Lmst

✅ HeadScale configured to use OIDC
❌HeadPlane configured to use OIDC¹

¹ i need to set up HeadPlane anyway and thus, i need to set up my server to use flakes

#HeadScale #HeadPlane #TailScale #NixOS #OIDC

OK, final update on the wireguard with fancy little web UI (with OIDC) saga! After like 4 days of tinkering, we've discovered there isn't anything that meets all our needs... yet!

Headplane is by far the most featureful and actively maintained, but it's like not quite there. It's a solid 90% there though! They're even working on an official helm chart! They need a bit more documentation and little bit more work on the OIDC and just a little bit more decoupling from headscale itself and then they're there! I'll absolutely be keeping an eye on the project.

In the meantime, I'm honestly really pleased to say that headscale has come a long way and supports OIDC in a nice way now! It really does feel a lot more like what you'd expect from a corporate VPN. It works well with zitadel and I'll definitely be adding the setup to smol-k8s-lab soon :3

#headplane #headscale #wireguard

I really appreciate the because with no further explanation 😂

#headplane #headscale

screenshot of the OIDC section from the example config file for headplane that says:

The client ID for the OIDC client. For the best experience please ensure this is *identical* to the client_id you are using for Headscale. because

# client_id: "your-client-id"

We got headscale up using wrenix's chart!

https://codeberg.org/wrenix/helm-charts/src/branch/main/headscale

Now onto headplane! :heart_cyber:

#headscale #headplane #helm #k8s

@ledeuns @ChrisRichner

#headscale + #headplane #Tailscale :-)

Finally i got #HeadPlane working with my #Nix flake. Now i "just" need to create a systemd unit so i can include it as a service (currently its started manually for testing).

#HeadScale #NixOS

Okay so i got #Headplane running manually (non-nix) on my #NixOS host, but i fail to write a working package flake.
Why oh why does it have to be a #PNPM application. The wiki does not help much either.
Did any of you know of an app where i can get inspired? Or has done it themselves?
I am so close.

I updated my #Headscale and #Tailscale blog post with additional information about the Nginx Proxy Manager section (PiHole with wildcard DNS) and an improved ACL diagram that I believe is clearer and more accurate.

English: https://www.lucasjanin.com/2025/01/03/headscale-tailscale-in-a-self-hosted-environment

Français: https://www.lucasjanin.com/2025/01/03/headscale-et-tailscale-dans-un-enviroment-auto-heberge

#VPN #Headplane #ACL #NginxProxyManager #Synology #HomeAssistant #selfhosted #selfhosting #homelab

Mon explortation avec #Headscale et #Tailscale est documenté sur mon blog. J'y discute des différences entre un serveur #VPN et Tailscale, Headscale, la configuration de Docker Compose, l'interface #Headplane, le contrôle d'accès via #ACL, l'intégration avec #NginxProxyManager, les nœuds de sortie, les routes et l'installation sur macOS, iOS, Linux, Debian, Proxmox LXC, #Synology NAS et #HomeAssistant.

#selfhosted #selfhosting
https://www.lucasjanin.com/2025/01/03/headscale-et-tailscale

My journey with #Headscale and #Tailscale is documented on my blog. I discuss the differences between a #VPN server and Tailscale, Headscale, Docker Compose configuration, #Headplane interface, access control through #ACL, integration with #NginxProxyManager, exit nodes, routes, and installation on macOS, iOS, Linux, Debian, Proxmox LXC, #Synology NAS, and #HomeAssistant.

Note that I will not cover OIDC authentication at this time.

#selfhosted #selfhosting #homelab

https://www.lucasjanin.com/2025/01/03/headscale-tailscale/

Je finalise un nouveau billet en français pour mon blog sur mon déploiement de #Headscale et #Tailscale dans mon #homelab. #selfhosted #selfhosting #VPN et Tailscale, Headscale, Docker Compose, #Headplane, contrôle d'accès via ACL, intégration avec Nginx Proxy Manager, et plus encore. Je ne couvrirai pas encore l'authentification OIDC.

Faites-moi savoir si vous avez des questions spécifiques ou d'autres sujets que vous aimeriez que j'aborde.

#selfhosted #selfhosting

Graphique de ma configuration ACL pour restreindre l'accès aux nodes Tailscale

I'm working on a new blog post about my deployment of #Headscale and #Tailscale in my #homelab for early 2025. I will discuss the differences between a #VPN server and Tailscale, Headscale, Docker Compose configuration, #Headplane, access control through ACL configuration, integration with Nginx Proxy Manager, and more. Please note that I will not cover OIDC authentication yet.

Let me know if you have any specific questions or other topics you would like me to address.
#selfhosted #selfhosting

My ACL map to limit the access between the Tailscale nodes.

@meep Yep!
FYI, I’m using #headplane for the web interface of #headcale.

@train I love #headscale and I’m using #headplane. It’s very stable. I don’t feel limited, but I never used #tailscale server.

https://github.com/tale/headplane

#headplane

Client Info