Tailscale: Difference between revisions
imported>Mekanoe Adds userspace-networking method |
Malteneuss (talk | contribs) m Mention headscale |
||
| (One intermediate revision by the same user not shown) | |||
| Line 8: | Line 8: | ||
== Basic setup == | == Basic setup == | ||
You need to | |||
# make an account and login at https://login.tailscale.com (or self-host a compatible [https://github.com/juanfont/headscale Headscale] service; also available NixOS) | |||
# enable the Tailscale client app on your NixOS machine by adding <code><nowiki>services.tailscale.enable = true;</nowiki></code> and access tokens to your NixOS configuration. | |||
If you are using features like subnet routers or exit nodes you will also need to set <code><nowiki>services.tailscale.useRoutingFeatures</nowiki></code> to "server", "client" or "both" depending on the role of your machine. | If you are using features like subnet routers or exit nodes you will also need to set <code><nowiki>services.tailscale.useRoutingFeatures</nowiki></code> to "server", "client" or "both" depending on the role of your machine. | ||
== Split DNS: Access self-hosted services at your friends house as if you were there. == | |||
Tailscale support "Split DNS" where you can access local services (not exposed to the internet) on a different network (e.g. you friend's house) as if you are in that local network. | |||
See KTZ Systems Split DNS overview: https://www.youtube.com/watch?v=Uzcs97XcxiE | |||
Combined with Let's Encrypt using the "DNS-01" challenge you can get browser-trusted HTTPS certificates for local services (not exposed to the internet) and access them with Tailscale from anywhere. | |||
See Wolfgang's Channel Local HTTPS overview: https://www.youtube.com/watch?v=qlcVx-k-02E | |||
== Configuring TLS == | == Configuring TLS == | ||