2024-08-16
The homelab itself is quite humble. I have a 2TB Pentium J3710 based not-very-tiny box that runs 24/7. Its used as a seedbox for a couple of private trackers I'm in, for streaming movies (and sometimes music) to my laptop or TV, as a wireguard spoke that is used to pivot into my home LAN, etc It runs the services, most of which I use every day such as:
Over the course of the last ~3 years (2020-2023) I've spent a decent amount of time trying out different (arguably) open-source (arguably) self-hostable offerings. For performance analysis.
Here are some of my thoughts:
Wireguard: The best of them all. Provides the best reliablity at the cost of its limiting (default) hub-spoke network architecture which does often tend to saturate my hub on a good day. Not much to say about it other than it just works. Its slow but you cant punch a hole to your remote service if your VPN just fails, can you?
Lacks an official GUI but has excellent community projects such as WGDashboard and wg-easy.
Tailscale client/Headscale co-ordinator: User-experience and technical abstraction done (almost) right. Its probably the best thing when you want to go for a zero-config hole-punching setup. Pretty much breaks when being used from behind a corporate firewall but can fall back to a relay. It was my primary VPN till a catastrophic failure in the Android app occured which lead to loss of connection (and configuration data) on the device.
Headscale is a good reference implementation but is extremely neutered due to it being primarily maintained by tailscale employees, hence directly being directly in conflict with business objectives. It exists only to create good-will in the userbase than to offer a good product. Artificial limitations are imposed, probably to increasingly annoy self-hosters and drive them to use 'their' solution. Documentation for self-hosting the relay servers is also strongly worded to discourage self-hosting, which was also a great letdown.
Nebula: It could've been much better but it is again another such case of startup-brain syndrome (no less can be expected from something that comes out of Slack). The developers leave out implementations of critical features such as IP address management or even an intuitive CLI to push users to their 'managed VPN' SaaS. It works but requires a excruciatingly great deal of effort which is just very slightly reduced if you use unsupported third-party scripts in your pipeline. Closest competitor to Headscale if not better.
Some trackers I'm in: