Headscale

Headscale is an open source, self-hosted implementation of the Tailscale control server.

View the synix NixOS module on Forgejo.

References

• Website
• GitHub
• Example configuration file

Setup

Set a CNAME record for your Headscale subdomain (headscale by default) pointing to your domain.

Config

{
  imports = [ inputs.synix.nixosModules.headscale ];

  services.headscale = {
    enable = true;
    openFirewall = true;
  };
}

Usage

Create a new user:

sudo headscale users create <USER>

Get the user's id:

sudo headscale users list

Create a pre auth key for that user:

sudo headscale preauthkeys create --expiration 99y --reusable --user <ID>

Give the user the pre-auth key.

Troubleshooting

Check if your ACL config is valid:

sudo headscale policy check --file PATH/TO/acl.hujson