[wkat4242]

I'd want to run the console myself anyway.

If the admin console is run by them, it's pretty trivial for them or an attacker to add nodes to my network. Zerotier suffers from the same issue.

Tailscale is cool and the third party login is also a problem for me, but the hosted service in general is a much bigger core issue with it for me that not only affects privacy but also security.

[vlovich123]

You can host the independently implemented OSS version yourself: https://github.com/juanfont/headscale

For me the headache of running my and maintaining my own server isn’t worth it (+ would still require a GCP/AWS account)

[wkat4242]

Cool, I didn't know this existed. It seems to be a third party server similar to what vaultwarden does for bitwarden?

But why would it need a gcp or aws account? It could run on any vps right? I'd run it on something much cheaper like scaleway.

[bdemirkir]

It doesn't. You can run it on a VPS and you have an option to use SSO with OIDC integration.

[wkat4242]

No local logins? I don't really want that SSO stuff. Just a local username/pw combo would be perfect :)

[Operyl]

By default, headscale doesn't have a web interface/login as such and all configuration is done via the CLI on the server running headscale. So, your login is effectively PAM. You use authkeys etc to add machines.