It was relatively easy once I figured out that netbird doesn’t support a wildcard certificate. They just released and update that fixed that and they now support subdomains. I also do still have headscale as a backup if I need it.

Oh yeah I know. I’m mostly only able to use deep servers and that’s why I switched because j wanted to be able to use my own deep server and not have to rely on tailscales.

I actually had the opposite and the tailscale app would drain my battery when using one of my exit nodes. I will say the netbird app needs some love. My biggest issue is that it doesn’t stay connected or is able to reconnect when I change WiFi networks or go from WiFi to cellular.

I could never get the self hosted stun server to connect so I was always using tailscales derp servers. Netbird is also fully opensource so that was the main reason I wanted to switch. I was also able to easily setup SSO with authentic and netbird which gives me 2FA as well.

I just setup authentik in podman quadlet and got a lot of my services setup with it. Their documentation is actually very good and thorough. It covers a ton of services with easy to follow instructions.

Ok looks like I figured it out, turns out Netbird doesn’t like wildcard certificates, I spun up a quick NPM reverse proxy in docker and everything is now working fine using a certificate for netbird.mydomain.com instead of a wildcard cert like *.mydomain.com

I’ve been looking at this. I’m currently hosting headacale which is super easy and nice. I might give this a try I just need to get over the hurdle of adapting this to work with podman like I have with headscale. Anybody else running this via podman quadlets?