Self Hosting Log - 005 - Tailscale

Contender for one of my favourite tools ever

One of the issues I grappled with initially starting this hobby was around access. One of the tenants of self hosting, is control of the hardware. Now, some are content with that control being on a virtual level with VMs on cloud. Others, say that should be bare metal hardware you own and operate. I kind of went in the middle with all of this, by getting a remote, bare metal server. Of course I can’t prevent someone in the data centre just walking over and plugging in directly, but it was still nice to know I was the only one in that machine.

I would of preferred to build my own system, but I was afraid to poke holes in my routers firewall. From a cost perspective even the upfront cost of hardware and a year of power would be cheaper than what I spend per month on my server. For transparency, over the course of a year I will have paid 1728 EUR for this server. But my knowledge at the time just had me too spooked to even attempt a self build. But, during another episode of the Self Hosted Show they talked about Tailscale. When I say this could be one of the best things ever, I really mean it.

So what is it? You can look at the website for the nitty gritty but in short, it’s a Wireguard based overlay VPN network. Wireguard is a super reputable VPN technology, but I believe can be a bit overwhelming for a first time user, happy to be proven wrong there but that was just the vibe I got from others. But, as you connect devices to your Tailscale network, they appear to each other as if they’re just on a LAN which is really, really cool. For example, Gitlab reports that my runner is accessible over the Tailscale IP, so any traffic to and fro just use Tailscale. The icing on the cake for me with all this though, is that it’s identity based access. So, you can choose between I think it’s Google, Github and Microsoft (so, Google or Microsoft :P ) as your identity provider on a personal plan. So when you need to add a new device to Tailscale or trying to join the network, you just authenticate with your account details and it just works!

There’s a lot more cool things you can do with Tailscale that I’ve been meaning to implement. You can configure exit nodes so it functions as a more traditional VPN, you can set a device running Pi Hole to be your DNS server for the entire Tailscale network so no matter where you go you have that ad blocking. It’s been really really nice, I’m slowly transitioning all my devices and machines to Tailscale, so I’m hoping this will lead to less reliance on firewall hole poking for my services. Especially when I start to build my own local Compute footprint at home, later in 2022!