Recently set up Headscale with Headplane as the UI. It’s all docker compose based so I stuck it in a /etc/compose sub-folder of my vps running Fedora.
Configuring OpenID login was a bit tricky because I got an error when trying to do the auth grant, but the message was vauge. Took me a while to realise the error details were in the redirect back url.
Anyways, once done it was nice to use and I migrated all my Tailscale instances over.
No opinion on Debian but as a heavy ArchLinux user I should point out you shouldn’t upgrade without reading the news as occasionally manual intervention is required. Upgrades can and will break things if you’re not careful.
https://archlinux.org/news/openblas-0323-2-update-requires-manual-intervention/
https://archlinux.org/news/ansible-core-2153-1-update-may-require-manual-intervention/
https://archlinux.org/news/incoming-changes-in-jdk-jre-21-packages-may-require-manual-intervention/
Oh, Tailscale has been perfectly fine so far, been using it for over a year without issues. It’s just that the server side is proprietary and coming from previously managing Wireguard connections manually I still like the idea of a fully open source stack. Only got around to it recently because I had the free time, tbh.