Templatesheadscale
networking
headscale
Self-hosted Tailscale control server — manage your own WireGuard mesh VPN with the full Tailscale client ecosystem but zero vendor lock-in.
networkingsecurityutilitiesPostgreSQL
What gets deployed
Web
headscale server
PostgreSQL
managed database
GitHub stars24,000
About
Self-hosted Tailscale control server — manage your own WireGuard mesh VPN with the full Tailscale client ecosystem but zero vendor lock-in.
Managed services
- PostgreSQLTCP:5432
Environment Variables
| Variable | Description | Required |
|---|---|---|
| HEADSCALE_LISTEN_ADDR | Default: 0.0.0.0:8080 | Optional |
| HEADSCALE_SERVER_URL | Default: {{KUBERO_APP_URL}} | Optional |
| HEADSCALE_PRIVATE_KEY_PATH | Default: /var/lib/headscale/private.key | Optional |
| HEADSCALE_NOISE_PRIVATE_KEY_PATH | Default: /var/lib/headscale/noise_private.key | Optional |
| HEADSCALE_PREFIXES_V4 | Default: 100.64.0.0/10 | Optional |
| HEADSCALE_PREFIXES_V6 | Default: fd7a:115c:a1e0::/48 | Optional |
| HEADSCALE_DNS_OVERRIDE_LOCAL_DNS | Default: false | Optional |
| HEADSCALE_DNS_MAGIC_DNS | Default: false | Optional |
| HEADSCALE_DERP_URLS | Default: https://controlplane.tailscale.com/derpmap/default | Optional |
| HEADSCALE_DATABASE_TYPE | Default: postgres | Optional |
| HEADSCALE_DATABASE_POSTGRES_HOST | Default: {{KUBERO_APP_NAME}}-postgresql-rw | Optional |
| HEADSCALE_DATABASE_POSTGRES_PORT | Default: 5432 | Optional |
| HEADSCALE_DATABASE_POSTGRES_NAME | Default: headscale | Optional |
| HEADSCALE_DATABASE_POSTGRES_USER | Default: headscale | Optional |
| HEADSCALE_DATABASE_POSTGRES_PASS | Default: headscale | Optional |
Deploy headscale
One click to deploy a fully configured headscale instance with all dependencies pre-wired.
Deploy NowReady to deploy headscale?
No infrastructure to manage. Just connect your repo and go live in seconds.