mirror of https://github.com/khuedoan/homelab.git synced 2025-01-13 00:04:46 +07:00

Khue Doan 2cd8a249b6 refactor!: replace ZeroTier with Tailscale and Wireguard

- Tailscale UX is better, and the Headscale control server is also
  easier to self-host than ZeroTier (although Headscale is not the
  official control server, the author now works at Tailscale)
- Wireguard is also added as an alternative to avoid relying on a
  third-party service, however it requires port-forwarding

2024-04-18 20:11:18 +07:00

1.6 KiB

Raw Blame History

VPN setup

You can choose between Tailscale, Wireguard, or use both like me.

Tailscale (requires third-party account)

Get an auth key from Tailscale admin console:

Description: homelab
Reusable: optionally set this to true

Add it to external/terraform.tfvars as an extra secret:

extra_secrets = {
  tailscale-auth-key = "tskey-auth-myauthkeyhere"
}

Apply the secret:

make external

Finally, enable subnet routes for homelab-router from the admin console.

You can now connect to your homelab via Tailscale and invite user to your Tailscale network.

Wireguard (requires port-forwarding)

Update the peer list in apps/wireguard/values.yaml:

PEERS: |
  UserDevice
  FooPhone
  FooLaptop
  BarDesktop

Go to your router settings and forward the Wireguard service. Each router is different, here's mine for reference:

Protocol: UDP
Start Port: 51820
End Port: 51820
Local IP Address: 192.168.1.226 (find it with kubectl get service -n wireguard wireguard)
Start Port Local: 51820
End Port Local: 51820

To get the QR code (for mobile) and config (for desktop), run:

!!! warning

This command will print sensitive secrets to the terminal.

./scripts/get-wireguard-config FooPhone

1.6 KiB Raw Blame History

VPN setup

Tailscale (requires third-party account)

Wireguard (requires port-forwarding)

1.6 KiB

Raw Blame History