Heck yeah, we have a headscale helm chart now! On codeberg! :heart_cyber:
#headscale
@oecher_olli Ich würde sagen, Tailscale ist okay. Technisch sowieso, „moralisch“ auch. Du kannst es aber auch selbst hosten, nennt sich #Headscale. Ich mache genau das für HA und Vaultwarden.
I've been trying for 2 days now to #selfhost a #netbird server behind my existing #nginx proxy, to no avail. Meticulously followed instructions by the nice install script. Watched the very friendly Youtube video.
Opened an account on their support forum, but as a new user I am not allowed to tag my questions as being about self hosting.
Is my impression wrong that @netbird actively tries to hinder selfhosting? If so, what did I miss?
Has anybody else a working setup who would be able to share configuration?
I'd like to replace Tailscale, and rather than continuing to rely on its clients even when I use #headscale, Netbird seems to be the better option.
I have #headscale running now. I was also assured that I could run the #tailscale client on the control server and let it be an exit node.. So I did and apparently it's working (only after that I read in headscale FAQ this is not supported at all.. :( )
But let's say it's fine for a moment. Now I have configured a few nodes but, while for windows and linux ones I was able to allow LAN access, on Android there's no way of making it work.
Any tip?
OK, final update on the wireguard with fancy little web UI (with OIDC) saga! After like 4 days of tinkering, we've discovered there isn't anything that meets all our needs... yet!
Headplane is by far the most featureful and actively maintained, but it's like not quite there. It's a solid 90% there though! They're even working on an official helm chart! They need a bit more documentation and little bit more work on the OIDC and just a little bit more decoupling from headscale itself and then they're there! I'll absolutely be keeping an eye on the project.
In the meantime, I'm honestly really pleased to say that headscale has come a long way and supports OIDC in a nice way now! It really does feel a lot more like what you'd expect from a corporate VPN. It works well with zitadel and I'll definitely be adding the setup to smol-k8s-lab soon :3
I really appreciate the because with no further explanation 😂
We got headscale up using wrenix's chart!
https://codeberg.org/wrenix/helm-charts/src/branch/main/headscale
Now onto headplane! :heart_cyber:
Journey, to wireguard with fancy little UI (with OIDC), Day 2
- netmaker is closing source the OIDC feature :[
- netbird does not seem to work with zitadel despite every guide. Their helm chart is also many major versions out of date
- headscale + headplane? Maybe! We're gonna try this tomorrow and if it doesn't work out, we're back to CLI only wire guard users :cowboy_blob_shrug:
@roughnecks I wrote a series of blog posts about #Headscale. I hope you find them helpful.
https://www.lucasjanin.com/2025/01/03/headscale-tailscale-in-a-self-hosted-environment/
Does anyone have a nice tutorial for setting up and using #headscale ? I'm totally new to both head and tail-scale, so any practical tip would be useful, more than instructions on how to install or configure it, which are already documented.
..asking for a friend 🤥
Ah, 25.11 upgrade broke #HeadScale on #NixOS.
NovaAccess v1.1.0 ra mắt trên iOS: hỗ trợ login server tùy chỉnh cho Headscale, terminal Swift mới, quản lý SSH key, UI/UX redesign. Tính năng lõi: SSH terminal tự động phát hiện host, hỗ trợ Headscale, không thu thập dữ liệu. Gói Pro $5.99/năm (hoặc $14.99 trọn đời) thêm giám sát Linux, webview, SFTP, đa tailnet. Mã nguồn libtailscale mở. #iOS #Tailscale #Headscale #OpenSource #NovaAccess #VPN #SelfHost
https://www.reddit.com/r/selfhosted/comments/1qiqxvz/novaaccess_110_ios_client_for_tailscal
For those curious, I’ve already tried my own Headscale instance but the school blocks the domain that was hosted on too, so that had the same issue.
Anyone got any tips? I might add more to this when I’m at my computer and can type properly lol
RTs appreciated!! #tailscale
Je suis vraiment beaucoup trop amoureux de #Tailscale et #Headscale.
Den kalten Tag genutzt und #Navidrome installiert. Ok, nur ein paar Minuten vom kalten Tag, ging richtig schnell.
Als nächstes mal einen Blick auf #Tailscale werfen. Das passende #Headscale kommt auf den externen VPS.
Does anyone have a "setting up Headscale on Debian" how to written for barely literate idiots?
Tailscale đang trở thành tiêu chuẩn trong các hệ thống tự host, dù là phần mềm đóng. Liệu việc phụ thuộc vào một dịch vụ thứ ba có mâu thuẫn với tinh thần kiểm soát hoàn toàn dữ liệu? Dùng Tailscale tiện lợi, nhưng rủi ro nếu nó đổi sang mất phí hoặc shutdown? Headscale là lựa chọn thay thế mở hoàn toàn, nhưng chưa phổ biến bằng. Đâu là cân bằng giữa tiện ích và tự do? #Tailscale #selfhosting #homelab #mạnglướiriêng #Headscale #privacy #cybersecurity
Have tested #headscale and love it.
But: If your headscale server that has to run outside your tailnet on the public internet is compromised, the tailnet including all ACLs is compromised.
The authors just say that it's a you problem if you can't trust 'your own infrastructure'.
Sadly in this state headscale is just a elaborate bait and switch scheme for #tailscale.
Can't even use it for stuff with low security requirements because it will put the notebook i'm running the client on in danger.
I use #VaultWarden to manage my passwords. It runs locally (accessible only on my local network or via #Tailscale / #Headscale on the go) and I just found out that after the last update, the #Bitwarden clients on phone and Mac no longer sync with it. They require an HTTPS connection now (it worked with HTTP before as well). I do not disagree with that change, but it is some extra work now.
Time to set up a reverse proxy. I hope self-signed cert without a proper domain name will work.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst