This project started a long time before the fiber project but after I did some stuff with wireguard. While I had things setup on my various devices, I couldn’t quite get things to work for my wife and had issues/annoyances with shifting networks. Everyone’s been talking a storm about Tailscale but I’ve put it off because there was no self-hosted option…until recently…or at least recently in me finding it.

Headscale has been really easy to get up and running. They don’t like you to it in docker, but it works alright for my needs. I also ended up running another couple of DERP servers “closer to home” to reduce ping/lag.

Headscale compose.yml

services:
  headscale:
    image: headscale/headscale
    restart: unless-stopped
    ports:
      - "127.0.0.1:9090:9090"
      - "0.0.0.0:3478:3478/udp"
      - "[::]:3478:3478/udp"
    volumes:
      - "${PWD}/headscale-conf:/etc/headscale"
    command: serve

Derp compose.yml. For certificates, I make use of certbot with the dns verification plugin.

derp:
    image: ghcr.io/slchris/derp-server:v1
    restart: unless-stopped
    ports:
      - "3443:3443"
      - "3479:3479/udp"
      - "3478:3478/udp"
    environment:
      - DERP_CERT_MODE=manual
      - DERP_DOMAIN=derp.example.com
      - DERP_ADDR=[::]:3443
      - DERP_STUNPORT=3478
    volumes:
      - /etc/letsencrypt/live/derp.example.com/fullchain.pem:/app/certs/derp.example.com.crt:ro
      - /etc/letsencrypt/live/derp.example.com/privkey.pem:/app/certs/derp.example.com.key:ro

Headaches

The only headache I’ve had so far was that recently I started losing connection to things randomly and then it’d come back just as randomly. I eventually figured out that the cause was that one of the DERP server’s letsencrypt certificate was old. Restarting the docker image fixed that and I haven’t had any problems since.