@caseyliss Currently I’m looking into having my life taking over by #Tailscale, any advice on how you set up your account with it? Did you go for OIDC or just one of the default providers (Apple, Google, Microsoft, etc.)? I was using Cloudflare Tunnels but it looks like Tailscale is a lot more scalable for my homelab needs
Show threadCasey Liss2d ago

@dustinbucher I used Apple as my provider. It has risks, of course, but seemed worth it to me.

In the past I used GitHub, and abandoning that and moving to Apple was basically as simple as logging all of my devices out and then back in. 🤷🏻‍♂️

Show threadSaul Sutherland

@caseyliss @dustinbucher relevant recommendation to you both. Use Apple, but add a passkey user as a backup admin.

It does occupy one user in your Tailnet, that’s 1 of 3 in the free tier.

#Tailscale

https://tailscale.com/docs/reference/tailnet-passkey-admin

Admin account with passkey login · Tailscale Docs

Proactively set up an admin user that can log in to your tailnet with a passkey, to mitigate against a future SSO lockout.

Tailscale
Mar 26 at 8:14pmIvory for iOS
Show threadAbraham Vegh2d ago

@thatsthequy @caseyliss @dustinbucher I forget exactly how I managed this end result, but I *really* didn’t want to use any external IDP, even though they really try to make you, but I think I ended up with a similar-ish config. I only use the @passkey tailnet, felt like the least-riskiest way to get there.

(I also run my own mail services, so I’m probably just a glutton for punishment either way.)