Headscale is a FOSS alternative to tailscale. Its basicly a copy of the server tailscale uses, thus you can use the tailscale client to connect to it.
Ill quickly describe how i installed it, where you can find resources and cover my process to add a device/server to the network.
Installation
I tried to install it via the official documentation and failed to get it working, thus I simply switched to the community provided docker setup.
The official tutorial is here: Running headscale in a container
You have to provide a config file, read what the options do! If you have a different provider for your SSL-Certificates, ensure that you remove the ACME config. Comment it or remove it, ensure that the variable-names dont appear in the file.
You should now have a running instance. Continue to Configuration!
Configuration
Since traefik does my SSL-Certificates, my ACME part is deactivated. I have DNS activated and left basicly everything else as wanted in the tutorials.
For your firewall, you dont have to allow anything besides the normal web-ports.
Since I am running this in a container, I need the docker-commands to create new users/devices and similar stuff. serversattho.me did a great job writing them down:
Adding a device
This is specific to my little world. If you want to join my network, please write me and ill provide you with a Pre-authenticated key. You can then login with this key, as shown in this tutorial: Pre authenticated key
Since I have the local DNS activated, other services like Treafik-Proxy can then route to your device with the “dynamic” headscale ip.