Using headscale for your home networks

30 Aug 2022

Tailscale is a software defined mesh virtual private network (VPN) on top of WireGuard. It's all open source except the control server (and GUI clients for proprietary OS).

I don't care about GUI clients but the control server manages key distribution and I don't like to have an external entity with all this power on my machines.

headscale to the rescue

headscale is an open source, self-hosted implementation of the Tailscale control server. I deployed it writing and then using this ansible role with Nginx as reverse proxy.

I have something like this:

- hosts: my-server
  vars:
    headscale_base_domain: headscale.example.org
    headscale_listen_addr: 127.0.0.1:8080
  roles:
    - eriol.kit.headscale

If you want install my ansible collection you can follow the instructions provided here.