I wanted to move away from Tailscale but found Headscale a bit too convoluted for what I actually needed.
Ended up with a simple WireGuard setup using two VPSes: one as a VPN hub, the other acting as a reverse proxy back into my home lab.
It lets me expose services publicly without any inbound port forwarding on my home connection.
Gotcha, didn’t realize it was a blog post haha. As far as my personal experience, I never have to touch it. Once I did a dist-upgrade and broke it, but fixed it with a backup.