I love Tailscale but I am wary of allowing them access into my personal network. This way, I can use them for my stuff without my paranoia getting in the way, and I can recommend the hosted option for work, as it works perfectly.

I don't really understand how self-hosting headscale is actually any more secure. The control server needs a stable IP address, so I'd need to run it on a VPS or something, which means I'm still trusting a third-party to not mess with my network.

stavros

My home machine has a static IP, so I run it there. Does it need a static IP, or just a hostname?

yepguy

I guess it probably only needs a hostname. Although I'd still feel uneasy about running it at home, because I don't want any incoming connections to my home network unless it's over Tailscale, and headscale would need some kind of firewall exception.

Maybe headscale could run at home, served over a tunnel[1] to a VPS. But honestly, if I ever lost confidence in the trustworthiness of Tailscale the company, I would just connect my devices with some other overlay network like Yggdrasil[2] or Tor.

[1]: https://github.com/anderspitman/awesome-tunneling [2]: https://yggdrasil-network.github.io/