faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nichts/nyx/docs/notes/2023-11-11-using-headscale.md
vali 7d4f626b7d added stuff
2024-04-09 23:11:33 +02:00

88 lines
2.6 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Notes for 11th of November, 2023
Today's main attraction is the Headscale setup on my VPS running NixOS, which
I've finally came around to self-host.
There has been much talk about this new product called Tailscale recently
around the web, especially in the last few years. Tailscale is a VPN
service that makes the devices and applications we own accessible anywhere
using the open source WireGuard protocol to establish encrypted point-to-point
connections. I have been using Tailscale for a while now, but in an effort
to move all of my services to self-owned hardware some of my services have
been moved over to my NixOS server over time.
Many of Tailscales components are open-source, especially its clients, but
the server remains closed-source. Tailscale is a SaaS product and monetization
naturally is a big concern, however, we care more about controlling our own data
than their attempts of monetization.
This is where the (very appropriately named) Headscale comes in; Headscale is
an open-source, self-hosted implementation of the Tailscale control server. The
configuration is extremely straightforward, as Headscale will handle everything
for us.
## Running Headscale
Below is a simple configuration for the Headscale module of NixOS.
```nix
services = let
domain = "example.com";
in {
headscale = {
enable = true;
address = "0.0.0.0";
port = 8085;
settings = {
server_url = "https://tailscale.${domain}";
dns_config = {
override_local_dns = true;
base_domain = "${domain}";
magic_dns = true;
domains = ["tailscale.${domain}"];
nameservers = [
"9.9.9.9" # no cloudflare, nice
];
};
ip_prefixes = [
"100.64.0.0/10"
"fd7a:115c:a1e0::/48"
];
};
};
};
```
## Using Headscale
We must first create a user, which we can do with
```console
headscale users create myUser
```
Then on the machine that will be our client, we need to login.
```console
tailscale up --login-server tailscale.example.com # replace this URL with your own as configured abovea
```
Followed by registering the machine.
```console
# machine key will be obtained visiting the URL that is returned from the above command
headscale --user myUser nodes register --key <MACHINE_KEY>
```
And finally logging into your Tailnet using the URL and your machine key.
```console
tailscale up --login-server https://tailscale.example.com --authkey <YOUR_AUTH_KEY>
```
And all done! Now try connecting to one of your machines using the hostname now
to test if the connection is actually working. If anything goes wrong, make
sure to check your DNS settings: remember, it's always the DNS.
Reference in a new issue View git blame Copy permalink