https://blogs.law.harvard.edu/tech/rss https://this-is-fine.io/tags/tailscale/ Recent content in Tailscale on Fuchsbau https://this-is-fine.io/tags/tailscale/ https://source.unsplash.com/2000x1322/?fox 1440 Hugo 0.125.4 de-DE Wed, 20 May 2026 22:26:12 UT https://this-is-fine.io/posts/20251121-tailscale-headscale-mesh/ Fri, 21 Nov 2025 09:00:00 UT ff0x https://this-is-fine.io/posts/20251121-tailscale-headscale-mesh/ Tailscale builds a WireGuard mesh with little configuration. Headscale is an open control server for the same clients — you run policy and issue keys yourself. The lab does not use the Tailscale Kubernetes operator; a handful of Deployments and DaemonSets do the job instead. The goal is one tailnet for laptops and nodes, with Kubernetes APIs and internal HTTP on *.tif.internal without putting those names on the public internet. Self-hosting the control plane means you own ACL files, preauth keys, and MagicDNS base domains. The trade-off is operational work: upgrades, backups, and policy edits are yours. For a multi-cluster lab that already runs GitOps everywhere else, that trade-off is acceptable. Infrastructure