• 0 Posts
  • 7 Comments
Joined 2 years ago
cake
Cake day: June 25th, 2023

help-circle



  • sn0opy@lemmy.worldtoSelfhosted@lemmy.worldHow do you use Tailscale?
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I use Tailscale as is. Mainly to connect to my devices but also for fancy stuff like this:

    Some of my servers are only available via Tailscale. They don’t have any open ports to the internet. Even authentication to these servers via SSH is handled by Tailscale SSH.

    I have some SMB shares on my local server and I gave access to it to some friends via Tailscale by sharing said server and lock it down ACLs. So people that have “shared” access can only access the server via SMB’s ports.

    One more thing I wanted to use but then stopped screwing around with it: Tailscale Funnel. I wanted to access some local webservices on my server via the internet without connecting to Tailscale first but also without opening ports on my local router. The downside of Funnel: no custom domains (yet). This means I would have to use their Tailnet name instead. Instead I went with Cloudflare Tunnel.

    One more thing that was annoying with Funnel: I wanted to use tsnet for quick file shares via a very basic HTTP server. Tsnet created “virtual” machines within mail Tailnet which I could then funnel to the internet. Unfortunately, Tailnet DNS propagation is absurdly slow. It’s not really made for on-demand funnel usage. It would work just fine while being connected to the Tailnet via Tailscale, but not via Funnel over the internet.

    All in all, I’m super happy with Tailscale. Setting things up was so absurdly easy and it just works.



    • The Lounge (IRC Client)
    • Blocky (local DNS server with ad-blocking)
    • Tailscale (VPN mesh between clients and other servers)
    • Cloudflare-Tunnel (to access some local services directly from the internet via my own domain)
    • traefik (reverse proxy + TLS for all my services)
    • Authelia (auth server for services that don’t have their own authentication)
    • borgmatic (borg backup automation for container data. Pushing backups to borgbase.com)
    • paperless-ngx (document management system)
    • Plex (media server)
    • Tautulli (stats and tracking for Plex)
    • mosquitto (MQTT server)
    • zigbee2mqtt (service to manage my Zigbee devices)
    • Homebridge (service to get z2m devices into Homekit)
    • Homeassistant (home automation)
    • Prometheus (collect stats from several services above)
    • telegraf (more stats collection + server metrics collection)
    • Grafana (for some dashboards that I didn’t want to create in HA)
    • miniflux (RSS reader)
    • Linkding (bookmark manager)
    • Atuin (shell history sync server)
    • uptime-kuma (monitor some external servers + my local internet connection by pinging healthchecks.io)
    • redis (for paperless and some own projects)
    • postgres (for miniflux, atuin and some own projects)

    Everything is running in containers on an Unraid server

    • 24 TB usable (16 TB parity drive)
    • 1 TB nvme Cache Drive
    • Intel i3-12100T

    With disks at idle/spun down, it consumes roughly 25W.